TCP Tweaks
Linux TCP/IP kernel tuning can improve how your server behaves under high connection churn and bursty traffic. These settings matter most when the origin server (not just a CDN) must accept lots of concurrent connections, like WooCommerce checkouts, AJAX-heavy pages, and APIs.
Kernel tuning is workload- and kernel-version-dependent. Apply changes on staging first, change one thing at a time, and keep a rollback plan. Some parameters (like TCP Fast Open and TIME_WAIT reuse) can have compatibility trade-offs.
Default TCP settings are often conservative. Raising backlog limits (and aligning them with your web server/app settings) can help avoid connection drops during bursts.
Critical TCP Parameter Manipulations
Recycling Dead Sequences (net.ipv4.tcp_tw_reuse)
sysctl -w net.ipv4.tcp_tw_reuse=1
- Technical Concept: Instantly re-allocates old sockets stagnating in the
TIME_WAITsuspension state. - Operational Value: Can reduce exhaustion of ephemeral ports and
TIME_WAITbuildup under high churn, depending on kernel/workload.
Enforcing TCP Fast Open (net.ipv4.tcp_fastopen)
sysctl -w net.ipv4.tcp_fastopen=3
- Technical Concept: Allows data to be exchanged during the SYN handshake when supported.
- Operational Value: Can reduce latency for some connection patterns. (
3enables both incoming and outgoing support.)
Expanding the Maximum Backlog Socket Limit (net.core.somaxconn)
sysctl -w net.core.somaxconn=65535
- Technical Concept: Alters the absolute physical ceiling dictating the depth of the queued/pending connections array before discarding packets.
- Operational Value: Raises a common default (often
128) so the server can queue more incoming connections during bursts.
Expanding The Half-Open Limits (net.ipv4.tcp_max_syn_backlog)
sysctl -w net.ipv4.tcp_max_syn_backlog=8192
- Technical Concept: Increases the buffer for half-open connections (SYN received, handshake not completed).
- Operational Value: Helps the server tolerate SYN floods and sudden bursts of legitimate connection attempts.
System Persistence Protocol
Values set with sysctl -w do not persist across reboot. Save settings in configuration (for example /etc/sysctl.conf or a file under /etc/sysctl.d/) and reload them.
cat <<EOF | sudo tee -a /etc/sysctl.conf
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_fastopen=3
net.core.somaxconn=65535
net.ipv4.tcp_max_syn_backlog=8192
EOF
Apply the persisted configuration without rebooting:
sudo sysctl -p
Situational Impact Mapping
| Server Taxonomy | Optimization Urgency | Deployment Reasoning |
|---|---|---|
| Heavily Cached Publishers | Optional / Low Priority | Cloudflare Edge networks intercept 99% of raw connections; WordPress origin sockets remain practically abandoned. |
| Active Storefronts (WooCommerce) | High | Helps reduce connection drops during traffic spikes and checkout bursts. |
| Enterprise API Gateways | High | API traffic patterns often create high connection churn; backlog sizing can matter. |
| Tiny Sub-512MB RAM Containers | Restrict/Avoid | Expanding TCP backlog tables theoretically redirects micro-amounts of RAM away from crucial PHP-FPM worker instances blindly. |
Common Mistakes & Mitigation Strategy
| Configuration Failure | Triage Symptom | Professional Rectification |
|---|---|---|
| Inadequate System Integration | "Connection Refused" | You drastically elevated tcp_max_syn_backlog but ignored configuring somaxconn accurately. Execute both synchronously. |
| Extreme socket starvation | TIME_WAIT floods during bursts | Confirm your changes persisted and match your workload. |
| Legacy client issues | Occasional handshake/connect problems | If enabling TCP Fast Open causes issues, consider reducing scope (for example tcp_fastopen=2) and retest. |
Target Quick Reference
TCP Verification Checklist
After applying changes, verify the live kernel values and observe connection state counts.
# Prove all designated TCP edits correctly engaged natively into the core kernel loop
sysctl -a | grep tcp_tw
# Analyze massive raw system counts of hanging TIME_WAIT states internally
netstat -an | grep TIME_WAIT | wc -l