Nginx-websocket代理每个套接字使用三个连接

我正在尝试创建一个Nginx配置，该配置将作为传入websocket连接的代理（主要用于SSL卸载），但我遇到了连接限制。我遵循了几条指南和SO的答案，以适应更多的联系，但一些奇怪的事情引起了我的注意。我目前有18K个客户端连接，当我在Nginx机器上运行ss -s时，这是报告：

Total: 54417 (kernel 54537)
TCP:   54282 (estab 54000, closed 280, orphaned 0, synrecv 0, timewait 158/0), ports 18263
Transport Total     IP        IPv6
*         54537     -         -
RAW       0         0         0
UDP       1         1         0
TCP       54002     36001     18001
INET      54003     36002     18001
FRAG      0         0         0

我知道怎么会有36K个IP连接，但我不知道这些额外的IPv6连接来自哪里。我在扩展到25K以上的连接时遇到了问题，我认为部分原因是每个套接字都设置了三个连接。所以，我的问题是：有人知道这些额外的连接来自哪里吗

整个系统在Kubernetes集群中运行，配置如下：

nginx.conf:

user  nginx;
worker_processes  auto;
worker_rlimit_nofile 500000;
error_log  /dev/stdout warn;
pid        /var/run/nginx.pid;
# Increase worker connections to accommodate more sockets
events {
  worker_connections  500000;
  use epoll;
  multi_accept on;
}
http {
  include       /etc/nginx/mime.types;
  default_type  application/octet-stream;
  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';
  access_log  off; # don't use it, so don't waste cpu, i/o and other resources.
  tcp_nopush     on;
  tcp_nodelay on;
  include /etc/nginx/conf.d/*.conf;
}

proxy.conf（包含在conf.d中）：

  server {
    listen 0.0.0.0:443 ssl backlog=100000;
    # Set a big keepalive timeout to make sure no connections are dropped by nginx
    # This should never be less than the MAX_CLIENT_PING_INTERVAL + MAX_CLIENT_PING_TIMEOUT in the ws-server config!
    keepalive_timeout 200s;
    keepalive_requests 0;
    proxy_read_timeout 200s;
    ssl_certificate           /app/secrets/cert.chain.pem;
    ssl_certificate_key       /app/secrets/key.pem;
    ssl_prefer_server_ciphers On;
    ssl_protocols TLSv1.2;
    location / {
      proxy_pass          http://127.0.0.1:8443;
      proxy_http_version  1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
    }
  }

我还在Unix中设置了以下选项：

/etc/sysctl.d/custom.conf:

fs.file-max = 1000000
fs.nr_open = 1000000
net.ipv4.netfilter.ip_conntrack_max = 1048576
net.core.somaxconn = 1048576
net.ipv4.tcp_max_tw_buckets = 1048576
net.ipv4.ip_local_port_range 1024 65000
net.ipv4.tcp_max_syn_backlog = 3240000
net.nf_conntrack_max = 1048576
net.ipv4.tcp_tw_reuse= 1
net.ipv4.tcp_fin_timeout= 15

/etc/security/limits.d/custom.conf:

root soft nofile 1000000
root hard nofile 1000000
* soft nofile 1000000
* hard nofile 1000000