Allow linux to support 0.5 million users

Let linux support 0.5 million users-Linux Enterprise applications-Linux server application information. The following is a detailed description. To support over 500 k users, you * need *

-A 64 bits hardware/kernel (AMD64, Opterons)
-At least 8 GB of ram
-A recent linux kernel (2.6.x)

About tuning, I prefer to not fully disclose them because servers are targets of specified attacks, so it's better not help hackers.

The most touchy thing is the IP route cache: You have to tune it or else the machine drops many ons

(Hint: rhash_entries =... in the boot append string)
Hints:
Echo 1>/proc/sys/net/ipv4/route/gc_interval

If the value is 60, the smaller the value, the faster the cache will be released.
Indicates that the cache records the current information, such as gateway.
If the gateway recorded in the cache is disconnected,
And the reflush time of the cache is still so long that the connection will become invalid.
So let's take a look at the downgrading of the value.
Echo 150>/proc/sys/net/ipv4/route/gc_timeout
Delay in refreshing the route Buffer
Echo 2>/proc/sys/net/ipv4/route/gc_elasticity
Delay in refreshing the route Buffer

-Use of hugeTLB pages
Hint:
Echo xxx>/proc/sys/vm/nr_hugepages
The set size is based on the number of pages. Xxx = 64; 200; 1536.

Tune tcp:
Echo "4096 49152 131072">/proc/sys/net/ipv4/tcp_wmem
Defines the memory used by each socket for automatic optimization. The first value is the minimum number of bytes allocated for the socket sending buffer. The second value is the default value (which will be overwritten by wmem_default). The buffer can be increased to this value when the system load is not heavy. The third value is the maximum number of bytes in the sending buffer space (this value will be overwritten by wmem_max ).

Echo xxxx>/proc/sys/net/ipv4/tcp_max_syn_backlog
The maximum number of connection requests that have not received confirmation from the client. For systems with 1024 MB of memory, the default value is 128, while for systems with small memory, the value is. If the server is overwhelmed, increase the value. Note! If you set this value to be greater than 1024, it is best to adjust TCP_SYNQ_HSIZE in include/net/tcp. h at the same time to ensure that TCP_SYNQ_HSIZE * 16 ≤ tcp_max_syn_backlog

Echo xxxx>/proc/sys/net/core/somaxconn
Echo 1024>/proc/sys/net/core/somaxconn
The default value is 128.
This value cannot increase the maximum number of connections of the system, but can increase the number of tcp connections initiated by system colleagues.
If the connection fails due to a large number of concurrent connections in the system network, the adjustment should be effective.

Echo 1200000>/proc/sys/net/ipv4/tcp_max_tw_buckets
The system also maintains the maximum number of timewait sockets. If this number is exceeded, the time-wait socket is immediately cleared and a warning message is printed.

Echo 7>/proc/sys/net/ipv4/tcp_retries2
The number of retries before killing an active TCP connection. RFC 1122 requires that the limit be longer than 100 seconds. The value is too small. The default value is 15, which is equivalent to 13 ~ 30 minutes

Echo "600000 650000 700000">/proc/sys/net/ipv4/tcp_mem
Determine how the TCP stack reflects memory usage. The unit of each value is a memory page (usually 4 kb ). The first value is the lower limit of memory usage. The second value is the maximum application pressure on the buffer zone in memory pressure mode. The third value is the upper limit of memory. At this level, messages can be discarded to reduce memory usage. For larger BDP values, you can increase these values (but remember that the unit is the memory page, not the byte ).

Echo 0>/proc/sys/net/ipv4/tcp_timestamps
Enable RTT computing with a more precise method (see RFC 1323). This option should be enabled for better performance.

Echo 0>/proc/sys/net/ipv4/tcp_window_scaling
A larger TCP window is supported. If the maximum number of TCP windows exceeds 65535 (64 KB), this value must be set to 1.
Generally, TCP/IP allows a window size of 65535 bytes. For a network with a high speed, this value may be too small. This option allows you to set the window size of the Upper G bytes, which is useful in environments with high bandwidth * latency. Once the kernel considers it unable to send a packet, it will discard the packet and send an ICMP notification to the packet sending host.

Echo 0>/proc/sys/net/ipv4/tcp_sack
This feature is especially applicable to the use of selective ACK for lost data packets, which helps rapid recovery.

Echo 330000>/proc/sys/net/ipv4/tcp_max_orphans
Which TCP sockets are not attached to any user manual handle? The maximum number that the system can process. What if the number is exceeded? So these unattended connections will be reset immediately (reset )? A warning message is displayed. Is this restriction set? To defend against simple DoS attacks? Do not rely on this or artificially reduce this limit? But? What if the network conditions need to be greater than the preset values? And adjust the network service to get the delay and forcibly cut off this kind of status? You can increase it (or increase the memory ). Remind me again? Every such orphan consumes 64 KB of memory that cannot be replaced.

Echo "10000 62000">/proc/sys/net/ipv4/ip_local_port_range
The port range used for outbound connection. By default, it is actually very small: 1024 to 4999.

Others:
Echo 1300000>/proc/sys/fs/file-max
Maximum number of opened files in the system