Optimized recording of TCP connection configuration under Linux (reproduced)

1.Linux System setup Optimization, vi/etc/sysctl.conf, add the following content

sysctl.conf Code

2. Fs.file-max = 65535
4. Kernel.pid_max = 65536
8. Net.ipv4.tcp_syncookies = 1
10. Net.ipv4.tcp_synack_retries = 2
12. Net.ipv4.tcp_syn_retries = 2
14. Net.ipv4.tcp_timestsmps = 0
16. Net.ipv4.tcp_tw_reuse = 1
18. Net.ipv4.tcp_tw_recycle = 1
20. Net.ipv4.tcp_fin_timeout =
24. Net.ipv4.tcp_keepalive_time =
26. Net.ipv4.ip_local_port_range = 10000 65535
28. Net.ipv4.tcp_max_syn_backlog = 8192
30. Net.ipv4.tcp_max_tw_buckets =
34. Net.ipv4.tcp_wmem = 8192 436600 873200
36. Net.ipv4.tcp_rmem = 32768 436600 873200
38. Net.ipv4.tcp_mem = 94500000 91500000 92700000
40. Net.ipv4.tcp_max_orphans = 3276800
46. Net.core.netdev_max_backlog = 32768
48. Net.core.somaxconn = 32768
50. Net.core.wmem_default = 8388608
52. Net.core.rmem_default = 8388608
54. Net.core.rmem_max = 16777216
56. Net.core.wmem_max = 16777216

After saving:
Sysctl-p/etc/sysctl.conf//role: Reload/etc/sysctl.conf file

The relevant parameters are described as follows:

# TCP and memory optimization
# increase TCP max buffer size setable using setsockopt ()
#it ' s already auto-tuned very well by Linux based on the amount of RAM.
#net. Ipv4.tcp_mem = 94500000 915000000 927000000
Net.ipv4.tcp_rmem = 4096 87380 8388608
Net.ipv4.tcp_wmem = 4096 87380 8388608
Net.ipv4.tcp_max_orphans = 3276800
Net.ipv4.tcp_timestamps = 1
Net.ipv4.tcp_synack_retries = 2
Net.ipv4.tcp_syn_retries = 2
#表示SYN队列的长度, the default is 1024, and the queue length is 8192, which can accommodate more network connections waiting to be connected.
Net.ipv4.tcp_max_syn_backlog = 65536
#表示开启SYN Cookies. When there is a SYN wait queue overflow, cookies are enabled to protect against a small number of SYN attacks, the default is 0, which means close;
Net.ipv4.tcp_syncookies = 1
#表示开启重用. Allows time-wait sockets to be re-used for new TCP connections, which defaults to 0, which means shutdown;
Net.ipv4.tcp_tw_reuse = 1
#表示开启TCP连接中TIME-wait Sockets Fast Recovery, default is 0, indicating off;
Net.ipv4.tcp_tw_recycle = 1
#修改系統默认的 timeout time.
Net.ipv4.tcp_fin_timeout = 30
#表示当keepalive起用的时候, the frequency at which TCP sends keepalive messages. The default is 2 hours, which is changed to 20 minutes.
Net.ipv4.tcp_keepalive_time = 1200
#表示用于向外连接的端口范围. Small by default: 32768 to 61000, 10000 to 65000. (Note: Do not set the minimum value too low, otherwise it may take off the normal port!) ）
Net.ipv4.ip_local_port_range = 10000 65000
#表示系统同时保持TIME_WAIT的最大数量, if this number is exceeded, time_wait is immediately cleared and the warning message is printed. The default is 180000, which changes to 6000. For Apache, Nginx and other servers, the parameters of the last few lines can be a good way to reduce the number of time_wait sockets, but for Squid, the effect is not small. This parameter can control the maximum number of time_wait and avoid the squid server being dragged to death by a large number of time_wait.
Net.ipv4.tcp_max_tw_buckets = 6000

2. Modify the operating system Ulimit limit, vi/etc/security/, add the following two lines (the larger the number of small dot problem):

limits.conf Code

1. * Soft Nofile 65535
2. * Hard Nofile 65535

3. About Ulimit Command reference: http://www.ibm.com/developerworks/cn/linux/l-cn-ulimit/

Optimized recording of TCP connection configuration under Linux (reproduced)