[record] optimize kernel parameters of Linux to improve server concurrency processing power

Optimize kernel parameters of Linux to improve server concurrent processing power
PS: In the case of limited server hardware resources, the maximum performance of the squeeze server, improve the server's concurrency processing power,
is a problem that many OPS technicians think about. To improve the load capacity of Linux systems, you can use native concurrency processing such as Nginx
The ability to have a strong Web server, if using Apache can enable its worker mode, to improve its concurrency processing power. Except
In addition to this, the kernel-related TCP parameters of Linux can be modified to maximize server performance when considering cost savings.
Of course, the most basic to improve the load problem, or upgrade the server hardware, this is the most fundamental.
Under Linux systems, when a TCP connection disconnects, it retains a certain amount of time in the TIME_WAIT state before the port is released. When the concurrency
Too many requests, there will be a large number of time_wait state connections, can not be broken in time, will occupy a large number of ports
Resource and server resources. At this point we can optimize the TCP kernel parameters to clean up the port of the TIME_WAIT state in time
Off.
The method described in this article only causes system resource consumption to be valid for connections that have a large number of time_wait states, if not the case
The effect may not be obvious. You can use the netstat command to check the connection status of the Time_wait state, enter the following combination command, check
See the status of the current TCP connection and the corresponding number of connections:
Netstat-n | awk '/^tcp/{++s[$NF]} END {for (a in S) print A, s[a]} '
This command will output a result similar to the following:
Last_ack 16
SYN_RECV 348
Established 70
Fin_wait1 229
Fin_wait2 30
CLOSING 33
Time_wait 18098
We only care about the number of time_wait, here we can see that there are more than 18,000 time_wait, so it takes up 18000
Multiple ports. To know that the number of ports is only 65,535, taking one less, will seriously affect the subsequent new connections. This
case, it is necessary to adjust the TCP kernel parameters under Linux to allow the system to release the TIME_WAIT connection faster.
Open configuration file with vim: vim/etc/sysctl.conf
In this file, add the following lines of content:
Net.ipv4.tcp_syncookies = 1
Net.ipv4.tcp_tw_reuse = 1
Net.ipv4.tcp_tw_recycle = 1
Net.ipv4.tcp_fin_timeout = 30
Enter the following command to have the kernel parameters take effect:
Sysctl-p
Simply describe the meaning of the above parameters:
Net.ipv4.tcp_syncookies = 1
#表示开启SYN Cookies. When a SYN wait queue overflow occurs, cookies are enabled to protect against a small number of SYN attacks.
The default is 0, which means close;
Net.ipv4.tcp_tw_reuse = 1
#表示开启重用. Allows time-wait sockets to be re-used for new TCP connections, which defaults to 0, which means shutdown;
Net.ipv4.tcp_tw_recycle = 1
Fast recovery of time-wait sockets in #表示开启TCP connection, default is 0, indicates off;
Net.ipv4.tcp_fin_timeout
#修改系統默认的TIMEOUT time.
After this adjustment, in addition to further increase the load capacity of the server, but also to protect the small traffic level of DOS,
CC and SYN attacks.
In addition, if you have a large number of connections, we can optimize the TCP port range to further improve the service
The concurrency capability of the device. Still go to the above parameter file, add the following configuration:
Net.ipv4.tcp_keepalive_time = 1200
Net.ipv4.ip_local_port_range = 10000 65000
Net.ipv4.tcp_max_syn_backlog = 8192
Net.ipv4.tcp_max_tw_buckets = 5000
#这几个参数, it is recommended to only open on servers with very large traffic, which can have significant effects. General traffic on a small server,
There is no need to set these parameters.
Net.ipv4.tcp_keepalive_time = 1200
The frequency at which TCP sends keepalive messages when #表示当keepalive. The default is 2 hours, which is changed to 20 minutes.
Net.ipv4.ip_local_port_range = 10000 65000
#表示用于向外连接的端口范围. Small by default: 32768 to 61000, 10000 to 65000. (Note: here
Do not set the minimum value too low, otherwise it may take off the normal port! ）
Net.ipv4.tcp_max_syn_backlog = 8192
The length of the #表示SYN queue, which defaults to 1024, increases the queue length to 8192, and can accommodate more network connections waiting to be connected.
Net.ipv4.tcp_max_tw_buckets = 6000
The maximum number of #表示系统同时保持TIME_WAIT, if this number is exceeded, time_wait will be cleared and printed immediately
Warning message. The default is 180000, which changes to 6000. For Apache, Nginx and other servers, the parameters of the last few lines can be very good to reduce
Less time_wait socket number, but for squid, the effect is not very small. This parameter can control the maximum number of time_wait
To avoid squid servers being dragged to death by a lot of time_wait.
Additional kernel TCP parameter description:
Net.ipv4.tcp_max_syn_backlog = 65536
#记录的那些尚未收到客户端确认信息的连接请求的最大值. For systems with 128M of memory, the default value is
1024, the system of small memory is 128.
Net.core.netdev_max_backlog = 32768
#每个网络接口接收数据包的速率比内核处理这些包的速率快时, the maximum number of packets that are allowed to be sent to the queue.
Net.core.somaxconn = 32768
The Listen function backlog in #web application limits the net.core.somaxconn of our kernel parameters to 128, and Nginx
The defined Ngx_listen_backlog default is 511, so it is necessary to adjust this value.
Net.core.wmem_default = 8388608
Net.core.rmem_default = 8388608
Net.core.rmem_max = 16777216 #最大socket read buffer, refer to
Optimization value: 873200
Net.core.wmem_max = 16777216 #最大socket Write buffer, can be
Optimized value of test: 873200
Net.ipv4.tcp_timestsmps = 0
#时间戳可以避免序列号的卷绕. A 1Gbps link will definitely encounter a previously used serial number. Time stamp allows the internal
The kernel accepts this "exception" packet. You need to turn it off here.
Net.ipv4.tcp_synack_retries = 2
#为了打开对端的连接, the kernel sends a SYN and comes with an ACK that responds to the previous syn. The so-called three
Second handshake in the secondary handshake. This setting determines the number of Syn+ack packets sent before the kernel abandons the connection.
Net.ipv4.tcp_syn_retries = 2
#在内核放弃建立连接之前发送SYN the number of packages.
#net. Ipv4.tcp_tw_len = 1
Net.ipv4.tcp_tw_reuse = 1
# Turn on reuse. Allows time-wait sockets to be re-used for new TCP connections.
Net.ipv4.tcp_wmem = 8192 436600 873200
# TCP Write buffer, with reference to the optimized value: 8192 436600 873200
Net.ipv4.tcp_rmem = 32768 436600 873200
# TCP read buffer, with reference to the optimized value: 32768 436600 873200
Net.ipv4.tcp_mem = 94500000 91500000 92700000
# There are also 3 values, meaning:
NET.IPV4.TCP_MEM[0]: Below this value, TCP has no memory pressure.
NET.IPV4.TCP_MEM[1]: Under this value, enter the memory pressure phase.
NET.IPV4.TCP_MEM[2]: Above this value, TCP refuses to allocate the socket.
The above memory units are pages, not bytes. A reference to the optimization value is: 786432 1048576 1572864
Net.ipv4.tcp_max_orphans = 3276800
#系统中最多有多少个TCP socket is not associated to any one of the user file handles.
If this number is exceeded, the connection is immediately reset and a warning message is printed.
This limitation is only to prevent a simple Dos attack, not relying too much on it or artificially reducing the value,
This value should be increased (if memory is increased).
Net.ipv4.tcp_fin_timeout = 30
#如果套接字由本端要求关闭, this parameter determines how long it remains in the fin-wait-2 state. The right side can make mistakes and never
Far from closing the connection, even accidentally when the machine. The default value is 60 seconds. 2.2 The normal value of the kernel is 180 seconds, you can press this setting, but
Keep in mind that even if your machine is a lightweight Web server, there is a risk of memory overflow due to a large number of dead sockets
Fin-wait-2 is less dangerous than fin-wait-1 because it can eat up to 1.5K of memory, but their lifetime is longer.
With such an optimized configuration, your server's TCP concurrency will increase significantly. The above configuration is for reference only, for
Production environment Please according to their actual situation.

[record] optimize kernel parameters of Linux to improve server concurrency processing power