Join in the/etc/sysctl.conf
Fs.file-max = 65535
Net.ipv4.ip_forward = 1
Net.ipv4.tcp_fin_timeout = 30
This parameter determines the time it remains in the fin-wait-2 state if the socket is closed by the local request. The right end can be an error and never close the connection, or even accidentally machine. The default value is 60 seconds. 2.2 The normal value of the kernel is 180 seconds, you can press this setting, but keep in mind that even if your machine is a lightweight Web server, there is a risk of memory overflow because of a lot of dead sockets, fin-wait-2 is less dangerous than fin-wait-1, Because it can only eat 1.5K of memory, but they have a longer lifetime.
Net.ipv4.tcp_max_syn_backlog = 10240
Indicates the length of the SYN queue, defaults to 1024, increases the queue length to 10240, and can accommodate more network connections waiting for connections.
Net.ipv4.tcp_keepalive_time = 1200
Indicates how often TCP sends KeepAlive messages when KeepAlive is enabled. The default is 2 hours, and 20 minutes instead.
Net.ipv4.tcp_synack_retries = 3
In order to open the connection to the end, the kernel needs to send a SYN with an ACK in response to a previous syn. The second handshake in the so-called three handshake. This setting determines the number of Syn+ack packets sent before the kernel discards the connection
Net.ipv4.tcp_syn_retries = 3
Number of SYN packets sent before the kernel abandons the connection.
Net.ipv4.tcp_max_orphans = 8192
Net.ipv4.tcp_max_tw_buckets = 5000
Indicates that the system maintains the maximum number of time_wait sockets at the same time, and if this number is exceeded, the time_wait socket is immediately cleared and the warning message is printed. The default is 180000, and 5000 is changed. For Apache, Nginx and other servers, the parameters on a few lines can well reduce the number of time_wait sockets, but for squid, the effect is not. This parameter controls the maximum number of time_wait sockets and avoids the squid server being dragged to death by a large number of time_wait sockets.
net.ipv4.tcp_window_scaling = 0
Support for larger TCP windows. If the TCP window is greater than 65535 (64K), you must set this value to 1
Net.ipv4.tcp_sack = 0
Have a choice of answer
Net.ipv4.tcp_timestamps = 0
The time stamp avoids the winding of the serial number. A 1Gbps link is sure to encounter a previously used serial number. The timestamp allows the kernel to accept this "exception" packet. We need to turn it off. Use the timestamp to add 12 bytes to the header of TCP (refer to RFC 1323).
Net.ipv4.tcp_syncookies = 1
Indicates that the SYN cookie is opened. When the SYN wait queue overflow occurs, cookies are enabled to handle, to prevent a small number of SYN attacks, the default is 0, indicating shutdown;
Net.ipv4.tcp_tw_reuse = 1
Indicates open reuse. Allows time-wait sockets to be re used for a new TCP connection, which defaults to 0, indicating shutdown;
Net.ipv4.tcp_tw_recycle = 1
Represents a quick recycle of time-wait sockets on a TCP connection, which defaults to 0, indicating shutdown.
Net.ipv4.ip_local_port_range = 1024 65000
Represents the range of ports used for outward connections. Small by default: 32768 to 61000, 1024 to 65000.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
