Description of the file parameters in the/proc/sys directory

First, the preface
This document aims at the OOP8 production environment, the specific optimization strategy needs to adjust according to the actual situation; This document describes how to optimize performance for Redhat Enterprise Linux in the following ways.
1 Linux proc File system, through the proc file system adjustment, to achieve performance optimization.
2 The Linux Performance Diagnostics tool, which describes how to use Linux's own diagnostic tools for performance diagnostics.
Bold Italic indicates a command that can be run directly.
An underscore indicates the contents of a file.
Second,/proc/sys/kernel/optimization
1)/proc/sys/kernel/ctrl-alt-del
The file has a binary value that controls how the system reacts when it receives the Ctrl+alt+delete key combination. The two values are:
A value of 0 (0) that captures the ctrl+alt+delete and sends it to the INIT program, which allows the system to safely shut down and restart as if entering the shutdown command.
One (1) value, which means that the ctrl+alt+delete is not captured and will perform an abnormal shutdown as if the power supply were turned off directly.

Default setting: 0
Recommended setting: 1, to prevent accidental press ctrl+alt+delete cause the system does not restart normally.
2) Proc/sys/kernel/msgmax
This file specifies the maximum length (bytes) of messages sent from one process to another. Message passing between processes is done in the kernel's memory and is not exchanged to disk, so increasing this value increases the amount of memory used by the operating system.

Default setting: 8192
3)/PROC/SYS/KERNEL/MSGMNB
This file specifies the maximum length of a message queue (bytes).

Default setting: 16384
4)/proc/sys/kernel/msgmni
This file specifies the maximum number of message queue identities, that is, how many message queues are in the system range.

Default setting: 16
5)/proc/sys/kernel/panic
This file represents the time (in seconds) that the kernel waits before rebooting if "kernel Critical error (Kernel panic)" occurs.
0 (0) seconds, which means that automatic reboot is prohibited when a kernel critical error occurs.

Default setting: 0
6) Proc/sys/kernel/shmall
This file represents the total amount of shared memory (bytes) that can be used on the system at any given time.

Default setting: 2097152
7)/proc/sys/kernel/shmmax
This file represents the maximum size of shared memory segment allowed by the kernel (bytes).

Default setting: 33554432
Recommended setting: Physical Memory * 50%

The actual maximum shared memory segment size =shmmax * 98%, about 2% of which is used for the shared memory structure.
You can verify by setting Shmmax and then performing ipcs-l.
8)/proc/sys/kernel/shmmni
This file represents the maximum number of shared memory segments that are used for the entire system.

Default setting: 4096
9)/proc/sys/kernel/threads-max
This file represents the maximum number of threads that the kernel can use.

Default setting: 2048
/PROC/SYS/KERNEL/SEM)
This file is used to control kernel semaphore, which is the method used by system VIPC for interprocess communication.

Recommended setting: 250 32000 100 128
The first column that represents the maximum number of semaphores per signal set.
The second column represents the total number of maximum semaphores in the system range.
The third column represents the maximum number of system operations per signal occurrence.
The fourth column represents the maximum number of lumped signals in the system range.
So, (first column) * (fourth column) = (second column)

The above settings can be validated by performing ipcs-l.
11) to be continued ...
Third,/proc/sys/vm/optimization
1)/proc/sys/vm/block_dump
This file indicates whether the Block debug mode is turned on to record all read-write and dirty block writeback actions.

Default setting: 0, disabling block debug mode
2)/proc/sys/vm/dirty_background_ratio
This file represents the percentage of dirty data reaching the overall memory of the system, which triggers the pdflush process to write dirty data back to disk.

Default setting: 10
3)/proc/sys/vm/dirty_expire_centisecs
This file indicates that if the dirty data resides in memory longer than this value, the Pdflush process will write the data back to disk the next time.

Default setting: 3000 (1/100 seconds)
4)/proc/sys/vm/dirty_ratio
This file indicates that the process itself writes dirty data back to disk if the process produces dirty data that reaches the percentage of the system's overall memory.

Default setting: 40
5)/proc/sys/vm/dirty_writeback_centisecs
This file indicates how often the pdflush process periodically writes dirty data back to disk.

Default setting: 500 (1/100 seconds)
6)/proc/sys/vm/vfs_cache_pressure
This file indicates the kernel's propensity to recycle cache memory for directory and inode; The default value of 100 means that the kernel will keep directory and Inode cache at a reasonable percentage according to Pagecache and Swapcache ; Lowering the value below 100 will result in the kernel tending to keep directory and Inode cache; Increasing this value by more than 100 will result in the kernel tending to recycle directory and Inode cache.

Default setting: 100
7)/proc/sys/vm/min_free_kbytes
This file indicates the minimum amount of free memory (Kbytes) that the Linux VM is forced to retain.

Default setting: 724 (512M physical memory)
8)/proc/sys/vm/nr_pdflush_threads
The file represents the number of Pdflush processes currently running, and the kernel automatically adds more Pdflush processes when I/O loads are high.

Default setting: 2 (Read only)
9)/proc/sys/vm/overcommit_memory
This file specifies the kernel's policy for memory allocation, which can be 0, 1, and 2.
0 indicates that the kernel will check if there is enough available memory to use the process, and if there is enough memory available, the memory request is allowed, otherwise the memory request fails and the error is returned to the application process.
1 indicates that the kernel allows all physical memory to be allocated regardless of the current state of memory.
2, which indicates that the kernel allows allocating more memory than the sum of all physical memory and swap space (reference overcommit_ratio).

Default setting: 0
/proc/sys/vm/overcommit_ratio)
The file indicates that, if overcommit_memory=2, the percentage of memory can be overloaded, the system's overall available memory is computed using the following formula.
System can allocate memory = Swap space + physical memory *overcommit_ratio/100

Default setting: 50 (%)
One)/proc/sys/vm/page-cluster
This file represents the number of pages written when you write to the swap area, 0 for 1 pages, 1 for 2, and 2 for 4 pages.

Default setting: 3 (2 of 3 times, 8 pages)
)/proc/sys/vm/swapiness
This file represents the extent to which the system is exchanging behavior, and the higher the value (0-100), the more likely the disk swap will occur.

Default setting: 60
Legacy_va_layout)
This file indicates whether to use the latest 32-bit shared memory mmap () system calls, and the shared memory allocation methods supported by Linux include Mmap (), Posix,system VIPC.
0, using the latest 32-bit mmap () system call.
1, using the system call provided by the 2.4 kernel.

Default setting: 0
) nr_hugepages
This file represents the number of HUGETLB pages that the system retains.
) Hugetlb_shm_group
This file represents the System group ID that allows the hugetlb page to be used to create a VIPC shared memory segment.
16) to be continued ...
Four,/proc/sys/fs/optimization
1)/proc/sys/fs/file-max
This file specifies the maximum number of file handles that can be allocated. If the user gets the error message declaration due to open
The number of files has reached the maximum so they cannot open more files, and you may need to increase the value.

Default setting: 4096
Recommended setting: 65536
2)/proc/sys/fs/file-nr
This file is associated with File-max, which has three values:
Number of allocated file handles
Number of used file handles
Maximum number of file handles
The file is read-only and is used only for display information.
3) to be continued ...
Five,/proc/sys/net/core/optimization
The configuration files in this directory are used primarily to control the interaction between the kernel and the network layer.
1)/proc/sys/net/core/message_burst
The time (in 1/10 seconds) required to write a new warning message, and other warning messages received by the system during this time are discarded. This is used to prevent certain denial-of-service (denial of service) attacks that are used by people attempting to "drown" the system with the message.

Default setting: 50 (5 seconds)
2)/proc/sys/net/core/message_cost
This file represents the cost value associated with writing each warning message. The larger the value, the more likely it is to ignore the warning message.

Default setting: 5
3)/proc/sys/net/core/netdev_max_backlog
This file represents the maximum number of packets that are allowed to be sent to the queue at a rate that each network interface receives packets at a faster rate than the kernel processes those packets.

Default setting: 300
4)/proc/sys/net/core/optmem_max
This file represents the maximum buffer size allowed for each socket.

Default setting: 10240
5)/proc/sys/net/core/rmem_default
This file specifies the default value, in bytes, that receives the socket buffer size.

Default setting: 110592
6)/proc/sys/net/core/rmem_max
This file specifies the maximum size, in bytes, of the receive socket buffer.

Default setting: 131071
7)/proc/sys/net/core/wmem_default
This file specifies the default value, in bytes, for the size of the send socket buffer.

Default setting: 110592
8)/proc/sys/net/core/wmem_max
This file specifies the maximum size of the send socket buffer, in bytes.

Default setting: 131071
9) to be continued ...
Vi. optimization of/proc/sys/net/ipv4/
1)/proc/sys/net/ipv4/ip_forward
This file indicates whether IP forwarding is turned on.
0, prohibit
1, forwarding

Default setting: 0
2)/proc/sys/net/ipv4/ip_default_ttl
This file represents the life cycle of a datagram (time to Live), that is, the maximum number of routers.

Default setting: 64
Increasing this value can degrade system performance.
3)/proc/sys/net/ipv4/ip_no_pmtu_disc
This file indicates that the path MTU detection function is turned off globally.

Default setting: 0
4)/PROC/SYS/NET/IPV4/ROUTE/MIN_PMTU
The file represents the size of the minimum path MTU.

Default setting: 552
5)/proc/sys/net/ipv4/route/mtu_expires
This file represents how long (in seconds) The PMTU information is cached.

Default setting: 600 (SEC)
6)/proc/sys/net/ipv4/route/min_adv_mss
The file represents the smallest MSS (Maximum Segment size) size, depending on the router MTU of the first hop.

Default setting: 256 (bytes)
6.1 IP Fragmentation
1)/proc/sys/net/ipv4/ipfrag_low_thresh/proc/sys/net/ipv4/ipfrag_low_thresh
Two files represent the minimum and maximum memory allocations used to reorganize IP segments, and when the maximum memory allocation value is reached, the other segments are discarded until the minimum memory allocation value is reached.

Default setting: 196608 (Ipfrag_low_thresh)
262144 (Ipfrag_high_thresh)
2)/proc/sys/net/ipv4/ipfrag_time
This file represents how many seconds an IP fragment remains in memory.

Default setting: 30 (SEC)
6.2 INET Peer Storage
1)/proc/sys/net/ipv4/inet_peer_threshold
inet to end memory an appropriate value, when the threshold entry is exceeded will be discarded. The valve value also determines the survival
Time and waste collection through the time interval. The more entries, the lower the survival period, the shorter the GC interval.

Default setting: 65664
2)/proc/sys/net/ipv4/inet_peer_minttl
The minimum surviving period of the entry. Sufficient fragment (fragment) survival time must be available at the recombination end. The lowest
The survival period must ensure that the buffer pool volume is less than inet_peer_threshold. The value is jiffies as
Unit measurements.

Default setting: 120
3)/proc/sys/net/ipv4/inet_peer_maxttl
The maximum lifetime of the entry. After this deadline arrives, if the buffer pool does not run out of pressure (for example: slow
The number of entries in the flush pool is very low, and entries that are not used will timeout. This value is measured in jiffies units.

Default setting: 600
4)/proc/sys/net/ipv4/inet_peer_gc_mintime
Waste collection (GC) through the shortest interval. This interval can affect the high pressure of memory in the buffer pool. The value
Measured in units of jiffies. 5)/proc/sys/net/ipv4/inet_peer_gc_maxtime
The maximum interval through which the waste collection (GC) passes, which affects the low pressure of memory in the buffer pool. The value
Measured in units of jiffies.

Default setting: 120
6.3 TCP Variables
1)/proc/sys/net/ipv4/tcp_syn_retries
This file indicates that the number of times that the native outbound TCP SYN connection is being sent out of the timeout should not be higher than 255; This value is for outgoing connections only, and the incoming connection is controlled by Tcp_retries1.

Default setting: 5
2)/proc/sys/net/ipv4/tcp_keepalive_probes
This file indicates the maximum TCP hold connection detection number before discarding the TCP connection. Keep Connected only in
The so_keepalive socket option is only sent when it is opened.

Default setting: 9 (Times)
3)/proc/sys/net/ipv4/tcp_keepalive_time
This file represents the number of seconds that will be required between the time the data is no longer transferred to and the connection signal is sent to the connection.

Default setting: 7200 (2 hours)
4)/PROC/SYS/NET/IPV4/TCP_KEEPALIVE_INTVL
The file represents the frequency at which TCP probes are sent, multiplied by tcp_keepalive_probes to indicate when no corresponding TCP connection is being disconnected.

Default setting: 75 (SEC)
5)/proc/sys/net/ipv4/tcp_retries1
The file represents the number of retransmissions that were sent before the response to a TCP connection request was discarded.
　　
Default setting: 3
6)/proc/sys/net/ipv4/tcp_retries2
The file represents the number of times that a TCP packet was discarded before it was established in a communication state.
　　
Default setting: 15
7)/proc/sys/net/ipv4/tcp_orphan_retries
How many retries are to be made before the TCP connection is dropped near the end. The default value is 7, equivalent to 50 seconds –
16 minutes, depending on the RTO. If your system is a heavily loaded Web server, you may need to
To reduce this value, this type of sockets can consume a large amount of resources. Other references
Tcp_max_orphans.
8)/proc/sys/net/ipv4/tcp_fin_timeout
For a socket connection that is disconnected from the end, TCP remains in the Fin-wait-2 state for a time. Each other May
Disconnects or does not end the connection or unexpected process death. The default value is 60 seconds. Past in
The 2.2 version of the kernel is 180 seconds. You can set this value, but be aware that if your machine is negative
A heavily loaded Web server, you may be risking memory being filled with a large number of invalid datagrams,
Fin-wait-2 sockets are less dangerous than fin-wait-1 because they eat up to 1.5K
of memory, but they exist for a longer time. In addition reference Tcp_max_orphans.

Default setting: 60 (SEC)
9)/proc/sys/net/ipv4/tcp_max_tw_buckets
The number of maximum timewait sockets that the system processes at the same time. If this number is exceeded,
The time-wait socket is immediately removed and a warning message is displayed. The reason to set this limit, pure
In order to resist those simple DoS attacks, do not artificially reduce this limit, however, if
Network conditions need to be more than the default value, you can improve it (and perhaps increase memory).

Default setting: 180000
/proc/sys/net/ipv4/tcp_tw_recyle)
Turn on fast time-wait sockets recycling. Unless you are advised or requested by a technical expert, do not follow
Modify this value.

Default setting: 0
One)/proc/sys/net/ipv4/tcp_tw_reuse
This file indicates whether the time-wait-state socket is allowed to reapply for a new TCP connection.

Default setting: 0
)/proc/sys/net/ipv4/tcp_max_orphans
The maximum number of TCP sockets that the system can handle that is not part of any process. If this amount is exceeded, that
The connection that does not belong to any process is reset immediately and a warning message is displayed. The reason to set this
restrictions, just to protect against those simple DoS attacks, do not rely on this or artificially descending
Lower this limit.

Default setting: 8192
/proc/sys/net/ipv4/tcp_abort_on_overflow)
When the daemon is too busy to accept the new connection, send the reset message to the other person, and the default value is False.
This means that when the overflow is due to an accidental burst, the connection will revert to state. Only when you do
This option is not available when the trust daemon is really unable to complete the connection request, which affects the customer's use.

Default setting: 0
)/proc/sys/net/ipv4/tcp_syncookies
The file indicates whether the TCP Synchronization tab (Syncookie) is turned on and the kernel must have the Config_syn_cookies key open for compilation. Synchronization labels (syncookie) prevent a socket from overloading when there are too many attempts to connect.

Default setting: 0
)/proc/sys/net/ipv4/tcp_stdurg
Use the host Request interpretation feature in the TCP Urg pointer field. Most of the hosts use old
BSD interpretation, so if you open it on Linux, it may cause you to not communicate with them correctly.

Default setting: 0
)/proc/sys/net/ipv4/tcp_max_syn_backlog
For connection requests that are still not receiving client confirmation, you need to save the maximum number in the queue. For
For systems that exceed 128Mb of memory, the default value is 1024, or 128 below 128Mb. If
Servers often overload, you can try to increase this number. Warning. If you set this value to be greater than
1024, it is best to modify the include/net/tcp.h inside the tcp_synq_hsize to keep
tcp_synq_hsize*16 0) or bytes-bytes/2^ (-tcp_adv_win_scale) (as
Fruit Tcp_adv_win_scale 128Mb 32768-610000) The system will ignore all sent to its own
ICMP echo Request or those broadcast address requests.

Default setting: 1024
/proc/sys/net/ipv4/tcp_window_scaling)
This file indicates whether the sliding window size for setting up a TCP/IP session is variable. The parameter value is a Boolean value and is 1 to represent a variable, and 0 to represent the immutable. TCP/IP typically uses a window of up to 65535 bytes, which may be too small for a high-speed network, and if enabled, you can increase the ability to transfer the TCP/IP sliding window by a number of orders of magnitude.

Default setting: 1
)/proc/sys/net/ipv4/tcp_sack
This file indicates whether a selective response (selective acknowledgment) is enabled, which improves performance by selectively answering packets received in order to allow the sender to send only the missing message segments, and (for WAN traffic) This option should be enabled. But this increases the CPU footprint.

Default setting: 1
)/proc/sys/net/ipv4/tcp_timestamps
This file indicates whether to enable calculation of RTT in a method that is more precise than a time-out (see RFC 1323), and this option should be enabled for better performance.

Default setting: 1
)/proc/sys/net/ipv4/tcp_fack
This file indicates whether the Fack congestion avoidance and fast retransmission feature is turned on.

Default setting: 1
)/proc/sys/net/ipv4/tcp_dsack
This file indicates whether TCP is allowed to send "two identical" sack.

Default setting: 1
/PROC/SYS/NET/IPV4/TCP_ECN)
This file indicates whether TCP's direct congestion notification function is turned on.

Default setting: 0
/proc/sys/net/ipv4/tcp_reordering)
This file represents the maximum number of reorder datagrams in the TCP stream.

Default setting: 3
)/proc/sys/net/ipv4/tcp_retrans_collapse
This file indicates whether a bug-specific printer provides compatibility against its bugs.

Default setting: 1
)/proc/sys/net/ipv4/tcp_wmem
The file contains 3 integer values, respectively: Min,default,max
Min: reserves the minimum memory value for sending buffers for TCP sockets. You can use it for each TCP socket.
Default: The amount of memory that is reserved for TCP sockets to send buffers, which affects defaults in Net.core.wmem used by other protocols, typically below the value of default in Net.core.wmem.
Max: Reserve The maximum memory value for a TCP socket to send a buffer. The value does not affect Net.core.wmem_max, and today SO_SNDBUF is not affected by this value. The default value is 128K.

Default setting: 4096 16384 131072
)/proc/sys/net/ipv4/tcp_rmem
The file contains 3 integer values, respectively: Min,default,max
Min: The amount of memory reserved for the TCP socket to receive buffering, even if there is a tension in memory, the TCP socket will have at least so much memory to receive the buffer.
Default: The amount of memory that is reserved for TCP sockets to receive buffering, which affects the value of defaults in the Net.core.wmem used by the other protocols. This value determines the TCP window size of 65535 for the default values of Tcp_adv_win_scale, Tcp_app_win, and Tcp_app_win.
Max: Reserve The maximum memory value for a TCP socket to receive buffering. The value does not affect the value of Max in Net.core.wmem, and today SO_SNDBUF is not affected by this value.

Default setting: 4096 87380 174760
)/proc/sys/net/ipv4/tcp_mem
The file contains 3 integer values, respectively: Low,pressure,high
Low: TCP does not consider freeing memory when TCP uses a number of pages of memory that are below this value.
Pressure: When TCP uses the number of memory pages that exceed this value, TCP attempts to stabilize its memory usage, enters pressure mode, and exits the pressure state when the memory consumption is lower than the low value.
High: The amount of pages that allow all TCP sockets to queue buffered datagrams.
Typically these values are computed at system startup based on the amount of system memory.

Default setting: 24576 32768 49152
/proc/sys/net/ipv4/tcp_app_win)
The file represents the retention of the max (Window/2^tcp_app_win, MSS) number of Windows due to application buffering. When 0 indicates that no buffering is required.

Default setting: 31
/proc/sys/net/ipv4/tcp_adv_win_scale)
The file represents a computed buffer overhead bytes/2^tcp_adv_win_scale (if Tcp_adv_win_scale >; 0) or bytes-bytes/2^ (-tcp_adv_win_scale) (If tcp_adv_ Win_scale <= 0).

Default setting: 2
6.4 IP Variables
1)/proc/sys/net/ipv4/ip_local_port_range
This file represents the local port number that the TCP/UDP protocol opens.

Default setting: 1024 4999
Suggested setting: 32768 61000
2)/proc/sys/net/ipv4/ip_nonlocal_bind
This file indicates whether the process state is allowed to be set to a non-local address.

Default setting: 0
3)/proc/sys/net/ipv4/ip_dynaddr
This parameter is commonly used in situations where a dial-up connection is used to enable the system to immediately change the IP packet's source address to that IP address, interrupt the original TCP conversation, and issue a SYN request packet with the new address to start a new TCP conversation. When using IP spoofing, this parameter can immediately change the masquerade address to the new IP address. This file indicates whether the dynamic address is allowed, if the value is not 0, and if the value is greater than 1, the kernel logs dynamic address rewrite information through log.

Default setting: 0
4)/proc/sys/net/ipv4/icmp_echo_ignore_all/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
This file indicates whether the kernel ignores all ICMP echo requests, or ignores broadcast and multicast requests.
0, responding to requests
1, ignoring the request

Default setting: 0
Recommended setting: 1
5)/proc/sys/net/ipv4/icmp_ratelimit
6)/proc/sys/net/ipv4/icmp_ratemask
7)/proc/sys/net/ipv4/icmp_ignore_bogus_error_reponses
Some routers violate the RFC1122 standard and respond to broadcast frames by sending bogus responses. This breach of the line
is usually logged in the system log as an alarm. If this option is set to true, the kernel does not
Record this warning message.

Default setting: 0
8)/proc/sys/net/ipv4/igmp_max_memberships
This file represents the maximum number of members in a multicast group.

Default setting: 20
6.5 Other Configuration
1)/proc/sys/net/ipv4/conf/*/accept_redirects
If there are two routers in the network segment where the host is located, you set one to the default gateway, but the gateway
When you receive your IP packet, you find that the IP packet must go through another router, and this router will give you
Send a so-called "redirect" ICMP packet, telling the IP packet to be forwarded to another router. Parameter value is Boolean
Value, 1 indicates that this type of redirected ICMP information is received, and 0 is ignored. Missing on Linux host acting as router
The province value is 0, and the default value is 1 on a typical Linux host. It is recommended that you change it to 0 to eliminate security risks.
2)/proc/sys/net/ipv4/*/accept_source_route
Whether to accept IP packets containing source routing information. The parameter value is a Boolean value, 1 is accepted, and 0 is not accepted. In
The default value for a Linux host that acts as a gateway is 1, and the default value is 0 on a typical Linux host. From the security corner
Degrees, it is recommended that you turn off this feature.
3)/proc/sys/net/ipv4/*/secure_redirects
In fact, the so-called "security redirect" is to accept only the "redirect" ICMP packets from the gateway. This parameter is
Used to set the security redirect feature. The parameter value is a Boolean value, 1 is enabled, 0 is forbidden, and the default value
To enable.
4)/proc/sys/net/ipv4/*/proxy_arp
Sets whether to relay ARP packets on the network. The parameter value is a Boolean value, 1 means relay, and 0 is ignored.
The default value is 0. This parameter is usually useful only for Linux hosts that act as routers.
Seven, performance optimization strategy
7.1 Basic Optimization
1) Shutdown Daemon Daemon
After the system is installed, some daemon processes are started by default, and some processes are not required, so shutting down these processes can save a portion of the physical memory consumption. Log on to the system as root, run NTSYSV, and select the following process:
Iptables
Network
Syslog
Random
Apmd
xinetd
Vsftpd
Crond
Local
When you have finished modifying, reboot the system.
This way, the system will only start the selected daemons.
2) Reduce the number of terminal connections
The system starts 6 terminals by default, but in fact it only needs to start 3; Log in as root, run vi/etc/inittab, and modify it as follows:
# Run Gettys in standard runlevels
1:2345:respawn:/sbin/mingetty tty1
2:2345:respawn:/sbin/mingetty Tty2
3:2345:respawn:/sbin/mingetty Tty3
#4:2345:respawn:/sbin/mingetty Tty4
#5:2345:respawn:/sbin/mingetty tty5
#6:2345:respawn:/sbin/mingetty tty6
As mentioned above, comment out 4, 5, 6 terminals.
3) to be continued ...
7.2 Network optimization
1 optimize the system socket buffer
net.core.rmem_max=16777216
net.core.wmem_max=16777216
2 optimize TCP receive/send buffer
net.ipv4.tcp_rmem=4096 87380 16777216
net.ipv4.tcp_wmem=4096 65536 16777216
3 optimize the network device receive queue
net.core.netdev_max_backlog=3000
4 Turn off routing-related features
Net.ipv4.conf.lo.accept_source_route=0
Net.ipv4.conf.all.accept_source_route=0
Net.ipv4.conf.eth0.accept_source_route=0
Net.ipv4.conf.default.accept_source_route=0

Net.ipv4.conf.lo.accept_redirects=0
Net.ipv4.conf.all.accept_redirects=0
Net.ipv4.conf.eth0.accept_redirects=0
Net.ipv4.conf.default.accept_redirects=0

Net.ipv4.conf.lo.secure_redirects=0
Net.ipv4.conf.all.secure_redirects=0
Net.ipv4.conf.eth0.secure_redirects=0
Net.ipv4.conf.default.secure_redirects=0

Net.ipv4.conf.lo.send_redirects=0
Net.ipv4.conf.all.send_redirects=0
Net.ipv4.conf.eth0.send_redirects=0
Net.ipv4.conf.default.send_redirects=0
5 Optimize TCP protocol stack
Open the TCP SYN cookie option to help protect your server from Syncflood attacks.
Net.ipv4.tcp_syncookies=1

Turning on the time-wait socket reuse feature is very effective for Web servers that have a large number of connections.
Net.ipv4.tcp_tw_recyle=1
Net.ipv4.tcp_tw_reuse=1

Reduce the time that is in the Fin-wait-2 connection state so that the system can handle more connections.
Net.ipv4.tcp_fin_timeout=30

Reduces the time that TCP keepalive connections are detected, allowing the system to handle more connections.
net.ipv4.tcp_keepalive_time=1800

Increase the TCP SYN queue length so that the system can handle more concurrent connections.
net.ipv4.tcp_max_syn_backlog=8192