Tuning methods for Linux network performance tuning

Article title: Overview of tuning methods for Linux network performance tuning. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Author: Yao Ye He Xiaoyu Yang bangqing Hongyun
　　
In two articles: Tuning LINUX network performance debugging tools and network configuration file for Tuning LINUX network performance, the following describes how to use route, netstat, and tcpdump network tuning testing tools and their functions and network configuration files, in this article, we will introduce the network performance tuning methods from the perspective of practice.
　　
Next, we will first introduce the first method of network performance tuning: service mode selection.
　　
Service method selection
　　
To provide services to multiple customers at the same time, network servers must support this multi-task service method in some way. Generally, there are three methods to choose from: Multi-process mode, multi-thread mode, and asynchronous mode. In the multi-process mode, the server uses a process to provide services to a customer. because in the operating system, generating a process requires additional overhead such as process memory replication, in this way, the performance of a large number of customers will be reduced. To overcome the additional overhead of the process, you can use multi-threaded or asynchronous methods. In the multi-thread mode, multiple threads in the process are used to provide services. because of the low thread overhead, the performance will be improved. In fact, it does not require any additional overhead or asynchronous mode. it uses non-blocking mode to communicate with each customer, and the server uses a process for polling. In asynchronous mode, scheduling between multiple tasks is completed by the server program itself, and once a problem occurs in one place, the entire server will have a problem, not in the scope of discussion. Increase the number of system threads: There are many factors that limit the number of threads, including the number of processes, memory size, and mutex/semaphore/shm/ipc; generally, the maximum number of processes is increased first, and the memory size is increased. the method to increase the maximum number of threads is very simple. you only need to change the two places in glibc: the maximum number of threads and the size of the thread stack area. The increase in the maximum number of threads is at the cost of asynchronous I/O performance of the process. Therefore, a balance is required.
　　
Useful content in the configuration file
　　
1. for databases, increasing the shared memory segments and semaphores plays an important role in improving data transmission efficiency;
　　
Method: you only need to edit the file linux/include/linux/sem. h and linux/include/asm-i386/shmparam. h.
　　
2. first, increase the maximum number of processes, then expand the memory, and then increase the maximum number of threads. the method to increase the maximum number of threads is very simple. you only need to change the two places in glibc: the maximum number of threads and the size of the thread stack;
　　
3. comment out a line in the "/etc/inittab" file and disable the use of Control-Alt-Delete to close the computer. This is important if the server is not placed in a safe place.
　　
Edit the inittab File (vi/etc/inittab) and set this line:
　　
Ca: ctrlaltdel:/sbin/shutdown-t3-r now
　　
Changed:
　　
# Ca: ctrlaltdel:/sbin/shutdown-t3-r now
　　
Run the following command to make the change take effect:
　　
[Root @ deep] #/sbin/init q
　　
4. the/etc/host. conf file specifies how to resolve the host name. Linux uses the parser library to obtain the IP address corresponding to the host name. The following is an example of "/etc/host. conf:
　　
Order bind, hosts: specify the order in which the host name is queried. DNS is required to resolve the domain name before querying the "/etc/hosts" file (or vice versa ).
　　
You can add the following two sentences after the file:
　　
Multi on: the specified host can have multiple addresses. a host with multiple IP addresses is generally called a multi-point host.
　　
Ospoof on: IP address spoofing is not allowed on the server to improve server security. IP spoofing is a means of attacking system security. by disguising IP addresses as other computers, you can gain the trust of other computers.
　　
Tunable Linux kernel network parameters
　　
ICMP-related kernel configuration parameters
　　
Overview: We usually use icmp packets to check whether other protocols (such as tcp and udp) on the target host are available. For example, an icmp packet containing "destination unreachable" is the most common icmp packet.
　　
(1) icmp_destunreach_rate: Set the response rate of the icmp packet whose content is "Destination Unreachable. The value must be an integer.
　　
Application example: assume there are two hosts, A and B. First, we execute the following ipchains statement on host:
　　
Ipchains-A input-p icmp-j REJECT
　　
The REJECT here is different from the DENY here. DENY will discard the qualified package as if it didn't receive the package, the REJECT will send a "Destination Unreachable" icmp request to the request host while dropping the package.
　　
Ping host A on host B. At this time, we will find that the response speed of the "Destination Unreachable" icmp packet is very timely. Run the following command on host:
　　
Echo "1000">/proc/sys/net/ipv4/icmp_destunreach_rate
　　
That is, an "Destination Unreachable" icmp packet is returned every 10 seconds.
　　
At this time, ping host A from host B and you will find that the response speed of the "Destination Unreachable" icmp packet has obviously slowed down. I'm curious to test it, the result is a response every 10 seconds.
　　
(2) icmp_echo_ignore_broadcasts: Sets whether to respond to icmp echo request broadcast. The value must be a Boolean value. 0 indicates to respond to icmp echo request broadcast, and 1 indicates to ignore.
　　
Note: windows does not respond to icmp echo requests.
　　
Application instance:
　　
This value is 0 by default on my RedHat6.x and RedHat7, so that when a user ping the network address of the network segment where my server is located, all linux servers will respond, in this way, the user can get the IP address of my server.
　　
Echo "1">/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
　　
To disable this function. This prevents icmp storms and network congestion.
　　
(3) icmp_echoreply_rate: sets the response speed of the icmp packet in which the system responds to the icmp echo request. The value is an integer.
　　
Application instance:
　　
Assume there are two hosts, A and B. First ping host A on host B, we can see that the response is normal, and then run the command on host.
　　
Echo "1000">/proc/sys/net/ipv4/icmp_echoreply_rate
　　
That is, an icmp echo request packet is returned every 10 seconds. Then ping host A to see that the response speed has changed to 10 seconds.
　　
It is best to adjust the value of this parameter reasonably to prevent icmp storms.
　　
(4) icmp_echo_ignore_all: Sets whether the system ignores all icmp echo requests. if a non-0 value is set, the system ignores all icmp echo requests. In fact, this is an extreme situation of icmp_echoreply_rate. The parameter value is a Boolean value. 1 indicates ignore, and 0 indicates response.
　　
(5) icmp_paramprob_rate: when the system receives the corrupted ip address or tcp header of the Datagram, an icmp packet containing the error message is sent to the source. This parameter is used to set the speed at which icmp packets are sent to the source. Of course, ip or tcp header errors are rare in general. The parameter value is an integer.
　　
(6) icmp_timeexceed_rate: The time-to-live field of a datagram is continuously reduced when it is uploaded or transmitted over the network. when the time-to-live field is set to 0, the router that is processing the datagram discards the datagram and sends an icmp packet "time to live exceeded" to the source host. This parameter is used to set the sending speed of the icmp packet. Of course, this is usually used as the linux host of the router.
　　
IP-related kernel configuration parameters
　　
Ip configuration parameters in Linux kernel network parameters are usually used to define or adjust some specific parameters of the ip package. In addition, some network features of the system are defined.
　　
(1) ip_default_ttl: sets the lifetime of the IP packet sent from the local machine. the parameter value is an integer and the range is 0 ~ 128. the default value is 64. In windows, the lifetime of an IP packet is usually 128. If your system often gets an icmp response of "Time to live exceeded", you can increase the value of this parameter, but it cannot be too large, because if your route is broken, it will increase the system error time.
　　
(2) ip_dynaddr: this parameter is usually used when a dial-up connection is used, so that the system can immediately change the source address of the IP package to this IP address, at the same time, the original tcp conversation is interrupted, and a syn request packet is resent with the new address to start the new tcp conversation. When ip spoofing is used, this parameter can immediately change the disguised ip address to a new ip address. The parameter value can be:
　　
1: enable this function
2: enable this function in redundancy mode
0: disable this function.
　　
Application example: when you use ipchains to configure ip spoofing to drive a LAN to share a ppp connection, sometimes a site cannot be connected when it is just started, and you can refresh and connect again, in this case, you can set the value of this parameter to 1, and immediately change the disguised IP address to a new IP address. Command:
　　
Echo "1">/proc/sys/net/ipv4/ip_dynaddr
　　
(3) ip_forward: you can use this parameter to enable the packet forwarding function so that the system acts as a router. If the parameter value is 1, ip forwarding is enabled. if the parameter value is 0, ip forwarding is prohibited. Note: we can forward ip addresses on a single or dual-Nic host.
　　
Application instance:
　　
Suppose we use a linux host with a dual-Nic as the firewall, then we must execute the following command to enable the ip forwarding function:
　　
Echo "1">/proc/sys/net/ipv4/ip_forward
　　
(4) ip_local_port_range: Set the port range used when the local system initiates a tcp or udp connection request. Set the value to two integers. the default value is "1024 4999 ".
　　
Application instance:
　　
Echo "1450 6000">/proc/sys/net/ipv4/ip_local_port_range
　　
Tcp-related kernel configuration parameters
　　
The tcp configuration parameters can be used to control all aspects of the tcp session process.
　　
(1) tcp_fin_timeout: During A tcp session, at the end of the session, A first sends A fin packet to B. after obtaining the ack confirmation packet of B, A enters the FIN WAIT2 state, waits for B's fin package, and then sends an ack confirmation package to B. This parameter is used to set the timeout time for A to enter the FIN WAIT2 status and wait for the other fin package. If you do not receive the fin package from the other party after the time is reached, the session will be automatically released. The parameter value is an integer in seconds. the default value is 180 seconds.
　　
(2) tcp_syn_retires: set the number of times a syn connection request packet is sent again when a tcp session is established. The parameter value is an integer smaller than 255 and the default value is 10. If your connection speed is fast, you can reduce this value to increase the system response time. even if the connection speed is slow, the default