Directory
1. Linux Kernel Parameter Annotation
2. Two Kernel Parameter Modification Methods
3. kernel Optimization Parameter production Configuration
Parameter explanations are collected and organized on the network. Common optimization parameters are compared to the tables of multiple online applications to make viewing more intuitive.
I have been learning linux for quite some time. Every time I optimize linux kernel parameters, I copy them online and even ignore the parameters not listed by others. Don't I need them anymore?
References:
Linux Kernel TCP Parameters
Http:// OS .chinaunix.net/a2008/0918/985/000000985483.shtml
Linux Kernel Parameter Optimization
Http://blog.chinaunix.net/uid-29081804-id-3830203.html
Linux Kernel adjustment and Kernel Parameters
Http://blog.csdn.net/cnbird2008/article/details/4419354
1. Linux Kernel Parameter Annotation
The red font in the following table shows common optimization parameters.
Sort table shards according to the directory of the parameter files
Directory of the following files:/proc/sys/net/ipv4/
Name
Default Value
Recommended Value
Description
Tcp_syn_retries
5
1
For a new connection, the kernel determines how many SYN connection requests are sent before giving up. It should not be greater than 255. The default value is 5, corresponding to the left-right time of 180 seconds .. (For a network with high load and good physical communication, this value is too high and can be changed to 2. This value is only for external connections. The incoming connections are determined by tcp_retries1)
Tcp_synack_retries
5
1
For the remote connection request SYN, the kernel sends the SYN + ACK datagram to confirm receipt of the previous SYN connection request packet. This is the second step of the so-called threeway handshake mechanism. The number of SYN + ACK sent by the kernel before the connection is abandoned. It should not be greater than 255. The default value is 5, corresponding to the left-right time of 180 seconds.
Tcp_keepalive_time
7200
600
The interval (in seconds) between the TCP send keepalive detection message and is used to confirm whether the TCP connection is valid.
Prevents connection between the two sides but does not send data.
Tcp_keepalive_probes
9
3
The interval (in seconds) between the TCP send keepalive detection message and is used to confirm whether the TCP connection is valid.
Tcp_keepalive_intvl
75
15
Interval (in seconds) for resending a message when no response is received ). The default value is 75 seconds. (For common applications, this value is too large and can be changed as needed. Especially for web servers, this value needs to be changed to a smaller value. 15 is a suitable value)
Tcp_retries1
3
3
How many retries are required before a TCP connection request is returned. The minimum RFC value is 3.
Tcp_retries2
15
5
How many retries are required before discarding a TCP connection that has been activated (communication status established. The default value is 15, which is determined by the RTO value, equivalent to 13-30 minutes (RFC1122 requires that the value must be greater than 100 seconds ). (This value can be adjusted to 5 according to the current network settings)
Tcp_orphan_retries
7
3
How many retries are required before the TCP connection is discarded in the near-end. The default value is 7, which is equivalent to 50 seconds to 16 minutes, depending on RTO. If your system is a web server with a large load, you may need to reduce this value. Such sockets may consume a lot of resources. In addition, tcp_max_orphans. (In fact, lowering the value of NAT is also a significant benefit. In my own network environment, reducing the value to 3)
Tcp_fin_timeout
60
2
For local-end closed socket connections, TCP stays in the FIN-WAIT-2 state. The other party may disconnect or never end the connection or unexpected process will die. The default value is 60 seconds.
Tcp_max_tw_buckets
180000
36000
The maximum number of timewait sockets simultaneously processed by the system. If this number is exceeded, the time-wait socket is immediately cut down and a warning message is displayed. The reason for setting this limit is purely to defend against simple DoS attacks. However, if more network conditions are required than the default value, you can increase the limit (or increase the memory ). (In fact, it is best to add this value when performing NAT)
Tcp_tw_recycle
0
1
Enable quick TIME-WAIT sockets recycle. Do not modify this value unless you are advised or requested by a technical expert. (We recommend that you enable it when performing NAT)
Tcp_tw_reuse
0
1
Indicates whether to allow re-application of a socket in the TIME-WAIT status to be used for a New TCP connection (this is very helpful for restarting some services quickly, and it prompts that the port has been used after startup)
Tcp_max_orphans
8192
32768
The maximum number of TCP sockets that the system can process for any process. If this number is exceeded, connections that do not belong to any process will be immediately reset and a warning will be displayed. To defend against simple DoS attacks, do not rely on this restriction or manually reduce it. This value should be increased if the memory size is greater. (This value is set to 32768 in the Redhat AS version, but we recommend that you change this value to 2000 when many firewalls are modified)
Tcp_abort_on_overflow
0
0
When the daemon is too busy to accept new connections, it is like the other party sending a reset message. The default value is false. This means that when the cause of overflow is an accidental burst, the connection will be restored. This option is enabled only when you are sure that the daemon cannot complete the connection request. This option affects your use. (For services such as sendmail and apache that are already fully loaded, this can quickly cause the client to terminate the connection and give the service program the opportunity to process the buffer of existing connections. Therefore, we recommend that you enable sendmail on many firewalls)
Tcp_syncookies
0
1
Only CONFIG_SYNCOOKIES are selected during kernel compilation. Syncookies are sent when the syn wait queue overflows. The objective is to prevent syn flood attacks.
Tcp_stdurg
0
0
Use the host request interpretation function in the TCP urg pointer field. Most hosts use old BSD interpretations, So if you open it in Linux, it may lead to a failure to communicate with them correctly.
Tcp_max_syn_backlog
1024
16384
The maximum number of connection requests that are still not confirmed by the client must be saved in the queue. For systems with over 128 Mb of memory, the default value is 1024. For systems with less than 128 Mb of memory, the default value is 128. If the server is overloaded frequently, add this number. Warning if you set this value to greater than 1024, it is best to modify include/net/tcp. h inside the TCP_SYNQ_HSIZE, to keep the TCP_SYNQ_HSIZE * 16 (SYN Flood attack using TCP spread handshake defects, counterfeit fake source IP address sent a large number of TCP-SYN half open to connect to the target system, eventually, the target system's Socket queue resources are exhausted and new connections cannot be accepted. To cope with such attacks, modern Unix systems generally use multi-connection queue processing to buffer (rather than solve) such attacks, it is a fully connected application (Connect () and Accept () that processes normally using a basic queue. It is a semi-open connection that is separately stored in another queue. This dual-queue processing method can effectively mitigate small-scale Syn Flood attacks when combined with other system kernel measures (such as SYN-Cookies/Caches) (it turns out)
Tcp_window_scaling
1
1
This file indicates whether the size of the hop window of the TCP/IP session is variable. The parameter value is a Boolean value. If it is 1, it indicates variable. If it is 0, it indicates non-variable. TCP/IP usually uses a window of up to 65535 bytes. for high-speed networks, this value may be too small. If this function is enabled, the TCP/IP sliding window size can be increased by several orders of magnitude to improve the data transmission capability (RFC 1323 ). (For an ordinary M network, disabling it will reduce the overhead, so if it is not a high-speed network, you can consider setting it to 0)
Tcp_timestamps
1
1
Timestamps is used in other things to prevent forged sequence numbers. A 1g broadband line may re-encounter an old sequence number with an out-of-line value (if it was generated last time ). Timestamp will let it know that this is an 'old package '. (This file indicates whether to enable RTT computing in a more accurate way than timeout resend (RFC 1323). This option should be enabled for better performance .)
Tcp_sack
1
1
Using Selective ACK, it can be used to find specific lost data packets-so it helps to quickly restore the status. This file indicates whether Selective Acknowledgment is enabled ), this can improve the performance by selectively responding to messages received in disordered Order (this allows the sender to send only lost packets ). (This option should be enabled for Wan communication, but this will increase CPU usage .)
Tcp_fack
1
1
Enable the FACK congestion avoidance and fast retransmission functions. (Note: When tcp_sack is set to 0, this value is invalid even if it is set to 1) [This is a reliable core function of TCP connections]
Tcp_dsack
1
1
Allow TCP to send "two identical" SACK messages.
Tcp_ecn
0
0
The direct Congestion Notification function of TCP.
Tcp_reordering
3
6
Maximum number of datagram in a TCP stream. (We recommend that you slightly adjust this value, for example, 5)
Tcp_retrans_collapse
1
0
It provides compatibility with bugs for some printers. (You can disable this feature if you do not need this feature)
Tcp_wmem: mindefamax Max
4096
16384
131072
8192
131072
16777216
Sending cache settings
Min: The minimum memory size reserved for the TCP socket for sending buffering. Each tcp socket can be used later. The default value is 4096 (4 K ).
Default: The amount of memory reserved for the TCP socket for sending buffering. By default, this value affects the net. core. wmem_default value, generally lower than net. core. the value of wmem_default. The default value is 16384 (16 K ).
Max: maximum memory used for TCP socket sending buffer. This value does not affect net. core. wmem_max. The "static" parameter SO_SNDBUF is not affected. The default value is 131072 (128 K ). (For the server, adding this parameter value is helpful for sending data. In my network environment, it is changed to 51200 131072 204800)
Tcp_rmem: mindefamax Max
4096
87380
174760
32768
131072
16777216
Receiving cache settings
Same as tcp_wmem
Tcp_mem: mindefamax Max
Based on memory computing
786432
1048576 1572864
Low: when TCP uses the number of memory pages lower than this value, TCP does not consider releasing the memory. That is, there is no memory pressure lower than this value. (Ideally, this value should match the 2nd values specified to tcp_wmem-The 2nd values indicate that, the maximum page size multiplied by the maximum number of concurrent requests divided by the page size (131072*300/4096 ). )
Pressure: when TCP uses the number of memory pages that exceed this value, TCP tries to stabilize its memory usage and enters the pressure mode. When the memory consumption is lower than the low value, it exits the pressure state. (Ideally, this value is the maximum buffer size (204800*300/4096) that can be used by TCP ). )
High: the number of pages that allow all tcp sockets to be used for queuing and buffering data packets. (If this value is exceeded, the TCP connection will be rejected, which is why it should not be too conservative (512000*300/4096. In this case, it provides a great deal of value. It can process many connections, which is 2.5 times as expected; or it can make existing connections transmit 2.5 times of data. My network is 192000 300000 732000)
Generally, these values are calculated based on the number of system memory at system startup.
Tcp_app_win
31
31
Retain the max (window/2 ^ tcp_app_win, mss) Number of Windows due to application buffering. If the value is 0, no buffer is required.
Tcp_adv_win_scale
2
2
Computing buffer overhead bytes/2 ^ tcp_adv_win_scale (if tcp_adv_win_scale> 0) or bytes-bytes/2 ^ (-tcp_adv_win_scale) (if tcp_adv_win_scale BOOLEAN> 0)
Tcp_low_latency
0
0
Allow TCP/IP stack to adapt to low latency in high throughput; this option is generally disabled. (But it is helpful to open the Beowulf cluster when building it)
Tcp_westwood
0
0
Enable the sender's congestion control algorithm to maintain the throughput evaluation and try to optimize the overall bandwidth utilization. This option should be enabled for WAN communication.
Tcp_bic
0
0
Enable Binary Increase Congestion for a fast long-distance network; this allows for better access to links for operations at the GB speed; this option should be enabled for WAN communication.
Ip_forward
0
-
The IP Forwarding support must be enabled for NAT. Set this value to 1.
Ip_local_port_range: minmax
32768
61000
1024
65000
Indicates the port range used for external connection. The default value is small. This range is also indirectly used for the NAT table size.
Ip_conntrack_max
65535
65535
The maximum number of ipv4 connections supported by the system. The default value is 65536 (in fact, this is also the theoretical maximum value). This value is related to your memory size. If the memory is 128 MB, the maximum value is 8192, memory above 1 GB is 65536 by default
Directory/proc/sys/net/ipv4/netfilter/
File exists only when the firewall is enabled
Name
Default Value
Recommended Value
Description
Ip_conntrack_max
65536
65536
The maximum number of ipv4 connections supported by the system. The default value is 65536 (in fact, this is also the theoretical maximum value). This value is related to your memory size. If the memory is 128 MB, the maximum value is 8192, memory above 1 GB is 65536 by default. This value is limited by/proc/sys/net/ipv4/ip_conntrack_max
Ip_conntrack_tcp_timeout_established
432000
180
The timeout time of the established tcp connection. The default value is 432000, which is 5 days. Impact: if this value is too large, some connections that may no longer be used are resident in the memory, occupying a large amount of linked resources, which may cause the problem of NAT ip_conntrack: table full. Suggestion: When the NAT load is relatively small than the local NAT table, you may need to reduce this value to clear the connection as soon as possible to ensure available connection resources. If not, do not modify
Ip_conntrack_tcp_timeout_time_wait
120
120
Time_wait status timeout time. After this time, the connection is cleared.
Ip_conntrack_tcp_timeout_close_wait
60
60
Close_wait status timeout time. After this time, the connection is cleared.
Ip_conntrack_tcp_timeout_fin_wait
120
120
Fin_wait status timeout time. After this time, the connection is cleared.
File directory/proc/sys/net/core/
Name
Default Value
Recommended Value
Description
Netdev_max_backlog
1024
16384
When each network interface receives packets faster than the kernel processes these packets, the maximum number of packets allowed to be sent to the queue is increased. For heavy load servers, this value needs to be increased a little.
Somaxconn
128
16384
It is used to limit the maximum number of data packets in a listener (LISTEN) queue. If the maximum number is exceeded, the connection times out or the retransmission mechanism is triggered.
By default, the backlog of the listen function in web applications limits the net. core. somaxconn of kernel parameters to 128. nginx defines NGX_LISTEN_BACKLOG as 511 by default, so it is necessary to adjust this value. Adding this value to busy servers helps improve network performance.
Wmem_default
129024
129024
Default sending window size (in bytes)
Rmem_default
129024
129024
Default receiving window size (in bytes)
Rmem_max
129024
873200
Maximum TCP Data receiving buffer
Wmem_max
129024
873200
Maximum TCP data sending Buffer
2. Two Kernel Parameter Modification methods:
1. Use the echo value Method to directly append data to a file, such as echo "1">/proc/sys/net/ipv4/tcp_syn_retries. However, after the device is restarted, the default value is restored.
2. Add the parameter to/etc/sysctl. conf and run sysctl-p to make the parameter take effect permanently.
3. kernel production environment optimization parameters
The parameters listed here are commonly used in the production of Old Boys:
Net. ipv4.tcp _ syn_retries = 1
Net. ipv4.tcp _ synack_retries = 1
Net. ipv4.tcp _ keepalive_time = 600
Net. ipv4.tcp _ keepalive_probes = 3
Net. ipv4.tcp _ keepalive_intvl = 15
Net. ipv4.tcp _ retries2 = 5
Net. ipv4.tcp _ fin_timeout = 2
Net. ipv4.tcp _ max_tw_buckets = 36000
Net. ipv4.tcp _ tw_recycle = 1
Net. ipv4.tcp _ tw_reuse = 1
Net. ipv4.tcp _ max_orphans = 32768
Net. ipv4.tcp _ syncookies = 1
Net. ipv4.tcp _ max_syn_backlog = 16384
Net. ipv4.tcp _ wmem = 8192 131072 16777216
Net. ipv4.tcp _ rmem = 32768 131072 16777216
Net. ipv4.tcp _ mem = 786432 1048576 1572864
Net. ipv4.ip _ local_port_range = 1024 65000
Net. ipv4.ip _ conntrack_max = 65536
Net. ipv4.netfilter. ip_conntrack_max = 65536
Net. ipv4.netfilter. ip_conntrack_tcp_timeout_established = 180
Net. core. somaxconn = 16384
Net. core. netdev_max_backlog = 16384
Compared with the production environment optimization parameters of other people on the Internet, the parameters to be optimized are basically the same, but the values change accordingly. For specific optimization values, refer to the Application Scenario. Here, we only list the common optimization parameters. If they are suitable, you can view the parameter description above. After understanding them, set them based on your production environment.
Other articles on Linux Kernel Parameter Adjustment:
Linux Kernel Parameter Optimization
Http://flandycheng.blog.51cto.com/855176/476769
Optimize linux kernel parameters to improve server concurrent processing capability
Http://www.ha97.com/4396.html
Nginx optimizes web Server Linux Kernel Parameters
Http://blog.csdn.net/force_eagle/article/details/6725243
This article from the "this is my hometown" blog, please be sure to keep this source http://yangrong.blog.51cto.com/6945369/1321594