Linux Kernel Parameter comments and Optimization

Source: Internet
Author: User

Directory

1. Linux Kernel Parameter Annotation

2. Two Kernel Parameter Modification Methods

3. kernel Optimization Parameter production Configuration

Parameter explanations are collected and organized on the network. Common optimization parameters are compared to the tables of multiple online applications to make viewing more intuitive.

I have been learning linux for quite some time. Every time I optimize linux kernel parameters, I copy them online and even ignore the parameters not listed by others. Don't I need them anymore?

References:

Linux Kernel TCP Parameters

Http:// OS .chinaunix.net/a2008/0918/985/000000985483.shtml

Linux Kernel Parameter Optimization

Http://blog.chinaunix.net/uid-29081804-id-3830203.html

Linux Kernel adjustment and Kernel Parameters

Http://blog.csdn.net/cnbird2008/article/details/4419354

1. Linux Kernel Parameter Annotation

The red font in the following table shows common optimization parameters.

Sort table shards according to the directory of the parameter files

Directory of the following files:/proc/sys/net/ipv4/

Name

Default Value

Recommended Value

Description

Tcp_syn_retries

5

1

For a new connection, the kernel determines how many SYN connection requests are sent before giving up. It should not be greater than 255. The default value is 5, corresponding to the left-right time of 180 seconds .. (For a network with high load and good physical communication, this value is too high and can be changed to 2. This value is only for external connections. The incoming connections are determined by tcp_retries1)

Tcp_synack_retries

5

1

For the remote connection request SYN, the kernel sends the SYN + ACK datagram to confirm receipt of the previous SYN connection request packet. This is the second step of the so-called threeway handshake mechanism. The number of SYN + ACK sent by the kernel before the connection is abandoned. It should not be greater than 255. The default value is 5, corresponding to the left-right time of 180 seconds.

Tcp_keepalive_time

7200

600

The interval (in seconds) between the TCP send keepalive detection message and is used to confirm whether the TCP connection is valid.

Prevents connection between the two sides but does not send data.

Tcp_keepalive_probes

9

3

The interval (in seconds) between the TCP send keepalive detection message and is used to confirm whether the TCP connection is valid.

Tcp_keepalive_intvl

75

15

Interval (in seconds) for resending a message when no response is received ). The default value is 75 seconds. (For common applications, this value is too large and can be changed as needed. Especially for web servers, this value needs to be changed to a smaller value. 15 is a suitable value)

Tcp_retries1

3

3

How many retries are required before a TCP connection request is returned. The minimum RFC value is 3.

Tcp_retries2

15

5

How many retries are required before discarding a TCP connection that has been activated (communication status established. The default value is 15, which is determined by the RTO value, equivalent to 13-30 minutes (RFC1122 requires that the value must be greater than 100 seconds ). (This value can be adjusted to 5 according to the current network settings)

Tcp_orphan_retries

7

3

How many retries are required before the TCP connection is discarded in the near-end. The default value is 7, which is equivalent to 50 seconds to 16 minutes, depending on RTO. If your system is a web server with a large load, you may need to reduce this value. Such sockets may consume a lot of resources. In addition, tcp_max_orphans. (In fact, lowering the value of NAT is also a significant benefit. In my own network environment, reducing the value to 3)

Tcp_fin_timeout

60

2

For local-end closed socket connections, TCP stays in the FIN-WAIT-2 state. The other party may disconnect or never end the connection or unexpected process will die. The default value is 60 seconds.

Tcp_max_tw_buckets

180000

36000

The maximum number of timewait sockets simultaneously processed by the system. If this number is exceeded, the time-wait socket is immediately cut down and a warning message is displayed. The reason for setting this limit is purely to defend against simple DoS attacks. However, if more network conditions are required than the default value, you can increase the limit (or increase the memory ). (In fact, it is best to add this value when performing NAT)

Tcp_tw_recycle

0

1

Enable quick TIME-WAIT sockets recycle. Do not modify this value unless you are advised or requested by a technical expert. (We recommend that you enable it when performing NAT)

Tcp_tw_reuse

0

1

Indicates whether to allow re-application of a socket in the TIME-WAIT status to be used for a New TCP connection (this is very helpful for restarting some services quickly, and it prompts that the port has been used after startup)

Tcp_max_orphans

8192

32768

The maximum number of TCP sockets that the system can process for any process. If this number is exceeded, connections that do not belong to any process will be immediately reset and a warning will be displayed. To defend against simple DoS attacks, do not rely on this restriction or manually reduce it. This value should be increased if the memory size is greater. (This value is set to 32768 in the Redhat AS version, but we recommend that you change this value to 2000 when many firewalls are modified)

Tcp_abort_on_overflow

0

0

When the daemon is too busy to accept new connections, it is like the other party sending a reset message. The default value is false. This means that when the cause of overflow is an accidental burst, the connection will be restored. This option is enabled only when you are sure that the daemon cannot complete the connection request. This option affects your use. (For services such as sendmail and apache that are already fully loaded, this can quickly cause the client to terminate the connection and give the service program the opportunity to process the buffer of existing connections. Therefore, we recommend that you enable sendmail on many firewalls)

Tcp_syncookies

0

1

Only CONFIG_SYNCOOKIES are selected during kernel compilation. Syncookies are sent when the syn wait queue overflows. The objective is to prevent syn flood attacks.

Tcp_stdurg

0

0

Use the host request interpretation function in the TCP urg pointer field. Most hosts use old BSD interpretations, So if you open it in Linux, it may lead to a failure to communicate with them correctly.

Tcp_max_syn_backlog

1024

16384

The maximum number of connection requests that are still not confirmed by the client must be saved in the queue. For systems with over 128 Mb of memory, the default value is 1024. For systems with less than 128 Mb of memory, the default value is 128. If the server is overloaded frequently, add this number. Warning if you set this value to greater than 1024, it is best to modify include/net/tcp. h inside the TCP_SYNQ_HSIZE, to keep the TCP_SYNQ_HSIZE * 16 (SYN Flood attack using TCP spread handshake defects, counterfeit fake source IP address sent a large number of TCP-SYN half open to connect to the target system, eventually, the target system's Socket queue resources are exhausted and new connections cannot be accepted. To cope with such attacks, modern Unix systems generally use multi-connection queue processing to buffer (rather than solve) such attacks, it is a fully connected application (Connect () and Accept () that processes normally using a basic queue. It is a semi-open connection that is separately stored in another queue. This dual-queue processing method can effectively mitigate small-scale Syn Flood attacks when combined with other system kernel measures (such as SYN-Cookies/Caches) (it turns out)

Tcp_window_scaling

1

1

This file indicates whether the size of the hop window of the TCP/IP session is variable. The parameter value is a Boolean value. If it is 1, it indicates variable. If it is 0, it indicates non-variable. TCP/IP usually uses a window of up to 65535 bytes. for high-speed networks, this value may be too small. If this function is enabled, the TCP/IP sliding window size can be increased by several orders of magnitude to improve the data transmission capability (RFC 1323 ). (For an ordinary M network, disabling it will reduce the overhead, so if it is not a high-speed network, you can consider setting it to 0)

Tcp_timestamps

1

1

Timestamps is used in other things to prevent forged sequence numbers. A 1g broadband line may re-encounter an old sequence number with an out-of-line value (if it was generated last time ). Timestamp will let it know that this is an 'old package '. (This file indicates whether to enable RTT computing in a more accurate way than timeout resend (RFC 1323). This option should be enabled for better performance .)

Tcp_sack

1

1

Using Selective ACK, it can be used to find specific lost data packets-so it helps to quickly restore the status. This file indicates whether Selective Acknowledgment is enabled ), this can improve the performance by selectively responding to messages received in disordered Order (this allows the sender to send only lost packets ). (This option should be enabled for Wan communication, but this will increase CPU usage .)

Tcp_fack

1

1

Enable the FACK congestion avoidance and fast retransmission functions. (Note: When tcp_sack is set to 0, this value is invalid even if it is set to 1) [This is a reliable core function of TCP connections]

Tcp_dsack

1

1

Allow TCP to send "two identical" SACK messages.

Tcp_ecn

0

0

The direct Congestion Notification function of TCP.

Tcp_reordering

3

6

Maximum number of datagram in a TCP stream. (We recommend that you slightly adjust this value, for example, 5)

Tcp_retrans_collapse

1

0

It provides compatibility with bugs for some printers. (You can disable this feature if you do not need this feature)

Tcp_wmem: mindefamax Max

4096

16384

131072

8192

131072

16777216

Sending cache settings

Min: The minimum memory size reserved for the TCP socket for sending buffering. Each tcp socket can be used later. The default value is 4096 (4 K ).

Default: The amount of memory reserved for the TCP socket for sending buffering. By default, this value affects the net. core. wmem_default value, generally lower than net. core. the value of wmem_default. The default value is 16384 (16 K ).

Max: maximum memory used for TCP socket sending buffer. This value does not affect net. core. wmem_max. The "static" parameter SO_SNDBUF is not affected. The default value is 131072 (128 K ). (For the server, adding this parameter value is helpful for sending data. In my network environment, it is changed to 51200 131072 204800)

Tcp_rmem: mindefamax Max

4096

87380

174760

32768

131072

16777216

Receiving cache settings

Same as tcp_wmem

Tcp_mem: mindefamax Max

Based on memory computing

786432

1048576 1572864

Low: when TCP uses the number of memory pages lower than this value, TCP does not consider releasing the memory. That is, there is no memory pressure lower than this value. (Ideally, this value should match the 2nd values specified to tcp_wmem-The 2nd values indicate that, the maximum page size multiplied by the maximum number of concurrent requests divided by the page size (131072*300/4096 ). )

Pressure: when TCP uses the number of memory pages that exceed this value, TCP tries to stabilize its memory usage and enters the pressure mode. When the memory consumption is lower than the low value, it exits the pressure state. (Ideally, this value is the maximum buffer size (204800*300/4096) that can be used by TCP ). )

High: the number of pages that allow all tcp sockets to be used for queuing and buffering data packets. (If this value is exceeded, the TCP connection will be rejected, which is why it should not be too conservative (512000*300/4096. In this case, it provides a great deal of value. It can process many connections, which is 2.5 times as expected; or it can make existing connections transmit 2.5 times of data. My network is 192000 300000 732000)

Generally, these values are calculated based on the number of system memory at system startup.

Tcp_app_win

31

31

Retain the max (window/2 ^ tcp_app_win, mss) Number of Windows due to application buffering. If the value is 0, no buffer is required.

Tcp_adv_win_scale

2

2

Computing buffer overhead bytes/2 ^ tcp_adv_win_scale (if tcp_adv_win_scale> 0) or bytes-bytes/2 ^ (-tcp_adv_win_scale) (if tcp_adv_win_scale BOOLEAN> 0)

Tcp_low_latency

0

0

Allow TCP/IP stack to adapt to low latency in high throughput; this option is generally disabled. (But it is helpful to open the Beowulf cluster when building it)

Tcp_westwood

0

0

Enable the sender's congestion control algorithm to maintain the throughput evaluation and try to optimize the overall bandwidth utilization. This option should be enabled for WAN communication.

Tcp_bic

0

0

Enable Binary Increase Congestion for a fast long-distance network; this allows for better access to links for operations at the GB speed; this option should be enabled for WAN communication.

Ip_forward

0

-

The IP Forwarding support must be enabled for NAT. Set this value to 1.

Ip_local_port_range: minmax

32768

61000

1024

65000

Indicates the port range used for external connection. The default value is small. This range is also indirectly used for the NAT table size.

Ip_conntrack_max

65535

65535

The maximum number of ipv4 connections supported by the system. The default value is 65536 (in fact, this is also the theoretical maximum value). This value is related to your memory size. If the memory is 128 MB, the maximum value is 8192, memory above 1 GB is 65536 by default

Directory/proc/sys/net/ipv4/netfilter/

File exists only when the firewall is enabled

Name

Default Value

Recommended Value

Description

Ip_conntrack_max

65536

65536

The maximum number of ipv4 connections supported by the system. The default value is 65536 (in fact, this is also the theoretical maximum value). This value is related to your memory size. If the memory is 128 MB, the maximum value is 8192, memory above 1 GB is 65536 by default. This value is limited by/proc/sys/net/ipv4/ip_conntrack_max

Ip_conntrack_tcp_timeout_established

432000

180

The timeout time of the established tcp connection. The default value is 432000, which is 5 days. Impact: if this value is too large, some connections that may no longer be used are resident in the memory, occupying a large amount of linked resources, which may cause the problem of NAT ip_conntrack: table full. Suggestion: When the NAT load is relatively small than the local NAT table, you may need to reduce this value to clear the connection as soon as possible to ensure available connection resources. If not, do not modify

Ip_conntrack_tcp_timeout_time_wait

120

120

Time_wait status timeout time. After this time, the connection is cleared.

Ip_conntrack_tcp_timeout_close_wait

60

60

Close_wait status timeout time. After this time, the connection is cleared.

Ip_conntrack_tcp_timeout_fin_wait

120

120

Fin_wait status timeout time. After this time, the connection is cleared.

File directory/proc/sys/net/core/

Name

Default Value

Recommended Value

Description

Netdev_max_backlog

1024

16384

When each network interface receives packets faster than the kernel processes these packets, the maximum number of packets allowed to be sent to the queue is increased. For heavy load servers, this value needs to be increased a little.

Somaxconn

128

16384

It is used to limit the maximum number of data packets in a listener (LISTEN) queue. If the maximum number is exceeded, the connection times out or the retransmission mechanism is triggered.

By default, the backlog of the listen function in web applications limits the net. core. somaxconn of kernel parameters to 128. nginx defines NGX_LISTEN_BACKLOG as 511 by default, so it is necessary to adjust this value. Adding this value to busy servers helps improve network performance.

Wmem_default

129024

129024

Default sending window size (in bytes)

Rmem_default

129024

129024

Default receiving window size (in bytes)

Rmem_max

129024

873200

Maximum TCP Data receiving buffer

Wmem_max

129024

873200

Maximum TCP data sending Buffer

2. Two Kernel Parameter Modification methods:

1. Use the echo value Method to directly append data to a file, such as echo "1">/proc/sys/net/ipv4/tcp_syn_retries. However, after the device is restarted, the default value is restored.

2. Add the parameter to/etc/sysctl. conf and run sysctl-p to make the parameter take effect permanently.

3. kernel production environment optimization parameters

The parameters listed here are commonly used in the production of Old Boys:

Net. ipv4.tcp _ syn_retries = 1

Net. ipv4.tcp _ synack_retries = 1

Net. ipv4.tcp _ keepalive_time = 600

Net. ipv4.tcp _ keepalive_probes = 3

Net. ipv4.tcp _ keepalive_intvl = 15

Net. ipv4.tcp _ retries2 = 5

Net. ipv4.tcp _ fin_timeout = 2

Net. ipv4.tcp _ max_tw_buckets = 36000

Net. ipv4.tcp _ tw_recycle = 1

Net. ipv4.tcp _ tw_reuse = 1

Net. ipv4.tcp _ max_orphans = 32768

Net. ipv4.tcp _ syncookies = 1

Net. ipv4.tcp _ max_syn_backlog = 16384

Net. ipv4.tcp _ wmem = 8192 131072 16777216

Net. ipv4.tcp _ rmem = 32768 131072 16777216

Net. ipv4.tcp _ mem = 786432 1048576 1572864

Net. ipv4.ip _ local_port_range = 1024 65000

Net. ipv4.ip _ conntrack_max = 65536

Net. ipv4.netfilter. ip_conntrack_max = 65536

Net. ipv4.netfilter. ip_conntrack_tcp_timeout_established = 180

Net. core. somaxconn = 16384

Net. core. netdev_max_backlog = 16384

Compared with the production environment optimization parameters of other people on the Internet, the parameters to be optimized are basically the same, but the values change accordingly. For specific optimization values, refer to the Application Scenario. Here, we only list the common optimization parameters. If they are suitable, you can view the parameter description above. After understanding them, set them based on your production environment.

Other articles on Linux Kernel Parameter Adjustment:

Linux Kernel Parameter Optimization

Http://flandycheng.blog.51cto.com/855176/476769

Optimize linux kernel parameters to improve server concurrent processing capability

Http://www.ha97.com/4396.html

Nginx optimizes web Server Linux Kernel Parameters

Http://blog.csdn.net/force_eagle/article/details/6725243

This article from the "this is my hometown" blog, please be sure to keep this source http://yangrong.blog.51cto.com/6945369/1321594

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.