In CentOS, kernel optimization. Ideal for servers that optimize TCP/IP connections such as Web servers

Source: Internet
Author: User
Tags ack

This parameter indicates that the operating system allows the maximum number of time_wait sockets, and if this number is exceeded, the time_wait socket is immediately cleared and a warning message is printed. By default 180000, too many time_wait sockets can slow down the Web server.
Net.ipv4.tcp_max_tw_buckets = 1000

The default value is 1, which uses selective ack, it can be used to find a specific missing datagram---and therefore helps to recover the status quickly.
Net.ipv4.tcp_sack = 1

This file indicates whether the sliding window size of the TCP/IP session is set to variable. The value of the parameter is a Boolean value, 1 is variable, and 0 indicates immutable.
net.ipv4.tcp_window_scaling = 1

This parameter defines the minimum, default, maximum value of the TCP accept cache (used for TCP receive sliding windows).
Net.ipv4.tcp_rmem = 4096 8388608 16777216

This parameter defines the minimum, default, maximum value of the TCP send cache (used for TCP send sliding windows).
Net.ipv4.tcp_wmem = 4096 8388608 16777216

Represents the length of the SYN queue, which defaults to 1024, and a larger queue length of 65536, which can accommodate the maximum number of network connections waiting to be connected.
Net.ipv4.tcp_max_syn_backlog = 65536

When a network card receives a packet that is faster than the kernel processing speed, a queue holds the packets. This parameter represents the maximum value of the queue. Default is 1000
Net.core.netdev_max_backlog = 32768

The default parameter of Listen (), the maximum number of pending requests. The default is 128. For busy servers, increase this value to help network performance. Adjustable to 8192.
Net.core.somaxconn = 65535

This parameter indicates the default size of the kernel socket receiving buffer.
Net.core.wmem_default = 8388608

Net.core.rmem_default = 8388608
This parameter indicates the default maximum size of the kernel socket read buffer (buffer).
Net.core.rmem_max = 16777216

This parameter represents the default maximum size of the kernel socket (socket) write buffer (buffer).
Net.core.wmem_max = 16777216

How many retries to make before the near-end drops the TCP connection. The default value is 7, which is equivalent to 50 seconds-16 minutes, depending on the RTO. If your system is a heavily loaded Web server, you may need to lower this value, which can be a resource-intensive sockets
Net.ipv4.tcp_orphan_retries = 3

The file indicates whether to enable a more accurate method than a timeout (see RFC 1323) to enable calculation of RTT; This option should be enabled for better performance. The default value is 1
Net.ipv4.tcp_timestamps = 1

Reduces the time that is in the Fin-wait-2 connection state, allowing the system to handle more connections.
If the socket is closed by the local side, this parameter determines how long it remains in the fin-wait-2 state.
The default value is 60 seconds, which can go wrong and never close the connection, or even accidentally.
2.2 The normal value of the kernel is 180 seconds, you can press this setting, but remember that even if your machine is a light-load Web server, there is a large number of dead sockets and memory overflow risk, fin-wait-2 is less dangerous than fin-wait-1, Because it can only eat up to 1.5K of memory, but they have a longer lifetime.
Net.ipv4.tcp_fin_timeout = 20

Reduce the number of System SYN connection retries (default is 5); In order to open the connection to the end, the kernel needs to send a SYN and attach an ACK that responds to the previous syn. The second handshake in the so-called three-time handshake. This setting determines the number of Syn+ack packets sent before the kernel abandons the connection.
Net.ipv4.tcp_synack_retries = 2

The number of SYN packets sent before the kernel abandons the connection.
Net.ipv4.tcp_syn_retries = 2

Indicates that SYN Cookies are turned on. When a SYN wait queue overflow occurs, cookies are enabled to protect against a small number of SYN attacks, which by default is 0, which means close.
Net.ipv4.tcp_syncookies = 1

Indicates that the fast retract function of time-wait sockets on a TCP connection is turned on, and the default is 0, which means shutdown.
Net.ipv4.tcp_tw_recycle = 1

means to turn on reuse. Allows time-wait sockets to be re-used for new TCP connections, which by default is 0 for shutdown.
Net.ipv4.tcp_tw_reuse = 1

The maximum number of TCP sockets that the system can handle that is not part of any process. If this amount is exceeded, then the connection that is not part of any process is immediately reset and a warning message is displayed. The reason to set this limit is simply to resist those simple DoS attacks, and do not rely on this or artificially reduce the limit. Default setting: 8192
Net.ipv4.tcp_max_orphans = 65535

parameter defines the range of values for the local port in UDP and TCP connections, which is the range of ports allowed for the system to open. Represents the range of ports used for an outward connection. Very small by default: 32768 to 61000
Net.ipv4.ip_local_port_range = 1024 65000

Secure Config

Turn off redirection. If the host network has multiple routers, you set one of them as the default gateway, but when the gateway receives your IP packet, it discovers that the IP packet must go through another router, and the gateway sends a "redirected" ICMP packet to your host, telling the host to forward the packet to another router. 1 indicates that the host accepts such a redirect packet, 0 is ignored, and Linux defaults to 1, which can be set to 0 to eliminate the risk.
Net.ipv4.conf.default.secure_redirects=0
Net.ipv4.conf.default.accept_redirects=0
Net.ipv4.conf.all.accept_redirects=0
Net.ipv4.conf.all.send_redirects=0
Net.ipv4.conf.default.send_redirects=0
Net.ipv4.conf.all.secure_redirects=0
Net.ipv4.conf.all.rp_filter=1
Net.ipv4.conf.default.rp_filter=1

IPV6 settings
Net.ipv6.conf.all.accept_ra=0
Net.ipv6.conf.default.accept_ra=0
Net.ipv6.conf.all.accept_redirects=0
Net.ipv6.conf.default.accept_redirects=0

Also attached is a full version of sysctl.conf
Net.ipv4.tcp_max_tw_buckets = 1000
Net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
Net.ipv4.tcp_rmem = 4096 8388608 16777216
Net.ipv4.tcp_wmem = 4096 8388608 16777216
Net.ipv4.tcp_max_syn_backlog = 65536
Net.core.netdev_max_backlog = 32768
Net.core.somaxconn = 65535
Net.core.wmem_default = 8388608
Net.core.rmem_default = 8388608
Net.core.rmem_max = 16777216
Net.core.wmem_max = 16777216
Net.ipv4.tcp_orphan_retries = 3
Net.ipv4.tcp_timestamps = 1
Net.ipv4.tcp_fin_timeout = 20
Net.ipv4.tcp_synack_retries = 2
Net.ipv4.tcp_syn_retries = 2
Net.ipv4.tcp_syncookies = 1
Net.ipv4.tcp_tw_recycle = 1
Net.ipv4.tcp_tw_reuse = 1
Net.ipv4.tcp_max_orphans = 65535
Net.ipv4.ip_local_port_range = 1024 65000

Net.ipv4.ip_forward = 0
Net.ipv4.conf.default.rp_filter = 1
Net.ipv4.conf.default.accept_source_route = 0
KERNEL.SYSRQ = 0
Kernel.core_uses_pid = 1

NET. IPV4. Tcp_syncookies = 1
KERNEL.MSGMNB = 65536
Kernel.msgmax = 65536
Kernel.shmmax = 68719476736
Kernel.shmall = 4294967296

In CentOS, kernel optimization. Ideal for servers that optimize TCP/IP connections such as Web servers

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.