Linux Kernel Optimization

Linux Kernel Optimization

Kernel. Shmall = 268435456

Net. ipv4.tcp _ syncookies = 1

Net. ipv4.tcp _ tw_reuse = 1

Net. ipv4.tcp _ tw_recycle = 1

Net. ipv4.tcp _ fin_timeout = 30

Net. ipv4.tcp _ keepalive_time = 1200

Net. ipv4.ip _ local_port_range = 1024 65000

Net. ipv4.tcp _ max_tw_buckets = 5000

Net. ipv4.tcp _ max_tw_buckets = 5000

Net. ipv4.tcp _ fin_timeout = 30

Net. ipv4.tcp _ keepalive_time = 300

Net. ipv4.tcp _ syncookies = 1

Net. ipv4.tcp _ tw_reuse = 1

Net. ipv4.tcp _ tw_recycle = 1

Net. ipv4.ip _ local_port_range = 5000 65000

Net. ipv4.tcp _ mem = 786432 1048576 1572864

Net. Core. wmem_max = 873200

Net. Core. rmem_max = 873200

Net. ipv4.tcp _ WMEM = 8192 436600 873200

Net. ipv4.tcp _ rmem = 32768 436600 873200

Net. Core. somaxconn = 256

Net. Core. netdev_max_backlog = 1000

Net. ipv4.tcp _ max_syn_backlog = 2048

Net. ipv4.tcp _ retries2 = 5

Net. ipv4.tcp _ keepalive_time = 500

Net. ipv4.tcp _ keepalive_intvl = 30

Net. ipv4.tcp _ keepalive_probes = 3

Net. ipv4.conf. Lo. arp_ignore = 0

Net. ipv4.conf. Lo. arp_announce = 0

Net. ipv4.conf. All. arp_ignore = 0

Net. ipv4.conf. All. arp_announce = 0

 

Several explanations:

Net. ipv4.tcp _ syncookies = 1

# Enable syn cookies. When a SYN wait queue overflows, cookies are enabled to prevent a small number of SYN attacks. The default value is 0, indicating that the process is disabled;

Net. ipv4.tcp _ tw_reuse = 1

# Indicates enabling reuse. Allow time-Wait sockets to be re-used for a New TCP connection. The default value is 0, indicating that the TCP connection is disabled;

Net. ipv4.tcp _ tw_recycle = 1

# Indicates to enable quick time-Wait sockets recovery in TCP connections. The default value is 0, indicating to disable time-Wait sockets.

Net. ipv4.tcp _ fin_timeout = 30

# Indicates that if the socket is disabled by the local end, this parameter determines the time it remains in the fin-wait-2 state.

Net. ipv4.tcp _ keepalive_time = 1200

# Indicates the frequency of keepalive messages sent by TCP when keepalive is in use. The default value is 2 hours, which is changed to 20 minutes.

Net. ipv4.ip _ local_port_range = 1024 65000

# Indicates the port range used for external connection. The default value is small: 32768 to 61000, Which is changed to 1024 to 65000.

Net. ipv4.tcp _ max_tw_buckets = 5000

# Indicates that the system maintains the maximum number of time_wait sockets at the same time. If this number is exceeded,

# Time_wait socket is immediately cleared and warning information is printed. The default value is 180000, Which is changed to 5000.

# For servers such as Apache and nginx, the number of time_wait sockets can be greatly reduced by parameters in the previous lines,

# However, squid has little effect. This parameter can control the maximum number of time_wait sockets to prevent the squid server from being dragged to death by a large number of time_wait sockets.