Linux kernel parameter optimization

This article is reserved for your usual use.

Reference article:

Linux kernel tcp correlation parameter explanation

Http://os.chinaunix.net/a2008/0918/985/000000985483.shtml

Linux kernel parameter optimization

Http://blog.chinaunix.net/uid-29081804-id-3830203.html

Linux kernel tuning and kernel parameter explanation

http://blog.csdn.net/cnbird2008/article/details/4419354

1. Linux kernel parameter Comment

The red font in the following table is a common optimization parameter

Sorting tables According to the directory in which the parameter files are located

directory where the following files are located:/proc/sys/net/ipv4/

Name	Default value	Recommended values	Describe
Tcp_syn_retries	5	1	For a new connection, the kernel will send a number of SYN connection requests before deciding to discard. should not be greater than 255, the default value is 5, which corresponds to about 180 seconds of time. (This value is high for networks with good physical communication for heavy loads and can be modified to 2. This value is only for external connections, the connection to come in, is determined by Tcp_retries1 )
Tcp_synack_retries	5	1	For a remote connection request SYN, the kernel sends a SYN + ACK datagram to confirm receipt of the last SYN connection request packet. This is the second step of the so-called three-time handshake (threeway handshake) mechanism. This determines the number of syn+ack that the kernel sends before discarding the connection. should not be greater than 255, the default value is 5, which corresponds to about 180 seconds of time.
Tcp_keepalive_time	7200	600	The interval of time (in seconds) that TCP sends keepalive probe messages to confirm that the TCP connection is valid. An attack that prevents connections but does not send data on both sides.
Tcp_keepalive_probes	9	3	The interval of time (in seconds) that TCP sends keepalive probe messages to confirm that the TCP connection is valid.
Tcp_keepalive_intvl	75	15	When the probe message is not responding, the time interval (in seconds) for the message to be re-sent. The default value is 75 seconds. (For normal applications, this value is somewhat larger and can be changed as needed.) in particular, the Web Class Server needs to be smaller, 15 is a more appropriate value)
Tcp_retries1	3	3	How many retries are required before giving up a response to a TCP connection request. The minimum value for RFC is 3
Tcp_retries2	15	5	How many retries are required before a TCP connection that is activated (established communication state) is discarded. The default value is 15, which is determined by the RTO value, which is equivalent to 13-30 minutes (RFC1122, which must be greater than 100 seconds). (This value is based on the current network settings, can be appropriately changed to small, my network changes in order to 5)
Tcp_orphan_retries	7	3	How many retries to make before the near-end drops the TCP connection. The default value is 7, which is equivalent to 50 seconds-16 minutes, depending on the RTO. If your system is a heavily loaded Web server, you may need to lower this value, which can be a lot of resource-intensive sockets. In addition, the examination Tcp_max_orphans. (In fact, when doing NAT, reducing this value is also a significant benefit, I myself in the network environment to reduce the value of 3)
Tcp_fin_timeout	60	2	For a socket connection that is disconnected at this end, TCP remains in the Fin-wait-2 state for the time. The other person may be disconnected or have not ended the connection or the unpredictable process has died. The default value is 60 seconds.
Tcp_max_tw_buckets	180000	36000	The maximum number of timewait sockets the system is processing at the same time. If this number is exceeded, the,time-wait socket is immediately removed and a warning message is displayed. The reason to set this limit is purely to protect against simple DoS attacks, but if the network conditions need to be more than the default value, you can increase it (and perhaps increase the memory). (In fact, it is best to increase the value appropriately when doing NAT)
Tcp_tw_recycle	0	1	Turn on quick time-wait sockets recycling. Do not modify this value unless you are advised or requested by a technical expert. (It is recommended to open it when doing a NAT)
Tcp_tw_reuse	0	1	Indicates whether to allow the re-application of a socket in the time-wait state for a new TCP connection (this is very helpful in situations where a prompt restart of some services, prompting the port is already in use)
Tcp_max_orphans	8192	32768	The maximum number of TCP sockets that the system can handle that is not part of any process. If this amount is exceeded, then the connection that is not part of any process is immediately reset and a warning message is displayed. The reason to set this limit is simply to resist those simple DoS attacks, and do not rely on this or artificially reduce the limit. This value should be increased if the memory is large. (This value is set to 32768 in the as version, but when many firewalls are modified, it is recommended that the value be modified to 2000) Redhat
Tcp_abort_on_overflow	0	0	When the daemon is too busy to accept the new connection, as if the other party sends the reset message, the default value is False. This means that when the cause of the overflow is due to an accidental burst, then the connection will revert to the state. This option is only turned on when you are sure that the daemon is really unable to complete the connection request, which affects the customer's use. (when dealing with services such as a fully loaded Sendmail,apache, this allows the client to terminate the connection quickly, allowing the service program to handle the existing connection buffer, so many firewalls recommend opening it)
Tcp_syncookies	0	1	This will only occur if Config_syncookies is selected at kernel compile time. When the SYN wait queue appears overflow, the syncookies is sent like the other. The aim is to prevent SYN flood attacks.
Tcp_stdurg	0	0	Use the host Request interpretation feature in the TCP Urg pointer field. Most hosts use an old BSD explanation, so if you open it on Linux, you may not be able to communicate with them correctly.
Tcp_max_syn_backlog	1024x768	16384	For those connection requests that still have not been confirmed by the client, the maximum number of queues that need to be saved. For systems that exceed  128Mb  memory, the default value is  1024 , below  128Mb   128. If the server is overloaded frequently, try increasing this number. Warning! If you set this value to greater than  1024, it is best to modify the tcp_synq_hsize, inside the include/net/tcp.h to keep the tcp_synq_hsize*16 (SYN flood attack exploit the TCP protocol to scatter the handshake defect, Forgery of false source IP addresses sends a large number of Tcp-syn semi-open connections to the target system, eventually causing the target system socket queue resource to be exhausted and unable to accept new connections. In order to deal with this attack, modern UNIX systems generally use multi-connection queue processing to buffer (rather than resolve) this attack, is to use a basic queue to handle the normal full-connected application (connect () and accept ()), is to use another queue to separate semi-open connections. This dual-queue approach, combined with some other system kernel measures (such as syn-cookies/caches), can be used to mitigate small-scale SYN flood attacks more effectively (facts prove)
Tcp_window_scaling	1	1	This file indicates whether the sliding window size of the TCP/IP session is set to variable. The value of the parameter is a Boolean value, 1 is variable, and 0 indicates immutable. TCP/IP typically uses a maximum of 65535 bytes of Windows, which may be too small for high-speed networks, which, if enabled, can increase the TCP/IP sliding window size by several orders of magnitude, thereby increasing the ability to transmit data (RFC 1323). (for the average hundred m network, the shutdown will reduce the overhead, so if it is not a high-speed network, you can consider setting it to 0)
Tcp_timestamps	1	1	Timestamps is used in other things to guard against forged sequence numbers. A 1G broadband line may re-encounter the old sequence number with out-of-line value (if it was due to the last generation). Timestamp will let it know it's an ' old bag '. (This file indicates whether it is enabled to enable calculation of RTT in a more precise way than a time-out, RFC 1323); This option should be enabled for better performance. )
Tcp_sack	1	1	Using selective ack, It can be used to find a specific missing datagram---so it helps to recover the status quickly. This file indicates whether a selective answer (selective acknowledgment) is enabled, which can improve performance by selectively answering packets received by a random order (which allows the sender to send only the missing segment). (This option should be enabled for WAN traffic, but this increases CPU usage.) )
Tcp_fack	1	1	Open Fack congestion avoidance and fast retransmission function. (Note that this value, even if set to 1, is not valid when Tcp_sack is set to 0) [This is the core function of TCP connection]
Tcp_dsack	1	1	Allow TCP to send "two identical" sack.
Tcp_ecn	0	0	TCP's direct congestion notification feature.
Tcp_reordering	3	6	The maximum number of reordered datagrams in the TCP stream. (It is generally recommended to adjust this value slightly larger, such as 5)
Tcp_retrans_collapse	1	0	For some bugs, the printer provides compatibility for its bugs. (This support is generally not required, you can close it)
Tcp_wmem : min default Max	4096 16384 131072	8192 131072 16777216	Send cache settings min: Reserve the minimum amount of memory used for sending buffers for TCP sockets. Each TCP socket can be used after it is recommended. The default value is 4096 (4K). Default: The amount of memory reserved for a TCP socket for sending buffering, which, by default, affects the Net.core.wmem_default value used by other protocols, typically lower than the value of Net.core.wmem_default. The default value is 16384 (16K). The max:  the maximum memory value for the TCP socket send buffer. This value does not affect Net.core.wmem_max, and the "static" selection parameter so_sndbuf is not affected by this value. The default value is 131072 (128K). (for the server, increasing the value of this parameter is useful for sending data in my network environment, modified in order to 51200 131072 204800)
Tcp_ R mem : min default Max	4096 87380 174760	32768 131072 16777216	Receive Cache settings Same as Tcp_wmem
Tcp_mem : min default Max	calculated based on memory	786432 1048576 1572864	Low : TCP does not consider freeing memory when TCP uses a number of memory pages below that value. That is, there is no memory pressure below this value. (Ideally, this value should match the 2nd value assigned to TCP_WMEM-this 2nd value indicates that the maximum page size is multiplied by the maximum number of concurrent requests divided by the page size (131072 * 300/4096).) pressure : When TCP uses more memory pages than this value, TCP attempts to stabilize its memory usage, enters pressure mode, and exits the pressure state when memory consumption falls below the low value. (Ideally this value should be the maximum amount of total buffer size that TCP can use (204800 * 300/4096).) High : Allows all TCP sockets to be used to queue the amount of paged datagrams. (If this value is exceeded, the TCP connection will be rejected, which is why you should not make it too conservative (512000 * 300/4096).) In this case, the value provided is very large, it can handle many connections, is expected 2.5 times times, or so that the existing connection can transmit 2.5 times times the data. My network is 192000 300000 732000) In general, these values are calculated based on the amount of system memory at system startup.
Tcp_app_win	31	31	Keep Max (Window/2^tcp_app_win, MSS) number of Windows due to application buffering. When 0 indicates that no buffering is required.
Tcp_adv_win_scale	2	2	Calculate the buffering overhead bytes/2^tcp_adv_win_scale (if Tcp_adv_win_scale > 0) or bytes-bytes/2^ (-tcp_adv_win_scale) (If Tcp_adv_win_ Scale boolean>0)
Tcp_low_latency	0	0	Allow TCP/IP stacks to accommodate low latency in high throughput situations; This option is disabled for general scenarios. (but it's helpful to open it when building a Beowulf cluster)
Tcp_westwood	0	0	Enables the sender-side congestion control algorithm, which maintains the evaluation of throughput and attempts to optimize the overall utilization of bandwidth, which should be enabled for WAN traffic.
Tcp_bic	0	0	Enables Binary increase congestion for fast, long-distance networks, which makes better use of links that operate at GB speed, which should be enabled for WAN traffic.
Ip_forward	0	－	NAT must turn on IP forwarding support, write this value 1
ip_local_port_range: Minmax	32768 61000	1024 65000	Represents the range of ports used for outward connection, which is smaller by default and is also used indirectly for NAT table sizing.
Ip_conntrack_max	65535	65535	The system supports the maximum number of IPv4 connections, the default 65536 (in fact this is also the theoretical maximum), and this value and your memory size, if the memory 128M, the value of the maximum 8192,1g memory This value is the default 65536

The directory/proc/sys/net/ipv4/netfilter/

File needs to be open for firewall to exist

Name	Default value	Recommended values	Describe
Ip_conntrack_max	65536	65536	The system supports the maximum number of IPv4 connections, the default 65536 (in fact, this is also the theoretical maximum), and this value and your memory size, if the memory 128M, the value of the maximum 8192,1g memory This value is the default of 65536, this value by/proc/sys/net/ Ipv4/ip_conntrack_max restrictions
Ip_conntrack_tcp_timeout_established	432000	180	The time-out for the established TCP connection, which is the default of 432000, which is 5 days. Impact: This value is too large to cause some connections that may already be unused to reside in memory, consuming a significant number of linked resources, which could lead to Nat ip_conntrack:table full issues. Recommendation: When the NAT load is very tight relative to the native Nat table size, you may want to consider narrowing this value to clear the connection as early as possible and ensure that the connection resources are available; If you are not nervous, you do not have to modify
Ip_conntrack_tcp_timeout_time_wait	120	120	Time_wait status Timeout, which clears the connection over that time
Ip_conntrack_tcp_timeout_close_wait	60	60	Close_wait status Timeout, which clears the connection over that time
Ip_conntrack_tcp_timeout_fin_wait	120	120	Fin_wait status Timeout, which clears the connection over that time

The directory where the file is located/proc/sys/net/core/

Name	Default value	Recommended values	Describe
Netdev_max_backlog	1024	16384	Each network interface receives a packet at a rate higher than the rate at which the kernel processes these packets, allowing the maximum number of packets to be sent to the queue, which needs to be increased for heavy-duty servers.
Somaxconn	128	16384	To limit the number of maximum packets in the Listening (LISTEN) queue, exceeding this number will cause the link to time out or trigger a retransmission mechanism. The backlog of LISTEN functions in Web applications restricts the net.core.somaxconn of our kernel parameters to 128, and the Nginx-defined ngx_listen_backlog defaults to 511, so it is necessary to adjust this value. For busy servers, increase this value to help network performance
Wmem_default	129024	129024	Default Send window Size (in bytes)
Rmem_default	129024	129024	Default Receive window Size (in bytes)
Rmem_max	129024	873200	The largest TCP data receive buffer
Wmem_max	129024	873200	Maximum TCP data Send buffer

2, the core production environment optimization parameters

The parameters listed here are the usual parameters of the old boys ' teacher production:

Net.ipv4.tcp_syn_retries = 1

Net.ipv4.tcp_synack_retries = 1

Net.ipv4.tcp_keepalive_time = 600

Net.ipv4.tcp_keepalive_probes = 3

NET.IPV4.TCP_KEEPALIVE_INTVL =15

Net.ipv4.tcp_retries2 = 5

Net.ipv4.tcp_fin_timeout = 2

Net.ipv4.tcp_max_tw_buckets = 36000

Net.ipv4.tcp_tw_recycle = 1

Net.ipv4.tcp_tw_reuse = 1

Net.ipv4.tcp_max_orphans = 32768

Net.ipv4.tcp_syncookies = 1

Net.ipv4.tcp_max_syn_backlog = 16384

Net.ipv4.tcp_wmem = 8192 131072 16777216

Net.ipv4.tcp_rmem = 32768 131072 16777216

Net.ipv4.tcp_mem = 786432 1048576 1572864

Net.ipv4.ip_local_port_range = 1024 65000

Net.ipv4.ip_conntrack_max = 65536

net.ipv4.netfilter.ip_conntrack_max=65536

net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=180

Net.core.somaxconn = 16384

Net.core.netdev_max_backlog = 16384

Compared with other people's production environment optimization parameters on the Internet, the parameters need to be optimized basically almost, but the value has a corresponding change. The specific optimization values to refer to the application scenario, listed here is only the usual optimization parameters, whether appropriate, you can view the parameter description, understanding, and then according to their production environment and set.

Other relevant Linux kernel parameter tuning articles:

Linux kernel parameter optimization

http://flandycheng.blog.51cto.com/855176/476769

Optimize kernel parameters of Linux to improve server concurrent processing power

Http://www.ha97.com/4396.html

Nginx to do Web server Linux kernel parameter optimization

http://blog.csdn.net/force_eagle/article/details/672524

Linux kernel parameter optimization