Linux kernel parameter optimization

If Nginx and other web or other to face high concurrency server, it is important to adjust the file handle and other kernel parts. File handle modified/etc/security/limits.conf,

Add *-Nofile 65535

Then create a new connection to view it with Ulimit-n.

Below I put the kernel parameters and instructions to paste out, this is what I find on the Internet, I tidied up a bit. The original link can not be found, and so on will add. Respect the fruits of others ' work. If there is a misunderstanding, please help me to improve myself.

1. Net.ipv4.ip_forward = 0
Indicates the Enable routing function, 0 is off, 1 is on

2. Net.ipv4.conf.default.rp_filter = 1
Turn on reverse path filtering

3. Net.ipv4.conf.default.accept_source_route = 0
Packages that handle passive routes

4. KERNEL.SYSRQ = 0
function requirements of the control system debug kernel

5. Kernel.core_uses_pid = 1
For debugging multithreaded applications

6. KERNEL.MSGMNB = 65536
Maximum value of all message totals in Message Queuing (msgmnb=64k)

7. Kernel.msgmax = 65536
Specifies the maximum value of messages in Message Queuing in the kernel (msgmax=64k)

8. Kernel.shmmax = 68719476735
is one of the most important parameters in the core parameters, to define the maximum value of a single shared memory segment, 64-bit Linux system: The maximum value is the physical memory value -1byte, the recommended value is more than half of physical memory, the general value is greater than sga_max_size can be taken physical memory -1byte. For example, if you are 64GB of physical memory, it is advisable to 64*1024*1024*1024-1=68719476735

9. Kernel.shmall = 4294967296
This parameter controls the total number of pages of shared memory that can be used. The size of the Linux Shared memory page is 4KB, and the size of the shared memory segment is an integer multiple of the shared memory page size. The maximum size of a shared memory segment is 16G, then the number of shared memory pages is 16gb/4kb=16777216kb/4kb=4194304 (page), which is 64Bit system 16GB physical memory, set Kernel.shmall = 4194304 to meet the (almost twice times the original setting of 2097152)

Ten. Net.ipv4.tcp_max_tw_buckets = 6000
Indicates that the system maintains the maximum number of time_wait at the same time, and if this number is exceeded, time_wait is immediately cleared and the warning message is printed

Net.ipv4.tcp_sack = 1
There is a choice of answer, 1 means yes, 0 means no

net.ipv4.tcp_window_scaling = 1
Support for larger TCP windows. If the TCP window is greater than 65535 (64K), the value must be set to 1,

Net.ipv4.tcp_rmem = 4096 87380 4194304
Maximum size of the receive window

Net.ipv4.tcp_wmem = 4096 16384 4194304
Default Receive window size, default value is 4096 (4K)

Net.core.wmem_default = 8388608
The memory default value (in bytes) reserved for a TCP socket for sending buffering is generally lower than the value of Net.core.wmem_default. The default value is 16384 (16K).

Net.core.rmem_default = 8388608
Reserved memory default value (in bytes) for receive buffers for TCP sockets

Net.core.rmem_max = 16777216
Maximum amount of memory (in bytes) reserved for receive buffers for TCP sockets

Net.core.wmem_max = 16777216
TCP socket reserved Maximum memory value (in bytes) for sending buffers

Net.core.netdev_max_backlog = 262144
The maximum number of packets that are allowed to be sent to a queue when each network interface receives a packet at a rate that is faster than the rate at which the kernel processes these packets

Net.core.somaxconn = The default parameter for 262144 listen (function), the maximum number of pending requests is limited by 22. Net.ipv4.tcp_max_orphans = 3276800
Maximum number of TCP sockets that the system can handle that is not part of any process

Net.ipv4.tcp_syncookies = 1
This will only occur if Config_syncookies is selected at kernel compile time. When the SYN wait queue appears overflow, the syncookies is sent like the other. The aim is to prevent SYN flood attacks.

Net.ipv4.tcp_max_syn_backlog = 262144
Represents the length of the SYN queue, which defaults to 1024, and a larger queue length of 262144, which can accommodate more network connections waiting to be connected.

Net.ipv4.tcp_timestamps = 0
Time stamp prevents winding of serial numbers

Net.ipv4.tcp_synack_retries = 1
Reduce the number of system SYN connection retries, in order to open the connection to the end, the kernel needs to send a SYN with an ACK that responds to the previous syn.

Net.ipv4.tcp_syn_retries = 1
The number of SYN packets sent before the kernel abandons the connection.

Net.ipv4.tcp_tw_recycle = 1
Indicates that the fast retract function of time-wait sockets on a TCP connection is turned on, and the default is 0, which means shutdown.

Net.ipv4.tcp_tw_reuse = 1
means to turn on reuse. Allows time-wait sockets to be re-used for new TCP connections, which by default is 0 for shutdown.

Net.ipv4.tcp_mem = 94500000 915000000 927000000
NET.IPV4.TCP_MEM[0]: Below this value, TCP has no memory pressure. NET.IPV4.TCP_MEM[1]: Under this value, enter the memory pressure phase. NET.IPV4.TCP_MEM[2]: Above this value, TCP refuses to allocate the socket. The above memory units are pages, not bytes

31. Net.ipv4.tcp_fin_timeout = 1
Indicates that if the socket is closed by a local requirement, this parameter determines how long it remains in the fin-wait-2 state

Net.ipv4.tcp_keepalive_time = 1200
Indicates the frequency at which TCP sends keepalive messages when KeepAlive is employed. The default is 2 hours, instead of 20 minutes

Net.ipv4.ip_local_port_range = 1024 65535
Represents the range of ports used for an outward connection.

vm.swappiness = 0
Reduce the system's use of swap to improve system performance, the default value is 60, the larger the value, the more inclined to use swap. can be set to 0

Linux kernel parameter optimization