Linux Operating System Performance Tuning

Source: Internet
Author: User

According to the tradition, parameters and settings of different Linux distributions and kernels have been changed, so that the system can achieve better performance. The following section describes how to use the following techniques to optimize performance in Red Hat Enterprise Linux AS and suse linux Enterprise Server systems:

QUOTE:

1. Disabling daemons (disable daemons)

2. Shutting down the GUI (Disable GUI)

3. Changing kernel parameters (Change kernel parameters)

4. Kernel parameters (Kernel parameters)

5. Tuning the processor subsystem (processor subsystem Tuning)

6. Tuning the memory subsystem (memory subsystem optimization)

7. Tuning the file system (file system Subsystem Tuning)

8. Tuning the network subsystem (network subsystem optimization)

1. Disable daemons

Some daemons (background services) running on the server are not completely necessary. By disabling these daemons, you can release more memory, reduce startup time, and reduce the number of processes processed by the CPU. Reducing the number of daemons also enhances the security of the server. By default, most servers can safely stop several daemons.

Table 10-1 lists the adjustable processes under Red Hat Enterprise Linux.

Table 10-2 lists the adjustable processes Under suse linux Enterprise Server.

Note: disabling xfs daemon will result in the failure to start X. Therefore, you can disable xfs daemon only when you do not need to start GUI graphics. Run the startx command to enable xfs daemon and resume normal start of X.

You can stop a process as needed. To stop the sendmail process, enter the following command:

Red Hat: /sbin/service sendmail stopSUSE LINUX: /etc/init.d/sendmail stop

You can also configure whether to automatically start a process at the next startup or sendmail:

Red Hat: /sbin/chkconfig sendmail offSUSE LINUX: /sbin/chkconfig -s sendmail off

In addition, LINUX provides a graphical process management function. For Red Hat, run the following command to start the GUI:/usr/bin/redhat-config-services or click Main Menu-> System Settings->

Server Settings -> Services.

 

Tip: not all daemons are displayed on this configuration page. To view all daemons, run the following command:

/sbin/chkconfig –list

For suse linux, the graphical interface is YaST2. The following command can be used to start

/Sbin/yast2 runlevel or click

Browse: YaST/ ?> YaST modules ?> System ?> Runlevel editor

2. Disable GUI

As long as possible, do not start the GUI on the Linux server. Generally, there is no need to start the GUI on the Linux server ., All management tasks can be completed in the command line mode, or through the redirection X and Web browser interface. There are several available Web-based tools (such as webmin, Linuxconf, and SWAT ).

Start the GUI when necessary, and close the GUI immediately after use. In most cases, the server runs at runlevel 3, that is, it does not enter the GUI when the machine starts. Run startx to start Xserver.

1. Check the runlevel command: runlevel

The last runlevel and current runlevel are displayed. (For example, N 5 indicates that the last runlevel (N) is not displayed, and the current runlevel is 5 ).

2. Switch between different runlevels and run the init command.

For example, switch to run level 3 and type the init 3 command.

Below is a brief description of different runlevels in Linux

-0-Halt stop (do not set 0 to the default value; otherwise, the server will be closed immediately after startup)

-1-Single user mode: Single user mode

-2-Multi-user mode without NFS (if there is no network, equivalent to 3)

-3-Full multi-user mode: Full multi-user mode

-4-Unused not used

-5-X11

-6-Reboot restart (do not set 6 to the default value; otherwise, the server will be restarted continuously)

Modify the/etc/inittab file to set the runlevel for machine startup, as shown in Figure 10-3.

For suse linux Enterprise Server, run the YaST runlevel command to change the default runlevel value.

Figure 10-2.

By default, six consoles are saved: F1 ...... F6. To save memory, you can reduce it to three. Use the mingetty ttyx Command, as shown in Figure 10-3.

Tip: You can remotely connect to and start the GUI even if the GUI is disabled. You can use ssh-x.

3. Change Kernel Parameters

Linux Kernel is the core of the operating system and is common to all Linux releases. The kernel parameters can be changed. Run the sysctl command in the command line.

Tip: by default, the Linux kernel includes necessary modules that can use the sysctl command without restarting. However, if you choose to remove this feature when installing the system, you can only restart LINUX to make the change take effect.

Suse linux provides a graphical interface for modification. Run the following command to start the powertweak tool:

/sbin/yast powertweak

Run the following command to start the character-based management menu:

/sbin/yast2 powertweak

Red Hat also provides a graphical interface to change the sysctl parameter:

/usr/bin/redhat-config-proc

Figure 10-5:

Parameter storage locations

Kernel Parameters are stored in/proc (especially/proc/sys) and provide parameters related to the kernel, processor, memory, network, and other components. Each execution process has a directory named after the corresponding PID. Figure 10-3 lists some files that contain kernel information.

4. Kernel Parameters

Table 10-5 lists some kernel parameters that are closely related to the performance of Red Hat V2.4.

5. processor subsystem Optimization

The processor is one of the most important hardware subsystems for applications and database servers. However, in these systems, CPU is often the bottleneck of performance.

In high-end servers with Xeon processors, you can enable or disable Hyper-Threading ). Hyper-Threading virtualizes one processor into two instances in the operating system. Both Red Hat Enterprise Linux AS and suse linux Enterprise Server support this function, so that the processor can execute two threads or processes at the same time. For operating systems and software that support Hyper-Threading, performance can be significantly improved without increasing the CPU clock frequency. For example, if Hyper-Threading is used on a 4-way server and performance monitoring tools (such as top) are used for detection, we can see 8 processors. Figure 10-6

Note: For Hyper-Threading:

_ Hyper-Threading is supported in SMP-based LINUX.

_ The more CPUs you install, the less performance you get from Hyper-Threading. The possible performance improvement is as follows:

-2 Physical CPUs: 15-25%

--4 physical CPUs: 1-13%

--8 Physical CPUs: 0-5%

-For more information about Hyper-Threading, see more.

EM64T is a 64-bit extension of the Intel IA-32 processor. This means that the processor can support more memory and 64-bit applications while fully compatible with existing 32-bit applications. Red Hat Enterprise Linux 3 Update 2 and suse linux Enterprise Server 9 support this new processor. For more EM64T information, see more.

Select the correct Kernel

Red Hat Enterprise Linux AS and suse linux Enterprise Server both contain several kernel packages, AS listed in Table 10-6. Selecting the appropriate kernel is very important for performance.

6. memory subsystem Optimization

The Optimization of the memory subsystem is not very easy. It is necessary to constantly monitor to ensure that the memory changes do not negatively affect other subsystems on the server. If you want to change the virtual memory parameters (in/proc/sys/vm), we recommend that you change only one parameter at a time and then monitor the effect. The adjustment to the virtual memory includes the following items:

Configure how the Linux Kernel updates dirty buffers to the disk. The disk buffer is used to store data on the disk. Compared with the memory, the disk buffer speed is very slow. Therefore, if the server uses this type of memory, the performance may be faulty. When the data in the buffer zone is completely dirty, use: sysctl-w vm. bdflush = "30 500 0 0 500 3000 60 20 0"

Vm. bdflush has nine parameters, but we recommend that you change only three of them:

  • Nfract indicates the maximum percentage of buffer zones allowed by bdflush daemon before being written to the disk in queue.
  • Ndirty, which is the maximum buffer value immediately written by bdflush. If this value is large, bdflush requires more time to complete disk data updates.
  • Nfract_sync: the maximum percentage of dirty changes in the buffer before synchronization.

Configure kswapd daemon to specify the number of Linux memory swap pages

sysctl -w vm.kswapd="1024 32 64"

The three parameters are described as follows:

-Tries_base is four times the number of "pages" exchanged by the kernel each time. For systems with a lot of information exchange, adding this value can improve performance.

-Tries_min is the minimum number of pages that each kswapd swaps goes out.

-Swap_cluster indicates the number of pages that kswapd writes instantly. A small value can improve the disk I/O performance. A large value may also have a negative impact on the Request queue.

If you want to modify these parameters, use the vmstat tool to check the impact on performance. Other virtual memory parameters that can improve performance are:

_ buffermem_ freepages_ overcommit_memory_ page-cluster_ pagecache_ pagetable_cache

7. network subsystem Optimization

After the operating system is installed, you must optimize the network subsystem. Impact on other subsystems: CPU utilization is affected, especially when a large number of TCP connections and blocks are very small, the memory usage will increase significantly.

How to Prevent performance degradation

The following sysctl command is used to change security settings, but it can also prevent network performance degradation. These commands are set to the default value.

◆ Disable the following parameters to prevent hackers from attacking server IP addresses

◆ Enable tcp syn cookies to protect the server against syn-flood attacks, including denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks) (only applicable to Red Hat Enterprise Linux)

◆ The following command causes the server to ignore redirection from the server listed in the gateway. Because redirection can be used for attacks, we only accept redirection with reliable sources.

 

In addition, you can configure to accept or reject any ICMP redirection. ICMP redirection is a mechanism for routers to transmit route information. For example, when the gateway receives an Internet Data Report from the connected network host, the gateway can send a redirection message to a host. The gateway checks the route table to obtain the address of the next gateway. The second gateway routes the datagram to the target network. To disable these redirection, run the following command:

◆ If this server is not a vro, it will not send redirection, so you can disable this function:

◆ Configure the server to reject the broadcast storm or smurf attack attacks:

◆ Ignore all icmp packets or pings:

◆ Some routers send invalid responses to broadcast broadcasts. Each generates a warning and generates logs in the kernel. These responses can be ignored:

  8. TCP and UDP Tuning

The following command is used to optimize a server with a large number of connections.

◆ For servers supporting multiple connections at the same TIME, you can use TIME-WAIT socket for new connections. This is very effective for Web servers:

If you use this command, you also need to start the Fast Loop function of the TIME-WAIT socket status:

Figure 10-7 shows that the number of connections decreases significantly when these functions are enabled. because each TCP transmission contains the protocol information cache of the remote client, it is conducive to improving performance. the cache stores information about the round-trip time, maximum segment size, and congestion window.

◆ The tcp_fin_timeout parameter is the time when the socket is closed and the FIN-WAIT-2 state is maintained. A TCP connection starts with the three-segment SYN sequence and ends with the three-segment FIN sequence. no data is retained. by changing the value of tcp_fin_timeout, the time from the FIN sequence to the memory can be idle to process new connections is shortened, improving the performance. before changing this value, we need to monitor it carefully to avoid memory overflow caused by dead sockets.

◆ One problem with the server is that many TCP connections are opened but not used at the same time. the keepalive function of TCP detects these connections. By default, these connections are lost two hours later. two hours may cause excessive memory usage and lower performance. therefore, changing to 1800 seconds (30 minutes) is a better choice:

◆ For queues of all protocols, set the maximum system sending cache (wmem) and receiving cache (rmem) to 8 MB

These settings specify the memory capacity allocated when a TCP socket is created. In addition, use the following command to send and receive the cache. The command sets three values: Minimum value, initial value, and maximum value:

The third value must be less than or equal to wmem_max and rmem_max.

◆ (Applicable to suse linux Enterprise Server) verify source data packets by retaining the path. By default, the router forwards all data packets, even abnormal network traffic. These packets are discarded by enabling and filtering:

◆ When the server load is heavy or many clients suffer connection failures that are too long and delayed, the number of half-open connections may increase. This is common for Web servers, especially when there are many dial-up customers. these half-open connections are stored in the backlog connections queue. set this value to at least 4096 (1024 by default ). even if the server does not receive such connections, setting this value can also prevent denial-of-service (syn-flood) attacks.

◆ Set ipfrag parameters, especially for NFS and Samba servers. Here, we can set the maximum and minimum memory used to re-combine IP fragments. When the ipfrag_high_thresh value is assigned, fragments are discarded until the value reaches the ipfrag_low_thres value.

Fragment starts when a TCP packet transmission error occurs. Valid data packets are retained in the memory, and corrupted data packets are forwarded. For example, set the available memory range from 256 MB to 384 MB.



Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.