Linux performance optimization 15th: sorting out common network parameters

Linux Performance Tuning 15th: common network parameter sorting about linux Performance Tuning 14th: Adjusting socket buffer http://www.bkjia.com/ OS /201307/230154.html 1. tcp connection persistence management: net. ipv4.tcp _ keepalive_time = 7200 if a connection is idle within the specified time of this parameter, the kernel initiates a net probe to the remote host. ipv4.tcp _ keepalive_intvl = 75 the time interval between the kernel and the remote host. net. ipv4.tcp _ keepalive_probes = 9 the maximum number of times the kernel sends the probe. If the probe count is greater than this number, it is determined that the remote host is inaccessible, after the connection is closed and local resources are released, the kernel will retry every 75 seconds after a connection is idle for seconds. In this way, a connection can be discarded after 2h11min. Reducing this value can minimize the resources occupied by the failed connection and be used by new connections. 2. tcp connection management: net. core. netdev_max_backlog = 3000 this file indicates the maximum number of packets allowed to be sent to the queue when each network interface receives packets at a rate faster than the rate at which the kernel processes these packets. Net. ipv4.tcp _ max_syn_backlog = 1024 control the length of the tcp syn queue for each port. connection requests from the client must be queued until the Server accepts them. If the number of connection requests exceeds this value, the connection request is discarded and the client cannot connect to the server. Generally, the server must increase the value of net. ipv4.tcp _ synack_retries = 5 control the number of times that the kernel re-sends a response to a socket ack and syn segment. Reducing this value can detect connection failure attempts from remote hosts as soon as possible. net. ipv4.tcp _ retries2 = 15 control the number of times that the kernel resends data to a remote host that has established a connection. reduce this value and check that the connection fails as early as possible. ipv4.tcp _ syncookies = 1SYN Cookie is a method used to modify the three-way handshake protocol on the TCP server to prevent SYN Flood attacks. The principle is that when the TCP server receives the tcp syn Packet and returns the tcp syn + ACK packet, a cookie value is calculated based on the SYN Packet instead of a dedicated data zone. When receiving a tcp ack packet, the TCP server checks the validity of the tcp ack packet based on the cookie value. If valid, assign a dedicated data area to process future TCP connections. 4.net. ipv4.tcp _ tw_reuse = 1 indicates enabling reuse. Allow TIME-WAIT sockets to be re-used for new TCP connections. The default value is 0. net. ipv4.tcp _ tw_recycle = 1 indicates to enable fast recovery of TIME-WAIT sockets in TCP connections. The default value is 0 5.net. ipv4.tcp _ fin_timeout = 60 shorten the default timeout time 6. /proc/sys/net/ipv4/conf/*/accept_redirects, however, when the gateway receives your IP packet, it finds that this IP packet must pass through another router. Then, this router will send you a so-called "Redirect" icmp packet, tells you to forward an IP packet to another vro. The parameter value is a Boolean value. 1 indicates receiving such redirection icmp information, and 0 indicates ignoring. The default value is 0 on the linux host that acts as the router, and 1 on the general linux host. We recommend that you change it to 0 to eliminate security risks.