Linux performance optimization

Source: Internet
Author: User
I. Preface 1) the LinuxProc file system is optimized by adjusting the Proc file system. 2) Linux performance diagnostic tool: describes how to use the diagnostic tool provided by Linux for performance diagnosis. Bold italics indicate commands that can be directly run. Underline indicates...

I. Preface
1) Linux Proc file system, through Proc file system adjustment, to achieve performance optimization.
2) Linux performance diagnostic tool: describes how to use the diagnostic tool provided by Linux for performance diagnosis.
Bold italics indicate commands that can be directly run.
Underline indicates the content of the file.
II./proc/sys/kernel/optimization
1)/proc/sys/kernel/ctrl-alt-del
This file has a binary value that controls how the system responds when receiving a combination of ctrl + alt + delete keys. The two values are:
If the value is zero (0), ctrl + alt + delete is captured and sent to the init Program. This allows the system to close and restart safely, just as if it had entered the shutdown command.
A value of 1 indicates that the command ctrl + alt + delete is not captured, and an abnormal shutdown is executed, as if the power is directly turned off.

Default value: 0.
It is recommended to set: 1 to prevent unexpected restart caused by pressing ctrl + alt + delete.
2) proc/sys/kernel/msgmax
This file specifies the maximum length (bytes) of messages sent from one process to another ). Messages are transmitted between processes in the kernel memory and are not exchanged to the disk. Therefore, if this value is added, the memory used by the operating system is increased.

Default: 8192
3)/proc/sys/kernel/msgmnb
This file specifies the maximum length of a message queue (bytes ).

Default: 16384
4)/proc/sys/kernel/msgmni
This file specifies the maximum number of message queue IDs, that is, the maximum number of message queues in the system range.

Default setting: 16
5)/proc/sys/kernel/panic
This file indicates the waiting time (in seconds) of the kernel before the reboot in the event of "kernel panic ).
Zero (0) seconds indicates that automatic reboot is prohibited in the event of a serious kernel error.

Default value: 0.
6) proc/sys/kernel/shmall
This file indicates the total amount of shared memory (bytes) that can be used by the system at any given time point ).

Default: 2097152
7)/proc/sys/kernel/shmmax
This file indicates the size (bytes) of the maximum shared memory segment allowed by the kernel ).

Default: 33554432
Recommended: physical memory * 50%

Actual maximum available shared memory segment size = shmmax * 98%, of which approximately 2% is used for the shared memory structure.
You can set shmmax and then run ipcs-l for verification.
8)/proc/sys/kernel/shmmni
This file indicates the maximum number of shared memory segments used for the entire system ).

Default: 4096
9)/proc/sys/kernel/threads-max
This file indicates the maximum number of threads that the kernel can use.

Default: 2048
10)/proc/sys/kernel/sem
This file is used to control the kernel semaphores. The semaphores are the methods used by System VIPC for inter-process communication.

Recommended: 250 32000 100 128
The first column indicates the maximum number of Semaphores in each signal set.
The second column indicates the total number of Semaphores in the system range.
The third column indicates the maximum number of system operations when each signal occurs.
The fourth column indicates the total number of signal sets in the system range.
Therefore, (first column) * (fourth column) = (second column)

The preceding settings can be verified by executing ipcs-l.
11) to be continued...
III./proc/sys/vm/optimization
1)/proc/sys/vm/block_dump
This file indicates whether the Block Debug mode is enabled. it is used to record all read/write and Dirty Block write-back actions.

Default setting: 0. disable Block Debug mode.
2)/proc/sys/vm/dirty_background_ratio
This file indicates the percentage of dirty data in the system's overall memory. at this time, the pdflush process is triggered to write the dirty data back to the disk.

Default setting: 10
3)/proc/sys/vm/dirty_expire_centisecs
This file indicates that if the residence time of dirty data exceeds this value in the memory, the pdflush process will write the data back to the disk next time.

Default setting: 3000 (1/100 seconds)
4)/proc/sys/vm/dirty_ratio
This file indicates the percentage of dirty data generated by the process to the overall memory of the system. at this time, the process writes the dirty data back to the disk.

Default setting: 40
5)/proc/sys/vm/dirty_writeback_centisecs
This file indicates how long the pdflush process writes dirty data back to the disk at a periodic interval.

Default setting: 500 (1/100 seconds)
6)/proc/sys/vm/vfs_cache_pressure
This file indicates that the kernel recycles the preference for directory and inode cache memory. the default value 100 indicates that the kernel will keep directory and inode cache in a reasonable percentage based on pagecache and swapcache; reducing this value below 100 will lead to kernel preference to keep directory and inode cache; increasing this value over 100 will lead to kernel preference to reclaim directory and inode cache.

Default: 100
7)/proc/sys/vm/min_free_kbytes
This file indicates the minimum number of idle memory (Kbytes) reserved by the Linux VM ).

Default setting: 724 (Mb physical memory)
8)/proc/sys/vm/nr_pdflush_threads
This file indicates the number of currently running pdflush processes. when the I/O load is high, the kernel will automatically add more pdflush processes.

Default setting: 2 (read-only)
9)/proc/sys/vm/overcommit_memory
This file specifies the kernel memory allocation policy. The value can be 0, 1, or 2.
0 indicates that the kernel will check whether there is enough available memory for use by the process. if there is enough available memory, the memory application will be allowed; otherwise, the memory application will fail, and return the error to the application process.
1 indicates that the kernel allows all physical memory allocation regardless of the current memory status.
2, indicating that the kernel can allocate more memory than the total physical memory and swap space (refer to overcommit_ratio ).

Default value: 0.
10)/proc/sys/vm/overcommit_ratio
This file indicates that if overcommit_memory = 2, the percentage of memory can be overloaded. the following formula is used to calculate the overall available memory of the system.
System allocable memory = swap space + physical memory * overcommit_ratio/100

Default setting: 50 (%)
11)/proc/sys/vm/page-cluster
This file indicates the number of pages written when writing to the swap area once. 0 indicates 1 page, 1 indicates 2 pages, and 2 indicates 4 pages.

Default settings: 3 (3 to the power of 2, 8 pages)
12)/proc/sys/vm/swapiness
This file indicates the extent to which the system performs swap. the higher the value (0-100), the more likely disk swap will occur.

Default setting: 60
13) legacy_va_layout
This file indicates whether to use the latest 32-bit shared memory mmap () System call. Linux supports shared memory allocation methods including mmap (), Posix, and System VIPC.
0. use the latest 32-bit mmap () system call.
1. use the system call provided by kernel 2.4.

Default value: 0.
14) nr_hugepages
This file indicates the number of hugetlb pages retained by the system.
15) hugetlb_shm_group
This file allows you to use the hugetlb page to create the System Group ID of the System VIPC shared memory segment.
16) to be continued...
4./proc/sys/fs/optimization
1)/proc/sys/fs/file-max
This file specifies the maximum number of file handles that can be allocated. If the error message is declared as enabled
The maximum number of files has been reached, so that they cannot open more files, you may need to increase this value.

Default: 4096
Recommended: 65536
2)/proc/sys/fs/file-nr
This file is related to file-max. It has three values:
Number of allocated file handles
Number of file handles used
Maximum number of file handles
This file is read-only and only used to display information.
3) to be continued...
V./proc/sys/net/core/optimization
The configuration file in this directory is mainly used to control the interaction between the kernel and the network layer.
1)/proc/sys/net/core/message_burst
The time required to write a new warning message (in 1/10 seconds). other warning messages received by the system are discarded. This is used to prevent Denial of Service (Denial of Service) attacks by certain people who attempt to "flood" the system with messages.

Default setting: 50 (5 seconds)
2)/proc/sys/net/core/message_cost
This file indicates the cost of writing each warning message. The larger the value, the more likely it is to ignore the warning message.

Default setting: 5
3)/proc/sys/net/core/netdev_max_backlog
This file indicates the maximum number of packets allowed to be sent to the queue when each network interface receives packets at a rate faster than the rate at which the kernel processes these packets.

Default: 300
4)/proc/sys/net/core/optmem_max
This file indicates the maximum buffer size allowed by each socket.

Default: 10240
5)/proc/sys/net/core/rmem_default
This file specifies the default value of the buffer size of the receiving socket (in bytes ).

Default: 110592
6)/proc/sys/net/core/rmem_max
This file specifies the maximum buffer size of the received socket (in bytes ).

Default: 131071
7)/proc/sys/net/core/wmem_default
This file specifies the default value of the buffer size of the sending socket (in bytes ).

Default: 110592
8)/proc/sys/net/core/wmem_max
This file specifies the maximum size of the buffer for sending sockets (in bytes ).

Default: 131071
9) to be continued...
6./proc/sys/net/ipv4/optimization
1)/proc/sys/net/ipv4/ip_forward
Indicates whether IP forwarding is enabled.
0, forbidden
1. forwarding

Default value: 0.
2)/proc/sys/net/ipv4/ip_default_ttl
This file indicates the Time To Live of a datagram, that is, the maximum number of routers that can pass through.

Default settings: 64
Increasing this value will reduce system performance.
3)/proc/sys/net/ipv4/ip_no_pmtu_disc
This file indicates that the path MTU detection function is disabled globally.

Default value: 0.
4)/proc/sys/net/ipv4/route/min_pmtu
This file indicates the minimum MTU size.

Default: 552
5)/proc/sys/net/ipv4/route/mtu_expires
This file indicates how long the PMTU information is cached (in seconds ).

Default setting: 600 (seconds)
6)/proc/sys/net/ipv4/route/min_adv_mss
This file indicates the minimum MSS (Maximum Segment Size) Size, depending on the first hop router MTU.

Default setting: 256 (bytes)
6.1 IP Fragmentation
1)/proc/sys/net/ipv4/ipfrag_low_thresh/proc/sys/net/ipv4/ipfrag_low_thresh
The two files indicate the minimum and maximum memory allocation values used to reorganize IP segments. Once the maximum memory allocation value is reached, other segments are discarded until the minimum memory allocation value is reached.

Default setting: 196608 (ipfrag_low_thresh)
262144 (ipfrag_high_thresh)
2)/proc/sys/net/ipv4/ipfrag_time
This file indicates how many seconds an IP segment is retained in the memory.

Default value: 30 seconds)
6.2 INET Peer Storage
1)/proc/sys/net/ipv4/inet_peer_threshold
An appropriate value of INET peer memory will be discarded when the threshold value is exceeded. This threshold also determines survival
Time and interval of waste collection. The more entries, the lower the survival period, and the shorter the GC interval.

Default: 65664
2)/proc/sys/net/ipv4/inet_peer_minttl
The minimum survival period of the entry. At the reorganization end, sufficient fragment is required. This is the lowest
Ensure that the buffer pool volume is smaller than inet_peer_threshold during storage. The value is set to jiffies.
Unit measurement.

Default: 120
3)/proc/sys/net/ipv4/inet_peer_maxttl
Maximum retention period of the entry. After this period is reached, if the buffer pool does not exhaust pressure (for example: Slow
The number of entries in the pool is very small). unused entries will time out. This value is measured in jiffies.

Default: 600
4)/proc/sys/net/ipv4/inet_peer_gc_mintime
The shortest interval at which garbage collection (GC) passes. This interval will affect the high memory pressure in the buffer pool. This value
Measured in jiffies.

Default setting: 10
5)/proc/sys/net/ipv4/inet_peer_gc_maxtime
The maximum interval at which garbage collection (GC) passes. this interval affects the low memory pressure in the buffer pool. This value
Measured in jiffies.

Default: 120
6.3 TCP Variables
1)/proc/sys/net/ipv4/tcp_syn_retries
This file indicates the number of times the local machine initiates tcp syn connection timeout retransmission, which should not be higher than 255. this value is only applicable to outgoing connections, and the incoming connections are controlled by tcp_retries1.

Default setting: 5
2)/proc/sys/net/ipv4/tcp_keepalive_probes
This file indicates the maximum number of TCP persistence connection detection times before the TCP connection is discarded. Keep the connection in
The SO_KEEPALIVE socket option is sent only when it is enabled.

Default setting: 9 (Times)
3)/proc/sys/net/ipv4/tcp_keepalive_time
This file indicates the number of seconds that are required from no longer transmitting data to sending a connection signal to the connection.

Default value: 7200 (2 hours)
4)/proc/sys/net/ipv4/tcp_keepalive_intvl
This file indicates the frequency of sending TCP probes, and multiplied by tcp_keepalive_probes indicates the time when no TCP connection is established.

Default value: 75 seconds)
5)/proc/sys/net/ipv4/tcp_retries1
This file indicates the number of retransmission times before a TCP connection request is returned.

Default setting: 3
6)/proc/sys/net/ipv4/tcp_retries2
This file indicates the number of times a TCP packet is retransmitted before it has been established.

Default setting: 15
7)/proc/sys/net/ipv4/tcp_orphan_retries
How many retries are required before the TCP connection is discarded in the near-end. The default value is 7, which is equivalent to 50 seconds-
16 minutes, depending on RTO. If your system is a web server with a large load, you may need
To reduce this value, such sockets may consume a lot of resources. For more information, see
Tcp_max_orphans.
8)/proc/sys/net/ipv4/tcp_fin_timeout
For local-end closed socket connections, TCP stays in the FIN-WAIT-2 state. Possible peer
Will disconnect or never end the connection or unexpected process death. The default value is 60 seconds. In the past
The kernel of version 2.2 is 180 seconds. You can set this value, but note that if your machine is negative
For a very heavy web server, you may have to risk that the memory is filled with a large number of invalid data packets,
The risk of FIN-WAIT-2 sockets is lower than that of FIN-WAIT-1, because they only eat 1.5 K at most.
Memory, but they exist for a longer time. For more information, see tcp_max_orphans.

Default value: 60 seconds)
9)/proc/sys/net/ipv4/tcp_max_tw_buckets
The maximum number of timewait sockets simultaneously processed by the system. If this number is exceeded,
The time-wait socket is immediately cut down and a warning message is displayed. The reason for setting this limit is pure
To defend against simple DoS attacks, do not manually reduce this restriction. However, if
If the network conditions need more than the default values, you can increase the network conditions (or increase the memory ).

Default: 180000
10)/proc/sys/net/ipv4/tcp_tw_recyle
Enable quick TIME-WAIT sockets recycle. Do not follow the suggestions or requirements of technical experts
Modify the value.

Default value: 0.
11)/proc/sys/net/ipv4/tcp_tw_reuse
This file indicates whether to allow re-application of the socket in the TIME-WAIT status for the new TCP connection.

Default value: 0.
12)/proc/sys/net/ipv4/tcp_max_orphans
The maximum number of TCP sockets that the system can process for any process. If the number is exceeded
Connections that do not belong to any process will be immediately reset and a warning message will be displayed. Set this
To defend against simple DoS attacks, do not rely on this or manually downgrade
Lower this limit.

Default: 8192
13)/proc/sys/net/ipv4/tcp_abort_on_overflow
When the daemon is too busy to accept new connections, it sends a reset message to the other party. The default value is false.
This means that when the cause of overflow is an accidental burst, the connection will be restored. Only when you do
This option is enabled only when the email daemon cannot complete the connection request. this option affects the use of the client.

Default value: 0.
14)/proc/sys/net/ipv4/tcp_syncookies
This file indicates whether to enable the TCP synchronization tag (syncookie). The Kernel must enable the CONFIG_SYN_COOKIES for compilation. Syncookie can prevent a socket from overload when too many attempts are made to connect.

Default value: 0.
15)/proc/sys/net/ipv4/tcp_stdurg
Use the host request interpretation function in the TCP urg pointer field. Most hosts use old
BSD explains, so if you open it in Linux, it may lead to failure to communicate with them correctly.

Default value: 0.
16)/proc/sys/net/ipv4/tcp_max_syn_backlog
The maximum number of connection requests that are still not confirmed by the client must be saved in the queue. For
For systems with more than 128 Mb of memory, the default value is 1024. for systems with less than 128 Mb of memory, the default value is 128. If
The server is often overloaded. you can add this number. Warning! If you set this value to greater
1024, it is best to modify the TCP_SYNQ_HSIZE in include/net/tcp. h to keep
TCP_SYNQ_HSIZE * 16 0) or bytes-bytes/2 ^ (-tcp_adv_win_scale) (such
If tcp_adv_win_scale is 128 Mb 32768-610000), the system ignores all messages sent to itself.
Or those of the broadcast address.

Default: 1024
17)/proc/sys/net/ipv4/tcp_window_scaling
This file indicates whether the size of the hop window of the TCP/IP session is variable. The parameter value is a Boolean value. if it is 1, it indicates variable. if it is 0, it indicates non-variable. TCP/IP usually uses a window of up to 65535 bytes. for high-speed networks, this value may be too small. if this function is enabled, the TCP/IP sliding window size can be increased by several orders of magnitude to improve the data transmission capability.

Default setting: 1
18)/proc/sys/net/ipv4/tcp_sack
This file indicates whether Selective Acknowledgment is enabled ), this can improve the performance by selectively responding to messages received in disordered order (this allows the sender to send only lost packets); (for Wan communication) this option should be enabled, however, this will increase the CPU usage.

Default setting: 1
19)/proc/sys/net/ipv4/tcp_timestamps
This file indicates whether to enable RTT computing in a more accurate way than timeout resend (see RFC 1323). This option should be enabled for better performance.

Default setting: 1
20)/proc/sys/net/ipv4/tcp_fack
This file indicates whether FACK congestion avoidance and fast retransmission are enabled.

Default setting: 1
21)/proc/sys/net/ipv4/tcp_dsack
This file indicates whether TCP is allowed to send "two identical" SACK.

Default setting: 1
22)/proc/sys/net/ipv4/tcp_ecn
This file indicates whether the direct congestion notification function of TCP is enabled.

Default value: 0.
23)/proc/sys/net/ipv4/tcp_reordering
This file indicates the maximum number of datagram in the TCP stream.

Default setting: 3
24)/proc/sys/net/ipv4/tcp_retrans_collapse
This file indicates whether the printer with bugs provides compatibility with the bugs.

Default setting: 1
25)/proc/sys/net/ipv4/tcp_wmem
The file contains three integer values: min, default, and max.
Min: The minimum memory size reserved for the TCP socket for sending buffering. Each TCP socket can use it.
Default: the amount of memory reserved for the TCP socket for sending buffering. by Default, this value affects the net. core. the default value in wmem, which is generally lower than net. core. the default value in wmem.
Max: The maximum memory size reserved for the TCP socket for sending buffering. This value does not affect net. core. wmem_max. the SO_SNDBUF parameter selected today is not affected. The default value is 128 K.

Default: 4096 16384 131072
26)/proc/sys/net/ipv4/tcp_rmem
The file contains three integer values: min, default, and max.
Min: reserved the amount of memory used to receive the buffer for the TCP socket. even if the memory is insufficient, the TCP socket will have at least so much memory for receiving the buffer.
Default: the amount of memory reserved for TCP socket for receiving buffering. by default, this value affects the Default value in net. core. wmem used by other protocols. This value determines that the TCP window size is 65535 by default for tcp_adv_win_scale, tcp_app_win, and tcp_app_win.
Max: The maximum memory reserved for TCP socket for receiving buffering. This value does not affect the value of max in net. core. wmem. the SO_SNDBUF parameter selected today is not affected.

Default: 4096 87380 174760
27)/proc/sys/net/ipv4/tcp_mem
The file contains three integers: low, pressure, and high.
Low: When TCP uses the number of memory pages lower than this value, TCP does not consider releasing the memory.
Pressure: When TCP uses the number of memory pages that exceed this value, TCP tries to stabilize its memory usage and enters the pressure mode. when the memory consumption is lower than the low value, it exits the pressure state.
High: the number of pages that allow all tcp sockets to be used for queuing and buffering data packets.
Generally, these values are calculated based on the number of system memory at system startup.

Default: 24576 32768 49152
28)/proc/sys/net/ipv4/tcp_app_win
This file indicates that the number of max (window/2 ^ tcp_app_win, mss) windows are retained due to application buffering. If the value is 0, no buffer is required.

Default setting: 31
29)/proc/sys/net/ipv4/tcp_adv_win_scale
This file indicates computing buffer overhead bytes/2 ^ tcp_adv_win_scale (if tcp_adv_win_scale>; 0) or bytes-bytes/2 ^ (-tcp_adv_win_scale) (if tcp_adv_win_scale <= 0 ).

Default setting: 2
6.4 IP Variables
1)/proc/sys/net/ipv4/ip_local_port_range
This file indicates the local port number opened by the TCP/UDP protocol.

Default: 1024 4999
Recommended: 32768 61000
2)/proc/sys/net/ipv4/ip_nonlocal_bind
Indicates whether the process can be bound to a non-local address.

Default value: 0.
3)/proc/sys/net/ipv4/ip_dynaddr
This parameter is usually used when a dial-up connection is used, so that the system can immediately change the source address of the IP package to this IP address, at the same time, the original tcp conversation is interrupted, and a syn request packet is resent with the new address to start the new tcp conversation. When ip spoofing is used, this parameter can immediately change the disguised ip address to a new ip address. This file indicates whether the dynamic address is allowed. if the value is not 0, it indicates Yes. if the value is greater than 1, the kernel will record the dynamic address rewriting information through log.

Default value: 0.
4)/proc/sys/net/ipv4/icmp_echo_ignore_all/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
This file indicates whether the kernel ignores all icmp echo requests or broadcast and multicast requests.
0. response request
1. ignore requests

Default value: 0.
Recommended Settings: 1
5)/proc/sys/net/ipv4/icmp_ratelimit
6)/proc/sys/net/ipv4/icmp_ratemask
7)/proc/sys/net/ipv4/icmp_ignore_bogus_error_reponses
Some routers violate the RFC1122 standard and send forged responses to broadcast frames to respond. This violation
It is usually recorded in system logs as an alarm. If this option is set to True, the kernel does not
This warning information is recorded.

Default value: 0.
8)/proc/sys/net/ipv4/igmp_max_memberships
This file indicates the maximum number of members in a multicast group.

Default setting: 20
6.5 Other Configuration
1)/proc/sys/net/ipv4/conf/*/accept_redirects
If there are two routers in the network segment of the host, you can set one of them as the default gateway, but the Gateway
When you receive your IP package, you find that this IP package must pass through another vro. then, this vro will give you
Send a so-called "redirect" icmp packet, telling the IP packet to be forwarded to another vro. The parameter value is Boolean.
Value. 1 indicates receiving such redirection icmp information, and 0 indicates ignoring. A linux host acting as a router is missing
The province value is 0, and the default value is 1 on a general linux host. We recommend that you change it to 0 to eliminate security risks.
2)/proc/sys/net/ipv4/*/accept_source_route
Whether to accept an IP packet containing the source route information. The parameter value is a Boolean value. 1 indicates accept, and 0 indicates not accept. In
The default value is 1 on the linux host that acts as the gateway, and 0 on the general linux host. Slave security
Degree. we recommend that you disable this function.
3)/proc/sys/net/ipv4/*/secure_redirects
In fact, the so-called "security redirection" is to accept only the "redirection" icmp packet from the Gateway. This parameter is
Used to set the "security redirection" function. The parameter value is a Boolean value; 1 indicates enabled; 0 indicates disabled; default value:
Enabled.
4)/proc/sys/net/ipv4/*/proxy_arp
Sets whether to relay arp packets on the network. The parameter value is a Boolean value. 1 indicates relay, and 0 indicates ignore,
The default value is 0. This parameter is usually only useful for linux hosts that act as routers.
VII. performance optimization strategies
7.1 Basic Optimization
1) disable the background daemon
After the system is installed, some background daemon processes are started by default, and some processes are not required. Therefore, disabling these processes can save some of the physical memory consumption. Log on to the system as the root user and run ntsysv. select the following process:
Iptables
Network
Syslog
Random
Apmd
Xinetd
Vsftpd
Crond
Local
After modification, restart the system.
In this way, the system only starts the selected daemon.
2) reduce the number of terminal connections
By default, the system starts six terminals, but you only need to start three. log on to the system as the root, run vi/etc/inittab, and change it to the following:
# Run gettys in standard runlevels
1: 2345: respawn:/sbin/mingetty tty1
2: 2345: respawn:/sbin/mingetty tty2
3: 2345: respawn:/sbin/mingetty tty3
#4: 2345: respawn:/sbin/mingetty tty4
#5: 2345: respawn:/sbin/mingetty tty5
#6: 2345: respawn:/sbin/mingetty tty6
Comment out Terminals 4, 5, and 6 as described above.
3) to be continued...
7.2 network optimization
1) optimize the system socket buffer
Net. core. rmem_max = 16777216
Net. core. wmem_max = 16777216
2) optimized the TCP receiving/sending buffer
Net. ipv4.tcp _ rmem = 4096 87380 16777216
Net. ipv4.tcp _ wmem = 4096 65536 16777216
3) optimized network device receiving queues
Net. core. netdev_max_backlog = 3000
4) disable routing functions
Net. ipv4.conf. lo. accept_source_route = 0
Net. ipv4.conf. all. accept_source_route = 0
Net. ipv4.conf. eth0.accept _ source_route = 0
Net. ipv4.conf. default. accept_source_route = 0

Net. ipv4.conf. lo. accept_redirects = 0
Net. ipv4.conf. all. accept_redirects = 0
Net. ipv4.conf. eth0.accept _ redirects = 0
Net. ipv4.conf. default. accept_redirects = 0

Net. ipv4.conf. lo. secure_redirects = 0
Net. ipv4.conf. all. secure_redirects = 0
Net. ipv4.conf. eth0.secure _ redirects = 0
Net. ipv4.conf. default. secure_redirects = 0

Net. ipv4.conf. lo. send_redirects = 0
Net. ipv4.conf. all. send_redirects = 0
Net. ipv4.conf. eth0.send _ redirects = 0
Net. ipv4.conf. default. send_redirects = 0
5) optimize the TCP protocol stack
Enabling the tcp syn cookie option helps protect the server from SyncFlood attacks.
Net. ipv4.tcp _ syncookies = 1

Enable the TIME-WAIT socket reuse function, which is very effective for Web servers with a large number of connections.
Net. ipv4.tcp _ tw_recycle = 1
Net. ipv4.tcp _ tw_reuse = 1

Reduce the time in the FIN-WAIT-2 connection state so that the system can process more connections.
Net. ipv4.tcp _ fin_timeout = 30

Reduce the TCP KeepAlive connection detection time so that the system can process more connections.
Net. ipv4.tcp _ keepalive_time = 1800

Increase the length of the tcp syn queue so that the system can process more concurrent connections.
Net. ipv4.tcp _ max_syn_backlog = 8192

Author: ERDP technical architecture"

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.