Optimize network performance under Linux with/proc/sys/net/ipv4/

Network performance through/proc/sys/net/IPv4/optimized Linux

/proc/sys/net/IPv4/optimization
1)/proc/sys/net/IPv4/ip_forward
The file indicates whether IP forwarding is turned on.
0, prohibit
1, forwarding

Default setting: 0
2)/proc/sys/net/IPv4/ip_default_ttl

This file represents the lifetime of a datagram (time to Live), which is the maximum number of routers to go through.

Default setting: 64
Increasing this value can degrade system performance.
3)/proc/sys/net/IPv4/ip_no_pmtu_disc
This file indicates that the path MTU detection function is turned off globally.

Default setting: 0
4)/proc/sys/net/IPv4/route/min_pmtu
The file represents the size of the minimum path MTU.

Default setting: 552
5)/proc/sys/net/IPv4/route/mtu_expires
The file represents how long (in seconds) The PMTU information is cached.

Default setting: 600 (seconds)
6)/proc/sys/net/IPv4/route/min_adv_mss
The file represents the smallest MSS (Maximum Segment size), depending on the router MTU of the first hop.

Default setting: (bytes)
6.1 IP Fragmentation
1)/proc/sys/net/IPv4/ipfrag_low_thresh
/proc/sys/net/IPv4/ipfrag_low_thresh
The two files represent the minimum and maximum memory allocations used to reorganize the IP segment, and once the maximum memory allocation value is reached, the other segments are discarded until the minimum memory allocation value is reached.

Default setting: 196608 (Ipfrag_low_thresh)
262144 (Ipfrag_high_thresh)
2)/proc/sys/net/IPv4/ipfrag_time
The file represents how many seconds an IP fragment is retained in memory.

Default setting: 30 (seconds)
6.2 INET Peer Storage
1)/proc/sys/net/IPv4/inet_peer_threshold
inet an appropriate value to the end of the memory, when exceeding the threshold entry will be discarded. This threshold also determines the survival
Time and the time interval at which the waste collection is passed. The more entries, the lower the survival period, and the shorter the GC interval.

Default setting: 65664
2)/proc/sys/net/IPv4/inet_peer_minttl
The minimum survival period for the entry. There must be enough fragmentation (fragment) survival time on the recombinant side. This minimum
The survival period must ensure that the buffer pool volume is less than inet_peer_threshold. The value is Jiffies
Unit measurements.

Default setting: 120
3)/proc/sys/net/IPv4/inet_peer_maxttl
Maximum lifetime of the entry. After this period arrives, if the buffer pool does not run out of pressure (for example: slow
The number of entries in the flush pool is very small), the unused entries will time out. The value is measured in jiffies.

Default setting: 600
4)/proc/sys/net/IPv4/inet_peer_gc_mintime
The shortest interval through which waste collection (GC) is passed. This interval affects the high pressure of memory in the buffer pool. This value
Measured in jiffies units.

Default setting: 10
5)/proc/sys/net/IPv4/inet_peer_gc_maxtime
The maximum interval passed by the waste collection (GC), which affects the low pressure of memory in the buffer pool. This value
Measured in jiffies units.

Default setting: 120
6.3 TCP Variables
1)/proc/sys/net/IPv4/tcp_syn_retries
This file indicates the number of times that the native outbound TCP SYN Connection timed out retransmission should not be higher than 255, which is only for outgoing connections and is controlled by Tcp_retries1 for incoming connections.

Default setting: 5
2)/proc/sys/net/IPv4/tcp_keepalive_probes
The file represents the maximum number of TCP hold connection detections before a TCP connection is dropped. Keep the connection only in
The so_keepalive socket option is not sent until it is opened.

Default setting: 9 (Times)
3)/proc/sys/net/IPv4/tcp_keepalive_time
The file represents the number of seconds between the time the data is no longer being transmitted and the hold-to-connect signal is sent to the connection.

Default setting: 7200 (2 hours)
4)/proc/sys/net/IPv4/tcp_keepalive_intvl
This file represents the frequency at which TCP probes are sent, multiplied by tcp_keepalive_probes to indicate when there is no corresponding TCP connection.

Default setting: 75 (seconds)
5)/proc/sys/net/IPv4/tcp_retries1
The file represents the number of retransmissions that were made before the response to a TCP connection request was discarded.

Default setting: 3
6)/proc/sys/net/IPv4/tcp_retries2
This file indicates the number of retransmissions before a TCP packet has been established in the communication State.

Default setting: 15
7)/proc/sys/net/IPv4/tcp_orphan_retries
How many retries to make before the near-end drops the TCP connection. The default value is 7, which is equivalent to 50 seconds –
16 minutes, depending on RTO. If your system is a heavily loaded Web server, you may need to
To lower this value, this type of sockets can consume a lot of resources. Also reference
Tcp_max_orphans.
8)/proc/sys/net/IPv4/tcp_fin_timeout
For a socket connection that is disconnected at this end, TCP remains in the Fin-wait-2 state for the time. Each other May
Disconnects or does not end the connection or the unpredictable process dies. The default value is 60 seconds. Past in
The 2.2 version of the kernel is 180 seconds. You can set this value, but be aware that if your machine is negative
Load a heavy Web server, you may risk the memory being filled with a large number of invalid datagrams,
Fin-wait-2 sockets are less dangerous than fin-wait-1 because they eat up to 1.5K
Memory, but they exist for a longer period of time. In addition refer to Tcp_max_orphans.

Default setting: 60 (seconds)
9)/proc/sys/net/IPv4/tcp_max_tw_buckets
The maximum number of timewait sockets the system is processing at the same time. If this number is exceeded,
The time-wait socket is immediately removed and a warning message is displayed. The reason to set this limit, pure
In order to resist those simple DoS attacks, do not artificially reduce this limit, but if
Network conditions require more than the default value, you can increase it (and perhaps increase the memory).

Default setting: 180000
)/proc/sys/net/IPv4/Tcp_tw_recyle
Turn on quick time-wait sockets recycling. Unless advised or requested by a technical expert, do not follow
Modify this value.

Default setting: 0
One)/proc/sys/net/IPv4/tcp_tw_reuse
The file indicates whether to allow the time-wait state of the socket to be re-applied for the new TCP connection.

Default setting: 0
/proc/sys/net/)IPv4/tcp_max_orphans
The maximum number of TCP sockets that the system can handle that is not part of any process. If it exceeds this amount, it
A connection that is not part of any process is immediately reset and a warning message is displayed. The reason to set this
To protect against simple DoS attacks, don't rely on this or artificially
Lower this limit.

Default setting: 8192
/proc/sys/net/)IPv4/tcp_abort_on_overflow
When the daemon is too busy to accept the new connection, the reset message is sent to the other party, and the default value is False.
This means that when the cause of the overflow is due to an accidental burst, then the connection will revert to the state. Only when you do
The message daemon really cannot complete the connection request until the option is turned on, which affects the customer's use.

Default setting: 0
/proc/sys/net/)IPv4/tcp_syncookies
The file indicates whether the TCP synchronization label (Syncookie) is turned on, and the kernel must have the Config_syn_cookies key open to compile. The Sync label (Syncookie) prevents a socket from overloading when there are too many attempts to connect.

Default setting: 0
/proc/sys/net/)IPv4/tcp_stdurg
Use the host Request interpretation feature in the TCP Urg pointer field. Most of the hosts are using the old
BSD explained, so if you open it on Linux, or it will cause you to not communicate properly with them.

Default setting: 0
/proc/sys/net/)IPv4/tcp_max_syn_backlog
For connection requests that still do not have a client acknowledgement, the maximum number that needs to be saved in the queue. For
Systems that exceed 128Mb of memory, the default value is 1024, or 128 less than 128Mb. If
The server is often overloaded and can try to increase this number. Warning! If you set this value to be greater than
1024, it is best to modify the include/net/tcp.h inside the tcp_synq_hsize to keep
tcp_synq_hsize*16 0) or bytes-bytes/2^ (-tcp_adv_win_scale) (e.g.
Tcp_adv_win_scale 128Mb 32768-610000) The system will ignore all sent to itself
Requests for ICMP echo requests or those broadcast addresses.

Default setting: 1024
/proc/sys/net/)IPv4/tcp_window_scaling
This file indicates whether the sliding window size of the TCP/IP session is set to variable. The value of the parameter is a Boolean value, 1 is variable, and 0 indicates immutable. TCP/IP typically uses a maximum of 65535 bytes of Windows, which may be too small for high-speed networks, which, if enabled, can increase the TCP/IP sliding window size by several orders of magnitude, increasing the ability to transmit data.

Default setting: 1
)/proc/sys/net/IPv4/tcp_sack
This file indicates whether a selective answer (selective acknowledgment) is enabled, which can improve performance by selectively answering packets received by the order (which allows the sender to send only the missing segment); (for WAN communication) This option should be enabled, However, this increases the CPU usage.

Default setting: 1
/proc/sys/net/)IPv4/tcp_timestamps
The file indicates whether to enable a more accurate method than a timeout (see RFC 1323) to enable calculation of RTT; This option should be enabled for better performance.

Default setting: 1
/proc/sys/net/)IPv4/tcp_fack
This file indicates whether to turn on fack congestion avoidance and fast retransmission functionality.

Default setting: 1
)/proc/sys/net/IPv4/tcp_dsack
This file indicates whether TCP is allowed to send "two identical" sack.

Default setting: 1
/proc/sys/net/)IPv4/tcp_ecn
This file indicates whether the TCP direct congestion notification feature is turned on.

Default setting: 0
/proc/sys/net/)IPv4/tcp_reordering
The file represents the maximum number of reordered datagrams in the TCP stream.

Default setting: 3
)/proc/sys/net/IPv4/tcp_retrans_collapse
This file indicates whether the printer that has the bug is compatible with its bug.

Default setting: 1
/proc/sys/net/)IPv4/tcp_wmem
The file contains 3 integer values, respectively: Min,default,max
Min: Reserve the minimum amount of memory used to send buffers for the TCP socket. It can be used by each TCP socket.
Default: The amount of memory reserved for a TCP socket for sending buffers, which, by defaults, affects the use of other protocolsnet.The value of default in Core.wmem is generally lower thannet.The value of default in Core.wmem.
Max: reserves the maximum amount of memory used for sending buffers for TCP sockets. This value does not affectnet.Core.wmem_max, selecting the parameter so_sndbuf today is not affected by this value. The default value is 128K.

Default setting: 4096 16384 131072
/proc/sys/net/)IPv4/tcp_rmem
The file contains 3 integer values, respectively: Min,default,max
Min: The amount of memory reserved for the TCP socket for receiving buffering, even if the TCP socket has at least so much memory to receive buffering in the event of a memory tension.
Default: The amount of memory reserved for the TCP socket for receiving buffering, which affects the use of other protocolsnet.The value of default in Core.wmem. This value determines the TCP window size of 65535 in the case of default values for Tcp_adv_win_scale, Tcp_app_win, and Tcp_app_win.
Max: reserves the maximum amount of memory for the TCP socket to receive buffering. This value does not affectnet.The value of Max in Core.wmem, which is not affected by today's selection of parameter so_sndbuf.

Default setting: 4096 87380 174760
/proc/sys/net/)IPv4/tcp_mem
The file contains 3 integer values, respectively: Low,pressure,high
Low: TCP does not consider freeing memory when TCP uses a number of memory pages that are below this value.
Pressure: When TCP uses more memory pages than this value, TCP attempts to stabilize its memory usage, enters pressure mode, and exits the pressure state when memory consumption falls below the low value.
High: Allows all TCP sockets the amount of pages used to queue buffered datagrams.
In general, these values are calculated based on the amount of system memory at system startup.

Default setting: 24576 32768 49152
/proc/sys/net/)IPv4/tcp_app_win
The file represents the number of reserved Max (Window/2^tcp_app_win, MSS) Windows due to application buffering. When 0 indicates that no buffering is required.

Default setting: 31
)/proc/sys/net/IPv4/tcp_adv_win_scale
The file represents the calculation buffer overhead bytes/2^tcp_adv_win_scale (if Tcp_adv_win_scale >; 0) or bytes-bytes/2^ (-tcp_adv_win_scale) (If tcp_adv_ Win_scale).

Default setting: 2
6.4 IP Variables
1)/proc/sys/net/IPv4/ip_local_port_range
The file represents the local port number that the TCP/UDP protocol opens.

Default setting: 1024 4999
Recommended settings: 32768 61000
2)/proc/sys/net/IPv4/ip_nonlocal_bind
The file indicates whether the process is allowed to state to a non-local address.

Default setting: 0
3)/proc/sys/net/IPv4/ip_dynaddr
This parameter is typically used in the case of a dial-up connection, which enables the system to immediately change the IP packet's source address to that IP address while interrupting the original TCP conversation and re-issuing a SYN request packet with the new address to start a new TCP conversation. When using IP spoofing, this parameter can immediately change the spoofed address to a new IP address. The file indicates whether dynamic addresses are allowed, if the value is not 0, and if the value is greater than 1, the kernel will record the dynamic address rewrite information via log.

Default setting: 0
4)/proc/sys/net/IPv4/icmp_echo_ignore_all
/proc/sys/net/IPv4/icmp_echo_ignore_broadcasts
This file indicates whether the kernel ignores all ICMP echo requests, or ignores broadcast and multicast requests.
0, responding to requests
1, ignore request

Default setting: 0
Recommended setting: 1
5)/proc/sys/net/IPv4/icmp_ratelimit
6)/proc/sys/net/IPv4/icmp_ratemask
7)/proc/sys/net/IPv4/icmp_ignore_bogus_error_reponses
Some routers violate the RFC1122 standard, which sends a forged response to the broadcast frame to answer. This violation of the line
It is usually logged in the system log as an alarm. If this option is set to true, the kernel does not
Record this warning message.

Default setting: 0
8)/proc/sys/net/IPv4/igmp_max_memberships
The file represents the maximum number of members in a multicast group.

Default setting: 20
6.5 Other Configuration
1)/proc/sys/net/IPv4/conf/*/accept_redirects
If there are two routers in the network segment where the host is located, you set one of them as the default gateway, but the gateway
When you receive your IP packet, you find that the IP packet must go through another router, and this router will give you
Sends a so-called "redirect" ICMP packet that tells the IP packet to be forwarded to another router. Parameter value is Boolean
Value, 1 for receiving such redirection ICMP information, 0 for ignoring. The Linux host that is acting as a router is missing
The save value is 0, and the default value is 1 on a typical Linux host. It is recommended that you change it to 0 to eliminate security risks.
2)/proc/sys/net/IPv4/*/accept_source_route
Whether to accept IP packets containing source routing information. The parameter value is a Boolean value, 1 is accepted, and 0 is not accepted. In
The default value is 1 on a Linux host that acts as a gateway, and the default value is 0 on a typical Linux host. From the security corner
It is recommended to turn this feature off.
3)/proc/sys/net/IPv4/*/secure_redirects
In fact, the so-called "security redirection" is to accept only "redirect" ICMP packets from the gateway. This parameter is
Used to set the "Security redirection" feature. The parameter value is a Boolean value, 1 means enabled, 0 is forbidden, and the default value
is enabled.
4)/proc/sys/net/IPv4/*/proxy_arp
Sets whether to relay ARP packets on the network. The parameter value is a Boolean value, 1 for trunk, 0 for ignore,
The default value is 0. This parameter is typically useful only for Linux hosts that act as routers.

Optimize network performance under Linux with/proc/sys/net/ipv4/