TCP/IP Kernel Parameter Optimization

Note: master the connection and interruption processes and status changes of TCP/IP. It is advantageous for optimizing network settings and system kernel TCP connection parameters.

Changes in the status of TCP normal establishment and Closure

650) This. width = 650; "src =" http://dl.iteye.com/upload/attachment/366894/b6f5e19d-5c3a-38e6-ac70-00ff44a92621.jpg "style =" border: 0px; "/>

The establishment of a TCP connection can be simply called a three-way handshake, and the suspension of a connection can be called a four-way handshake.

Establish a connection 

In TCP/IP, TCP provides reliable connection services and uses three handshakes to establish a connection.

First handshake: when a connection is established, the client sends the SYN Packet (SYN = J) to the server and enters the syn_send status. Wait for the server to confirm;

The second handshake: when the server receives the SYN packet, it must confirm the customer's Syn (ACK = J + 1) and send a SYN Packet (SYN = K), that is, the SYN + ACK packet, the server enters the syn_recv status;

The third handshake: the client receives the server's SYN + ACK package and sends the ACK (ACK = k + 1) Confirmation package to the server. After the package is sent, the client and server enter the established status, complete three handshakes.

After three handshakes are completed, the client and the server start to transmit data, that is, the established status.

End connection

A special concept of TCP is half-close, which means that a TCP connection is a full-duplex (which can be sent and received at the same time) connection. Therefore, when the connection is closed, you must disable the connection between data transmission and data transmission. The client sends a TCP packet whose fin is 1 to the server, and then the server returns an ACK packet to the client, and sends a FIN packet. When the client replies the ACK packet (four handshakes ), the connection is over.

TCP status change diagram

650) This. width = 650; "src =" http://dl.iteye.com/upload/attachment/365267/42e653f4-27d2-3025-9d77-23ab92df316e.jpg "style =" border: 0px; "/>

This is a complex state migration diagram, because it contains two parts: Server State migration and client state migration. If you look at this diagram from a certain perspective, it will be much clearer. The server and client here are not absolute. The client sends the data, and the server receives the data.

The client status can be expressed in the following process:

Closed-> syn_sent-> established-> fin_wait_1-> fin_wait_2-> time_wait-> closed

The above process is a proper process in the normal circumstances of the program. From the figure in the book, we can see that when a connection is established, when the client receives the ACK of the SYN packet, the client opens an interactive data connection. The client ends the connection. After the client ends the application, it must go through the fin_wait_1, fin_wait_2, and other statuses, the migration of these statuses is the four handshakes mentioned earlier to end the connection.

The server status can be expressed in the following process:

Closed-> listen-> SYN received-> established-> close_wait-> last_ack-> closed

When a connection is established, the server enters the data interaction status only after the third handshake, while closing the connection is after the second handshake (note not the fourth ). After the feature is disabled, you must wait for the client to provide the final ack package before entering the initial state.

Other status migration

The diagram in the book also contains some other State migration, which summarizes the two aspects of server and client as follows:

1. Listen-> syn_sent. The explanation is very simple. The server sometimes needs to open the connection.
2. syn_sent-> SYN received. If the server and client receive SYN datagram in the syn_sent state, both the server and client need to send the syn ack datagram and adjust their status to the SYN receiving state to be in the established State.
3. syn_sent-> closed: when sending times out, it will return to the closed status.
4. Syn _ received-> listen. If the received RST packet is received, it will return to the listen status.
5. Syn _ received-> fin_wait_1. This migration means that you can directly jump to the fin_wait_1 status and wait for shutdown without going to the established status.

2msl waiting status

In the figure given in the book, there is a time_wait wait state, which is also called the 2msl state. It means that after time_wait2 sends the last ack datagram, it will enter the time_wait state, this status prevents the datagram of the last handshake from being transmitted to the other party and prepared (note that this is not the four handshakes, but the fourth handshake is the insurance status ). This State ensures that both parties can end normally, but the problem also arises.

Because of the 2msl status of the plug-in port (the plug-in Port indicates the IP address and port pair, socket), the application cannot use the same plug-in again in 2msl time, which is better for the customer program, however, for a service program, such as httpd, it always needs to use the same port for service. In 2msl time, an error occurs when httpd is started (the plug is used ). In order to avoid this error, the server provides a concept of Calm time, which means that although the server can be restarted in 2msl time, however, this server still needs to wait for the 2msl time to complete the next connection.

Fin_wait_2 status

This is the famous semi-closed status, which is the status after the client and server shake hands twice when the connection is closed. In this state, the application can accept data, but data cannot be sent. However, the client is always in the fin_wait_2 state, and the server is always in the wait_close state, the Application Layer determines to close this status.

RST, both open and close

RST is another way to close the connection. The application should be able to determine the authenticity of the RST package, that is, whether the connection is aborted abnormally. Both open and close are two special TCP states, with a low probability of occurrence.

TCP connection status explanation:

Listen: listens for connection requests from remote ports.

SYN-SENT: wait for a matched connection request after sending the connection request again

SYN-RECEIVE: again received and sent a connection request after waiting for the other side of the connection to confirm the request

Established: indicates an opened connection.

Fin-wait-1: waiting for confirmation of the remote TCP connection interruption request or previous connection interruption request

Fin-wait-2: Waiting for connection interruption requests from remote TCP

Close-Wait: Waiting for connection interruption requests from Local Users

Closeing: waiting for confirmation of remote TCP connection interruption

LAST-ACK: waiting for confirmation of the original connection interruption request sent to remote TCP

Time-Wait: Wait for enough time to confirm that the remote TCP receives the interrupted request.

Closed: No connection status

Linux Kernel TCP connection Parameters

All TCP/IP parameters are in the/proc/sys/NET directory:

/Proc/sys/NET/IPv4/tcp_mem determine how the TCP stack reflects memory usage. The unit of each value is a memory page (usually 4 kb ). the first value is the lower limit of memory usage, and the second value is the upper limit of the application pressure on the buffer zone starting from the memory pressure mode;

The third value is the upper limit of memory usage. at this level, messages can be discarded to reduce memory usage. for larger BDP values, you can increase these values (note that the unit is the Memory Page rather than the byte) after the adjustment: 131072 262144 524288

/Proc/sys/NET/IPv4/tcp_rmem defines the memory used by the socket for automatic optimization. the first value is the minimum number of bytes allocated to the socket receiving buffer; the second value is the default value (this value will be overwritten by rmem_default ), the buffer can be increased to this value when the system load is not heavy. The third value is the maximum number of bytes of the received buffer space (this value will be overwritten by rmem_max) after adjustment: 8760 256960 4088000

/Proc/sys/NET/IPv4/tcp_wmem defines the memory used by the socket for automatic optimization. the first value is the minimum number of bytes allocated for the socket sending buffer; the second value is the default value (this value will be overwritten by wmem_default ), the buffer can be increased to this value when the system load is not heavy. The third value is the maximum number of bytes of the buffer space to be sent (this value will be overwritten by wmem_max) after adjustment: 8760 256960 4088000

/Proc/sys/NET/IPv4/tcp_keepalive_time the interval (in seconds) Between TCP and keepalive detection messages. After confirming whether the TCP connection is effectively adjusted: 1800

/Proc/sys/NET/IPv4/tcp_keepalive_intvl interval (seconds) when the message is not received

/Proc/sys/NET/IPv4/tcp_keepalive_probes: the maximum number of keepalive detection messages that can be sent before the TCP connection is determined to be invalid. After adjustment: 3

/Proc/sys/NET/IPv4/tcp_sack enable selective response (1 indicates enabled) and improve performance by selectively responding to messages received in disordered order, allow the sender to send only the lost packet segment (for Wan communication). This option should be enabled, but will increase the CPU usage. after adjustment: 1

/Proc/sys/NET/IPv4/tcp_fack enable forwarding response. You can select a response (sack) to reduce congestion. This option should also be enabled. After adjustment: 1

/Proc/sys/NET/IPv4/tcp_timestamps TCP timestamp (12 bytes will be added to the TCP Header), a more accurate method for sending timeout in proportion (refer to RFC 1323) to enable RTT computing, this option should be enabled for better performance. after adjustment: 1

/Proc/sys/NET/IPv4/tcp_window_scaling enable the Window Scaling defined in RFC 1323. To support a TCP window larger than 64 KB, This value must be enabled (1 indicates enabled ), the maximum TCP window is 1 GB. It takes effect only when both TCP connections are enabled. after adjustment: 1

/Proc/sys/NET/IPv4/tcp_syncookies indicates whether the TCP synchronization label (syncookie) is enabled. The config_syn_cookies must be enabled in the kernel for compilation, synchronization tags prevent a socket from overload when too many attempts are made to connect. after adjustment: 1

/Proc/sys/NET/IPv4/tcp_tw_reuse indicates whether to allow the time-Wait socket (the port of Time-Wait) to be used for the new TCP connection. After adjustment: 1

/Proc/sys/NET/IPv4/tcp_tw_recycle can reclaim time-Wait socket more quickly. After adjustment: 1

/Proc/sys/NET/IPv4/tcp_fin_timeout specifies the time (in seconds) for the local socket connection to remain in the fin-wait-2 state ). the other party may disconnect or never end the connection or unexpected process death. adjusted: 30

/Proc/sys/NET/IPv4/ip_local_port_range indicates the local port number allowed by the TCP/UDP protocol after adjustment: 1024 65000

/Proc/sys/NET/IPv4/tcp_max_syn_backlog the maximum number of connections in the queue for connection requests that have not been confirmed by the other party. if the server is overloaded frequently, add this number. adjusted: 2048

/Proc/sys/NET/IPv4/tcp_low_latency allows the TCP/IP stack to adapt to low latency in high throughput. This option should be disabled. After adjustment: 0

/Proc/sys/NET/IPv4/tcp_westwood enables the sender's congestion control algorithm, which can maintain the throughput evaluation and try to optimize the overall bandwidth utilization, this option should be enabled for Wan communication. adjusted: 0

/Proc/sys/NET/IPv4/tcp_bic enables binary increase congestion for a fast long-distance network, so that you can better use the link for operations at the GB speed. This option should be enabled for Wan communication. after adjustment: 1

Write the/etc/sysctl. conf configuration file:

Net. ipv4.tcp _ mem = 131072 262144 524288

Net. ipv4.tcp _ rmem = 8760 256960 4088000

Net. ipv4.tcp _ WMEM = 8760 256960 4088000

Net. ipv4.tcp _ keepalive_time = 1800

Net. ipv4.tcp _ keepalive_intvl = 30

Net. ipv4.tcp _ keepalive_probes = 3

Net. ipv4.tcp _ sack = 1

Net. ipv4.tcp _ fack = 1

Net. ipv4.tcp _ timestamps = 1

Net. ipv4.tcp _ window_scaling = 1

Net. ipv4.tcp _ syncookies = 1

Net. ipv4.tcp _ tw_reuse = 1

Net. ipv4.tcp _ tw_recycle = 1

Net. ipv4.tcp _ fin_timeout = 30

Net. ipv4.ip _ local_port_range = 1024 65000

Net. ipv4.tcp _ max_syn_backlog = 2048

More parameter optimization needs to be further explored .....

Save the file and run the "/sbin/sysctl-P" command to make it take effect immediately.

This article from the "Technical blog" blog, please be sure to keep this source http://mrxiong.blog.51cto.com/287318/1531953