The TCP/IP parameters for tweaking

Source: Internet
Author: User
Tags rfc

theTcp / ipparameters for tweaking a linux-based machine for fast internet connections is located in/proc/sys/net/... (assuming 2.1+ kernel). This is volatile, and changes was reset at reboot. There is a couple of methods for reapplying the changes atBootTime , ilustrated below.

Locating the TCP/IP parameters

All TCP/IP tunning parameters is located under/proc/sys/net/... For example, where is a list of the most important tunning parameters, along with short description of their meaning:

/proc/sys/net/core/rmem_max  -maximum tcp Receive Window
/proc/sys/net/ Core/wmem_max  -Maximum TCP Send Window
/proc/sys/net/ipv4/tcp_rmem  -Memory Reserved for TCP receive buffers
/proc/sys/net/ipv4/tcp_wmem  -memory reserved for TCP send Buffers
/proc/sys/net/ipv4/tcp_timestamps  - Timestamps  (rfc 1323) Add 12 Bytes to the Tcp header ...
/proc/sys/net/ipv4/tcp_sack  -TCP selective acknowledgements. They can reduce retransmissions, however make servers more prone to ddos attacks and increase CPU utilization. /proc/sys/net/ipv4/tcp_window_scaling  -support for large TCP Windows (rfc 1323). Needs to BES set to 1 if the Max TCP Window is over 65535.

Keep in mind everything under/proc was volatile, so any changes you make is lost after reboot. There is some additional internal memory buffers for the TCP Window, allocated for each connection:

/proc/sys/net/ipv4/tcp_rmem -memory reserved for TCP RCV buffers (reserved memory per connection default)
/proc/sys/net/ipv4/tcp_wmem -memory reserved for TCP snd buffers (reserved memory per connection default)

The Tcp_rmem and Tcp_wmem contain arrays of three parameter Values:the 3 numbers represent minimum, default and maximum M Emory values. Those 3 values is used to bound autotunning and balance memory usage while under global memory stress.

Applying TCP/IP Parameters at System Boot

TCP/IP parameters in Linux is located In/proc/sys/net/ipv4 and/proc/sys/net/core. This was part of the Virtual filesystem which resides in system memory (RAM), and any changes to it was volatile, they is Reset is rebooted.

There is, methods, we can use a to apply the settings at each reboot. First, we can edit/etc/sysctl.conf (or/etc/sysctl.d/sysctl.conf, depending on your distribution). The syntax for setting parameters in this file are by issuing SYSCTL commands, as follows::

Net.core.rmem_default = 256960
Net.core.rmem_max = 256960
Net.core.wmem_default = 256960
Net.core.wmem_max = 256960
Net.ipv4.tcp_timestamps = 0
Net.ipv4.tcp_sack = 0
net.ipv4.tcp_window_scaling = 1

You can see a list of all tweakable parameters by executing the following in your terminal: sysctl-a | grep tcp (or simply sysctl-a for a full list).

Alternatively, you can apply the settings at boot time by editing the/etc/rc.local,/etc/rc.d/rc.local, Or/etc/boot.loca L depending on your distribution. Note the difference in syntax, you simply echo the appropriate value in the virtual file system. The TCP/IP parameters should is self-explanatory:we ' re basically setting the TCP Window to 256960, disabling timestamps ( To avoid byte header overhead), enabling TCP window scaling, and selective acknowledgements:

echo 256960 >/proc/sys/net/core/rmem_default
echo 256960 >/proc/sys/net/core/rmem_max
echo 256960 >/proc/sys/net/core/wmem_default
echo 256960 >/proc/sys/net/core/wmem_max
echo 0 >/proc/sys/net/ipv4/tcp_timestamps
echo 0 >/proc/sys/net/ipv4/tcp_sack
Echo 1 >/proc/sys/net/ipv4/tcp_window_scaling

You can change the above example values as desired, depending on your Internet connection and maximum bandwidth/latency. There is other parameters your can change from the default if you ' re confident in "What do you ' re doing-just find the Correc t syntax of the values in/proc/sys/net/... and add a line in the above code analogous to the others. To revert to the default parameters, you can just comment or delete the above code from/etc/rc.local and restart.

Note:to manually set the MTU value under Linux, use the command: ifconfig eth0 MTU (where are the DES ired MTU size)

Changing current Values

While testing, the current TCP/IP parameters can be edited without the need for reboot in the following locations:

/proc/sys/net/core/
Rmem_default = Default Receive Window
Rmem_max = Maximum Receive Window
Wmem_default = Default Send Window
Wmem_max = Maximum Send Window

/proc/sys/net/ipv4/
You ll find timestamps, window scaling, selective acknowledgements, etc.

Keep in mind the values In/proc would be reset upon reboot. You still need to add the code in either sysctl.conf, or the alternate syntax in rc.local in order to the changes AP Plied at all boot as described in the above.

To do any new sysctl.conf changes take effect without rebooting the machine, you can execute:

Sysctl-p

To see a list of all relevant tweakable sysctl parameters, along with their current values, try the following in your term Inal

sysctl-a | grep TCP

To set a single Sysctl value:

Sysctl-w Variable=value
Example:sysctl-w net.netfilter.nf_conntrack_tcp_timeout_time_wait=30

TCP Parameters to consider

Tcp_fin_timeout
This setting determines the time, must elapse before TCP/IP can release a closed connection and reuse its resources. During this time_wait state, reopening the connection to the client costs less than establishing a new connection. By reducing the value of this entry, TCP/IP can release closed connections faster, making more resources available for new Connections. Adjust this on the presence of many connections sitting in the TIME_WAIT state:

sysctl.conf Syntax:
Net.ipv4.tcp_fin_timeout = 15

(Default:60 seconds, recommended 15-30 seconds)

Alternative rc.local Syntax:
echo >/proc/sys/net/ipv4/tcp_fin_timeout

Tcp_keepalive_interval
This determines the wait time between isAlive interval probes. To set:

sysctl.conf Syntax:
NET.IPV4.TCP_KEEPALIVE_INTVL = 30

(default:75 seconds, recommended:15-30 seconds)

Alternative rc.local Syntax:
echo >/PROC/SYS/NET/IPV4/TCP_KEEPALIVE_INTVL

Tcp_keepalive_probes
This determines the number of probes before timing out. To set:

sysctl.conf Syntax:
Net.ipv4.tcp_keepalive_probes = 5

(Default:9, recommended 5)

Alternative rc.local Syntax:
Echo 5 >/proc/sys/net/ipv4/tcp_keepalive_probes

Tcp_tw_recycle
It enables fast recycling of time_wait sockets. The default value is 0 (disabled). The SYSCTL documentation incorrectly states the default as enabled. It can be changed-to-1 (enabled) in many cases. Known to cause some issues with hoststated (load balancing and fail over) if enabled, should is used with caution.

sysctl.conf Syntax:
Net.ipv4.tcp_tw_recycle=1

(Boolean, default:0)

Alternative rc.local Syntax:
Echo 1 >/proc/sys/net/ipv4/tcp_tw_recycle

Tcp_tw_reuse
This allows reusing sockets in Time_wait state for the new connections when it's safe from protocol viewpoint. Default value is 0 (disabled). It's generally a safer alternative to tcp_tw_recycle

sysctl.conf Syntax:
Net.ipv4.tcp_tw_reuse=1

(Boolean, default:0)

Alternative rc.local Syntax:
Echo 1 >/proc/sys/net/ipv4/tcp_tw_reuse

Note:the Tcp_tw_reuse setting is particularly useful in environments where numerous short connections be open and left I n time_wait state, such as Web servers. Reusing the sockets can is very effective in reducing server load.

Linux NetFilter Tweaks

Try this for a list NetFilter parameters:sysctl-a | grep netfilter

We can add the following commands to the/etc/sysctl.conf file to tune individual parameters, as follows.
To reduce the number of connections in time_wait state, we can decrease the number of seconds connections is kept in this State before being dropped:

# reduce time_wait from the 120s default to 30-60s
Net.netfilter.nf_conntrack_tcp_timeout_time_wait=30
# reduce fin_wait from teh 120s default to 30-60s
Net.netfilter.nf_conntrack_tcp_timeout_fin_wait=30

You can commit the sysctl.conf changes without rebooting (and test for possible syntax errors) by executing:sysctl-p
To check sysctl parameters, use:sysctl-a

Misc notes:you may want to reduce net.netfilter.nf_conntrack_tcp_timeout_established to or some manageable number as Well.
To check the actual number of current connections in the TIME_WAIT state, for example, Try:netstat-n | grep time_wait | Wc-l

Kernel Recompile Option

There is another method one can use to directly set the default TCP/IP parameters, involving kernel recompile ... If you ' re brave enough. Look for the parameters in the following files:
/linux-source-dir/include/linux/skbuff.h (Look for Sk_wmem_max & Sk_rmem_max)
/linux-source-dir/include/net/tcp.h (Look for Max_window & Min_window)

Determine Connection states

It is often useful to decrease some of the TCP timeouts to release resources faster and reduce memory use, the default TCP Timeouts may leave too many connections on the TIME_WAIT state. To see a list of all current connections to the machine and their states, try:

Netstat-tan | grep ': 80 ' | awk ' {print $6} ' | Sort | Uniq-c

You'll be presented with a list similar to the following:

4 CLOSING
Established
4 fin_wait1
Fin_wait2
Last_ack
1 LISTEN
Ten SYN_RECV
273 Time_wait

This information can is very useful to determine whether for need to tweak some of the timeouts above.

SYN Flood Protection

These settings added to sysctl.conf would make a server more resistant to SYN flood attacks. Applying configures the kernel to use the SYN cookie mechanism, with a backlog queue of 1024x768 connections, also setting th e SYN and Syn/ack retries to a effective ceiling of about seconds. The defaults for these settings vary depending on kernel version and distribution if want to check them with SYSC tl-a | grep syn

Net.ipv4.tcp_max_syn_backlog = 1024
Net.ipv4.tcp_syn_retries = 6
Net.ipv4.tcp_synack_retries = 3
Net.ipv4.tcp_syncookies = 1

Notes:the default SYN retries cycle under Linux doubles every time, so 5 retries means:the original packet, 3s, 6s, 12s, 24s.: 6th retry is 48s. Under Bsd-derived kernels (including Mac OS X), the retry times triple instead.

References

TCP Variables
See also the complete Ip-sysctl parameters reference-here-

The TCP/IP parameters for tweaking

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.