"Tuning of kernel parameters within Linux"

Tuning 1 Tuning 2 tuning 3

vm.swappiness = Ten
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout =
Net.ipv4.tcp_keepalive_time =
Net.ipv4.ip_local_port_range = 1024x768 65000
net.ipv4.tcp_max_tw_buckets =
Net.ipv4.tcp_mem = 786432 1048576 1572864
Net.core.wmem_max = 873200
Net.core.rmem_max = 873200
Net.ipv4.tcp_wmem = 8192 436600 873200
Net.ipv4.tcp_rmem = 32768 436600 873200
Net.core.somaxconn =
Net.core.netdev_max_backlog = +
Net.ipv4.tcp_max_syn_backlog = 2048
Net.ipv4.tcp_retries2 = 5
NET.IPV4.TCP_KEEPALIVE_INTVL =
Net.ipv4.tcp_keepalive_probes = 3
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.conf.lo.arp_announce = 0
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.all.arp_announce = 0

#下面是iptables相关
Net.ipv4.ip_conntrack_max = 6553600
Net.ipv4.netfilter.ip_conntrack_max = 6553600
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established =
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait =
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait =
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait =
net.ipv4.neigh.default.gc_thresh1 = 10240
Net.ipv4.neigh.default.gc_thresh2 = 40960
Net.ipv4.neigh.default.gc_thresh3 = 81920


several explanations:

The size of the swappiness value is very much associated with how the swap partition is used. Swappiness=0 means to maximize the use of physical memory, then the swap space, swappiness=100 when the active use of the swap partition, and the memory of the data in a timely manner into the swap space. Two extreme, for the default setting of CentOS Linux 5, this value is equal to 60 and is recommended to be modified to 10.

net.ipv4.tcp_syncookies = 1
#表示开启SYN Cookies. When there is a SYN wait queue overflow, cookies are enabled to protect against a small number of SYN attacks, the default is 0, which means close;
net.ipv4.tcp_tw_reuse = 1
#表示开启重用. Allows time-wait sockets to be re-used for new TCP connections, which defaults to 0, which means shutdown;
net.ipv4.tcp_tw_recycle = 1
#表示开启TCP连接中TIME-wait sockets, the default is 0, which means close.
net.ipv4.tcp_fin_timeout =
#表示如果套接字由本端要求关闭, this parameter determines how long it remains in the fin-wait-2 state.
Net.ipv4.tcp_keepalive_time =
#表示当keepalive起用的时候, the frequency at which TCP sends keepalive messages. The default is 2 hours, which is changed to 20 minutes.
Net.ipv4.ip_local_port_range = 1024x768 65000
#表示用于向外连接的端口范围. Small by default: 32768 to 61000, 1024 to 65000.

net.ipv4.tcp_max_tw_buckets =
#表示系统同时保持TIME_WAIT套接字的最大数量, if this number is exceeded,
#TIME_WAIT套接字将立刻被清除并打印警告信息. The default is 180000, which changes to 5000.
#对于Apache, Nginx and other servers, the parameters of the last few lines can be a good way to reduce the number of time_wait sockets,
#但是对于Squid, but not very effective. This parameter controls the maximum number of time_wait sockets, preventing squid servers from being dragged to death by a large number of time_wait sockets.


parameter Description: ARP supports a sysctl interface that can be used to configure global parameters or to be configured on a network-by-interface basis. The sysctl can be accessed through the/proc/sys/net/ipv4/neigh/*/* file or by using the SYSCTL (2) interface. Each interface in the system has its own directory in/proc/sys/net/ipv4/neigh/. The settings in the ' default ' directory are used for all new devices. Sysctl The associated time is in seconds, unless specifically stated.
Anycast_delay the maximum delay time for replies to IPv6 adjacent request information; Anycast is currently not supported.　　The default value is 1 seconds. App_solicit This is the maximum number of probes (probe) that are sent through the network connection to the user Gap ARP port monitor before using the multicast probe (multicast probe) (see MCAST_SOLICIT).　　The default value is 0. Base_reachable_time once an adjacent record is found, the record is valid for at least a random time between BASE_REACHABLE_TIME/2 and 3*BASE_REACHABLE_TIME/2. If you receive positive feedback from the upper level agreement, the validity period of the record will be extended.　　The default value is 30 seconds. Delay_first_probe_time when an adjacent layer record is found to be invalid (stale), the time to wait for the first probe to be emitted.　　The default value is 5 seconds.　　The default is 30 seconds for Gc_interval to collect garbage collection programs that record unwanted records from adjacent layers. Gc_stale_time decided to check the validity period of the adjacent layer record. When an adjacent layer record fails, it is parsed again before it is sent to the data.　　The default value is 60 seconds. GC_THRESH1 the minimum number of layers that exist in the ARP cache, and if less than this, the garbage collector will not run.　　The default value is 128. Gc_thresh2 the maximum record soft limit that is saved in the ARP cache. The garbage collector allows the number of records to exceed this number by 5 seconds before starting the collection.　　The default value is 512. Gc_thresh3 the hard limit of the maximum records saved in the ARP cache, the garbage collector will run as soon as the number of caches is higher.　　The default value is 1024. Locktime ARP records the minimum time (jiffy number) stored in the cache to prevent multiple possible mappings (potential mapping), the thrashing of the ARP cache system (often due to misconfiguration of the network).　　The default value is 1 seconds.　　Mcast_solicit the maximum number of times the address is resolved with multicast/broadcast (MULTICAST/BROADCAST) before the record is marked as unreachable.　　The default value is 3. Proxy_delay when receiving an ARP request with a known proxy ARP address, the number of Jiffy (time units, see bugs) can be deferred before the response. This way, to prevent cyber storms.　　The default value is 0.8 seconds. The Proxy_qlen can be placed in the proxy ARP address queue (Proxy-arp addresThe maximum number of packets for SES).　　The default value is 64. Retrans_time the number of wait Jiffy (time units, see Bugs) before a request is re-sent.　　The default value is 1 seconds. Ucast_solicit the number of attempts to send a single probe (unicast probe) before the ARP port monitor is queried.　　(see APP_SOLICIT). The default value is 3 seconds. Unres_qlen the maximum number of packets that can be stored in a queue for each address that is not resolved by another network layer. The default value is 3.

$/proc/sys/net/core/wmem_max
maximum socket write buffer, with reference to the optimized value: 873200

$/proc/sys/net/core/rmem_max
maximum socket read buffer, with reference to optimized values: 873200

$/proc/sys/net/ipv4/tcp_wmem
TCP Write buffer, reference to optimized values: 8192 436600 873200

$/proc/sys/net/ipv4/tcp_rmem
TCP read buffer, reference to optimized values: 32768 436600 873200

$/proc/sys/net/ipv4/tcp_mem
There are also 3 values, meaning:
Net.ipv4.tcp_mem[0]: Below this value, TCP has no memory pressure.
Net.ipv4.tcp_mem[1]: Under this value, enter the memory pressure phase.
Net.ipv4.tcp_mem[2]: Above this value, TCP refuses to allocate the socket.
The above memory units are pages, not bytes.
A reference to the optimized value is: 786432 1048576 1572864

$/proc/sys/net/core/netdev_max_backlog
Enter the maximum device queue for the package. The default is 300, which is too low for heavy-duty servers to be adjusted to.

$/proc/sys/net/core/somaxconn
The default parameter of Listen (), the maximum number of pending requests. The default is 128. For busy servers, increasing this value helps network performance.
can be adjusted to the.

$/proc/sys/net/core/optmem_max
the maximum initialization value for socket buffer, default 10K.

$/proc/sys/net/ipv4/tcp_max_syn_backlog
Enter the maximum request queue for the SYN packet. Default 1024. For heavy-duty servers, it is obviously beneficial to increase this value.
can be adjusted to 2048.

$/proc/sys/net/ipv4/tcp_retries2
TCP failed retransmission, the default value of 15, meaning to focus on 15 times to completely discard. Reduce to 5 to release kernel resources as early as possible .

$/proc/sys/net/ipv4/tcp_keepalive_time
$/PROC/SYS/NET/IPV4/TCP_KEEPALIVE_INTVL
$/proc/sys/net/ipv4/tcp_keepalive_probes
These 3 parameters are related to TCP keepalive. The default value is:

tcp_keepalive_time = 7200 seconds (2 hours)
Tcp_keepalive_probes = 9
TCP_KEEPALIVE_INTVL = seconds

This means that if a TCP connection has been idle for 2 hours, the kernel will not initiate probe. If probe 9 times (75 seconds each) is unsuccessful, the kernel simply abandons it and considers the connection to be invalid. The above values are obviously too large for the server. Adjustable to:

/proc/sys/net/ipv4/tcp_keepalive_time 1800
/PROC/SYS/NET/IPV4/TCP_KEEPALIVE_INTVL
/proc/sys/net/ipv4/tcp_keepalive_probes 3

$ proc/sys/net/ipv4/ip_local_port_range
specifies a configuration for the port range, which defaults to 32768 61000, which is large enough.

"Tuning of kernel parameters within Linux"