Use sysctl to adjust the Linux operating system performance

Sysctl is an interface that allows you to change the running Linux system. It includes some advanced options for TCP/IP stacks and virtual memory systems, which allows experienced administrators to improve system performance. You can use sysctl to read over five hundred system variables. Based on this, sysctl (8) provides two functions: Read and modify system settings.

View All readable variables:

% Sysctl-

Read a specified variable, such as Kern. maxproc:

% Sysctl Kern. maxproc Kern. maxproc: 1044

To set a specified variable, use the syntax variable = value:

# Sysctl Kern. maxfiles = 5000

Kern. maxfiles: 2088-> 5000

Sysctl-W

-W use this option when you want to change a sysctl setting.

Note that this parameter is used to change the current value, namely, the value under the Virtual File System/proc.

Sysctl-P

-P load in sysctl settings from the file specified or/etc/sysctl. conf if none given. specifying-as filename means reading data from standard input.

Note: Specify the configuration file to be loaded and display parameters. If the file loading path is not specified, the default value is/etc/sysctl. conf.

For example, if you add a parameter to/etc/sysctl. conf,

Echo "net. ipv4.tcp _ keepalive_time = 20">/etc/sysctl. conf

Run sysctl-P to reload the configuration file, so that the parameters added to the configuration file will take effect immediately. All parameters in the configuration file will be displayed.

You can use sysctl to modify system variables, or edit the sysctl. conf file to modify system variables. Sysctl. conf looks like RC. conf. It sets the value in the form of variable = value. The specified value is set after the system enters multi-user mode. Not all variables can be set in this mode.

The sysctl variable is usually set as a string, number, or Boolean. (Boolean uses 1 to represent 'yes', and 0 to represent 'no ').

###############################

Net. inet. IP. sourceroute = 0

Net. inet. IP. accept_sourceroute = 0

#############################

Through source routing, attackers can try to reach the internal IP address, including the address in rfc1918, so

The source route information package is not accepted to prevent your internal network from being detected.

#################################

Net. inet. tcp. drop_synfin = 1

###################################

Security parameter. Options tcp_drop_synfin is added during kernel compilation to prevent some OS Detection.

##################################

Kernel. maxvnodes = 8446

Vnode is an internal expression of a file or directory. Therefore, increasing the number of vnodes that can be used by the operating system will reduce the disk I/O.

Generally, this is done by the operating system and does not need to be modified. However, in some cases, disk I/O may become a bottleneck,

If the system has insufficient vnodes, this configuration should be added. In this case, we need to consider the number of inactive and idle memory.

To view the number of currently used vnodes:

# Sysctl VFS. numvnodes

VFS. numvnodes: 91349

To view the maximum number of available vnodes:

# Sysctl Kern. maxvnodes

Kern. maxvnodes: 100000

If the current vnode usage is close to the maximum value, it may be a good idea to increase the Kern. maxvnodes value by 1,000.

You should continue to view the value of VFS. numvnodes,

You still need to continue to improve Kern. maxvnodes. The memory usage displayed in top (1) should change significantly,

More memory will be active.

####################################

Kern. maxproc: 964

Maximum number of processes

####################################

Kern. maxprocperuid: 867

Maximum processes allowed per userid

####################################

Because my maxusers settings are 4116, 20 + 16 * maxusers =.

Maxprocperuid must be at least 1 less than maxproc, because the system program Init (8) must be in operation.

The 2068 I set for it.

Kern. maxfiles: 1928

The system supports the maximum number of files that can be enabled at the same time. If you are running a database or a large process that eats descriptor, you should set it to more than 20000,

For a desktop environment such as Kde, it uses a lot of files at the same time.

It is generally recommended to set 32768 or 65536.

####################################

Kern. argmax: 262144

Maximum number of bytes (or characters) in an argument list.

The most supported parameters in the command line. For example, when you use the find command to batch delete some files

Find.-Name "*. Old"-Delete. If the number of files exceeds this number, you will be prompted to have too many numbers.

You can use find.-Name "*. Old"-OK RM {}; to delete it.

The default parameters are enough, so we do not recommend that you modify them.

####################################

Kern. securelevel:-1

-1: This is the default system level and does not provide any kernel protection errors;

0: basically, it does not work much. When your system is just started up, it will become Level 1 automatically when it enters multi-user mode.

1: At this level, there are several restrictions:

A. You cannot use kldload or kldunload to load or Uninstall a kernel module;

B. applications cannot write memory directly through/dev/MEM or/dev/kmem;

C. You cannot directly write to a mounted disk, that is, you cannot format the disk, but you can perform write operations through the standard kernel interface;

D. You cannot start X-Windows or use chflags to modify file attributes;

2: On the basis of level 1, you cannot write unmounted disks, and you cannot create multiple warnings within one second. This prevents the DOS console;

3: You cannot modify the rules of the ipfw firewall at Level 2.

If you have installed a firewall and configured the rules, it is recommended that you use three levels. If you have not installed a firewall and are still preparing to install a firewall, it is not recommended.

We recommend using level 2 to avoid many kernel attacks.

####################################

Kern. maxfilesperproc: 1735

The maximum number of files that can be opened by each process at the same time. Many materials on the Internet write 32768.

Unless asynchronous I/O or a large number of threads are used, opening so many files may be abnormal.

I personally recommend that you do not modify it. Keep the default value.

####################################

Kern. IPC. maxsockbuf: 262144

The maximum Socket buffer. We recommend that you set it to 2097152 (2 m) and 8388608 (8 m) on the Internet.

I personally recommend that you do not modify it. Keep the default K value. A large buffer may cause fragmentation, blocking, or packet loss.

####################################

Kern. IPC. somaxconn: 128

The maximum size of the socket queue waiting for connection completion, that is, the number of concurrent connections.

High-load servers and DOS-attacked systems may be congested and cannot provide normal services.

The default value is 128. We recommend that you change the value between and based on the actual situation. The larger the number, the larger the memory usage.

####################################

Kern. IPC. nmbclusters: 4800

This value is used to adjust the number of clusters allocated to the network mbufs after the system is started,

Because the size of each cluster is 2 K, 2 MB of core memory space is used when the value is 1024.

Suppose there are about 1000 web pages online at the same time, and the size of the temporary storage zone for TCP transmission and receipt is 16 kb,

In the worst case, we need (16 K + 16 k) * 1024, that is, 32 MB space,

However, the required mbufs is about twice the space, that is, 64 MB, so the number of clusters required is 64 MB/2 K, that is, 32768.

For machines with limited memory, the recommended value is between 1024 and 4096, and when there is a massive storage space, we can set it to 4096 to 32768.

We can use the netstat command and add the parameter-m to view the number of mbufs currently in use.

To modify this value, it must be modified on the server. Therefore, you can only add the modification settings to/boot/loader. conf.

Kern. IPC. nmbclusters = 32768

####################################

Kern. IPC. shmmax: 33554432

Shared Memory and signal lights ("system vipc") if these are too small, some large software will not be able to start

When xine and mplayer are installed, the prompt is set to 67108864, that is, 64 m,

If the memory is large, it can be set to 134217728, that is, 128 M.

####################################

Kern. IPC. Shmall: 8192

Shared Memory and signal lights ("system vipc") if these are too small, some large software will not be able to start

The prompt for installing xine and mplayer is set to 32768.

####################################

Kern. IPC. shm_use_phys: 0

If we set it to 1, all system V shared memory (share memory, a way of Inter-program communication) will be left in the physical memory (physical memory,

Instead of the swap space on the hard disk. We know that the physical memory is much faster to access than the hard disk, and when the physical memory space is insufficient,

Some data will be stored in the virtual memory. The transfer from the physical memory to the virtual memory is called swap. If swap operations are often performed,

You need to always perform I/O on the hard disk, and the speed will be very slow. Therefore, if we have a large number of programs (hundreds) that need to share a small shared memory space,

Or when the shared memory space is large, we can open this value.

I personally recommend that you do not modify this item unless your memory is very large.

####################################

Kern. IPC. shm_allow_removed: 0

Can shared memory be removed? This seems to have to be set to 1 for VMware to be installed on FB. Otherwise, an error message is prompted when loading svga.

As a server, this does not move.

####################################

Kern. IPC. numopensockets: 12

The number of opened sockets. You can check the number of opened sockets during the busiest period, and then you can know how many sockets maxsockets should be set.

####################################

Kern. IPC. maxsockets: 1928

This is used to set the maximum number of sockets that can be enabled by the system. If your server provides a large number of FTP services,

In addition, small files are frequently transmitted quickly, and you may find that the data is interrupted when it is often transmitted to half. Because ftp transfers files,

Each file must enable a socket for transmission, but it takes some time to close the socket. If the transmission speed is fast,

If there are too many files, the socket opened at the same time will exceed the value permitted by the original system. In this case, we must increase the value.

In addition to FTP, other network programs may also have this problem.

However, this value must be set when the system is started, so if you want to modify this setting, you must modify/boot/loader. conf.

Kern. IPC. maxsockets = "16424"

####################################

Kern. ip. nsfbufs: 1456

Sendfile (2) is often used on busy servers called by the system,

It is necessary to set the value of nsfbufs kernel option or in/boot/loader. conf (view loader (8) for more details) to adjust the number of sendfile (2) caches.

The common reason for this parameter to be adjusted is that the sfbufa status is displayed in the process. The sysctl Kern. IPC. nsfbufs variable is read-only in the Kernel configuration variable.

This parameter is determined by Kern. maxusers, but it may need to be adjusted accordingly.

Add in/boot/loader. conf

Kern. IPC. nsfbufs = "2496"

####################################

Kern. maxusers: 59

The value of maxusers determines the maximum value allowed by the processing program. 20 + 16 * maxusers is the allowed processing program you will obtain.

When the system starts, there must be 18 processes. Even a simple execution command man will generate nine processes,

Therefore, setting this value to 64 is a reasonable number.

If your system displays the proc table full message, you can set it to a larger value, such as 128.

Unless your system needs to enable many files at the same time, do not set it to more than 256.

You can add the setting of this option in/boot/loader. conf,

Kern. maxusers = 256

####################################

Kern. coredump: 1

If it is set to 0, the core file will not be generated when the program unexpectedly exits, as the server. We do not recommend this.

####################################

Kern. corefile: % N. Core

It can be set to Kern. corefile = "/data/coredump/% u-% P-% N. Core"

Here, % u is uid, % P is process ID, and % N is process name. Of course,/data/coredump must be an actual directory.

####################################

VM. swap_idle_enabled: 0

VM. swap_idle_threshold1: 2

VM. swap_idle_threshold2: 10

#########################

It is useful in a large multi-user system with many users entering and leaving the system and many idle processes.

It allows the process to enter the memory faster, but it will consume more swap and disk bandwidth.

The default page Scheduling Algorithm of the system is quite good, so it is best not to change it.

########################

VFS. UFS. dirhash_maxmem: 2097152

#########################

Default dirhash maximum memory, default 2 m

It helps improve the performance of reading directories repeatedly when a single directory contains more than files

It is recommended to change to 33554432 (32 m)

#############################

VFS. vmiodirenable: 1

#################

This variable controls whether the directory is cached by the system. Most directories are small. In the system, only a single segment (typically 1 K) is used and the cache size is smaller (typically 512 bytes ).

When this variable is set to off (0), the cache only caches a fixed number of directories, even if you have a large amount of memory.

When it is enabled (set to 1), the cache can use VM page cache to cache these directories, so that all available memory can cache directories.

The disadvantage is that the minimum core memory used to cache directories is the physical page size larger than 512 bytes (usually 4 K ).

We recommend that you keep the default value when this option is enabled when running programs that operate on a large number of files.

These services include Web Cache, large-capacity mail system, and news system.

Although some memory may be wasted, enabling this option usually does not reduce performance. But we should check it.

####################

VFS. hirunningspace: 1048576

############################

This value determines how much data can be stored in the waiting zone of the storage device. You can use the default value,

But when we have multiple hard disks, we can increase them to 4 MB or 5 MB.

Note that setting this value to a high value (beyond the write limit of the cache) will lead to bad performance.

Do not set it too high blindly! A high value may lead to a delay in reading operations at the same time.

#############################

VFS. write_behind: 1

#########################

This option is set to 1 by default, that is, the enabled status. When the system needs to write data to the hard disk or other storage devices,

It will wait until the data of a cluster unit is collected and then write again, otherwise it will be written to the hard disk immediately when there is a need to write data in a temporary storage space.

This option is very helpful for writing a large continuous file. However, you may have to disable this feature if you encounter many write operations that are delayed.

############################

Net. Local. Stream. sendspace: 8192

##################################

Data sending space connected by local socket

Recommended to 65536

###################################

Net. Local. Stream. recvspace: 8192

##################################

Data receiving space connected by local socket

Recommended to 65536

###################################

Net. inet. IP. portrange. lowfirst: 1023

Net. inet. IP. portrange. lowlast: 600

Net. inet. IP. portrange. First: 49152

Net. inet. IP. portrange. Last: 65535

Net. inet. IP. portrange. hifirst: 49152

Net. inet. IP. portrange. hilast: 65535

###################

The preceding six items are used to control the port range used by TCP and UDP. The range is divided into three parts: low range, preset range, and high range.

These are the range of temporary ports when your server initiates a connection. The preset port number is more than 10 thousand, which is sufficient for general applications.

If the FTP server is busy, it is generally not provided to more than 10 thousand users at the same time,

Of course, if your server needs to provide a lot, you can modify the value of first, for example, directly starting with 1024.

#########################

Net. inet. IP. Redirect: 1

#########################

Set to 0 to block IP redirection.

###########################

Net. inet. IP. rtexpire: 3600

Net. inet. IP. rtminexpire: 10

########################

Many Apache close_wait statuses are waiting for the client to close, but the client does not close normally, so there are many such statuses.

We recommend that you change it to 2.

#########################

The above content has not been verified on this site. Please use sysctl grep option to search for the default options before use. Please be careful when selecting options that cannot be searched by commands, the system may fail to be started or some system functions may be abnormal.