如何設定Sysctl.conf用以提高Linux的效能(最完整的)

來源:互聯網
上載者:User

   Sysctl是一個允許您改變正在運行中的Linux系統的介面。它包含一些 TCP/IP 堆棧和虛擬記憶體系統的進階選項, 這可以讓有經驗的管理員提高令人信服的系統效能。用sysctl可以讀取設定超過五百個系統變數。基於這點,sysctl(8) 提供兩個功能:讀取和修改系統設定。

  查看所有可讀變數:

  % sysctl -a

  讀一個指定的變數,例如 kern.maxproc:

  % sysctl kern.maxproc kern.maxproc: 1044

  要設定一個指定的變數,直接用 variable=value 這樣的文法:

  # sysctl kern.maxfiles=5000

  kern.maxfiles: 2088 -> 5000

  您可以使用sysctl修改系統變數,也可以通過編輯sysctl.conf檔案來修改系統變數。sysctl.conf 看起來很像 rc.conf。它用 variable=value 的形式來設定值。指定的值在系統進入多使用者模式之後被設定。並不是所有的變數都可以在這個模式下設定。

  sysctl 變數的設定通常是字串、數字或者布爾型。 (布爾型用 1 來表示’yes’,用 0 來表示’no’)。

  sysctl -w kernel.sysrq=0

  sysctl -w kernel.core_uses_pid=1

  sysctl -w net.ipv4.conf.default.accept_redirects=0

  sysctl -w net.ipv4.conf.default.accept_source_route=0

  sysctl -w net.ipv4.conf.default.rp_filter=1

  sysctl -w net.ipv4.tcp_syncookies=1

  sysctl -w net.ipv4.tcp_max_syn_backlog=2048

  sysctl -w net.ipv4.tcp_fin_timeout=30

  sysctl -w net.ipv4.tcp_synack_retries=2

  sysctl -w net.ipv4.tcp_keepalive_time=3600

  sysctl -w net.ipv4.tcp_window_scaling=1

  sysctl -w net.ipv4.tcp_sack=1

  配置sysctl

  編輯此檔案:

  vi /etc/sysctl.conf

  如果該檔案為空白,則輸入以下內容,否則請根據情況自己做調整:

  # Controls source route verification

  # Default should work for all interfaces

  net.ipv4.conf.default.rp_filter = 1

  # net.ipv4.conf.all.rp_filter = 1

  # net.ipv4.conf.lo.rp_filter = 1

  # net.ipv4.conf.eth0.rp_filter = 1

  # Disables IP source routing

  # Default should work for all interfaces

  net.ipv4.conf.default.accept_source_route = 0

  # net.ipv4.conf.all.accept_source_route = 0

  # net.ipv4.conf.lo.accept_source_route = 0

  # net.ipv4.conf.eth0.accept_source_route = 0

  # Controls the System Request debugging functionality of the kernel

  kernel.sysrq = 0

  # Controls whether core dumps will append the PID to the core filename.

  # Useful for debugging multi-threaded applications.

  kernel.core_uses_pid = 1

  # Increase maximum amount of memory allocated to shm

  # Only uncomment if needed!

  # kernel.shmmax = 67108864

  # Disable ICMP Redirect Acceptance

  # Default should work for all interfaces

  net.ipv4.conf.default.accept_redirects = 0

  # net.ipv4.conf.all.accept_redirects = 0

  # net.ipv4.conf.lo.accept_redirects = 0

  # net.ipv4.conf.eth0.accept_redirects = 0

  # Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets

  # Default should work for all interfaces

  net.ipv4.conf.default.log_martians = 1

  # net.ipv4.conf.all.log_martians = 1

  # net.ipv4.conf.lo.log_martians = 1

  # net.ipv4.conf.eth0.log_martians = 1

  # Decrease the time default value for tcp_fin_timeout connection

  net.ipv4.tcp_fin_timeout = 25

  # Decrease the time default value for tcp_keepalive_time connection

  net.ipv4.tcp_keepalive_time = 1200

  # Turn on the tcp_window_scaling

  net.ipv4.tcp_window_scaling = 1

  # Turn on the tcp_sack

  net.ipv4.tcp_sack = 1

  # tcp_fack should be on because of sack

  net.ipv4.tcp_fack = 1

  # Turn on the tcp_timestamps

  net.ipv4.tcp_timestamps = 1

  # Enable TCP SYN Cookie Protection

  net.ipv4.tcp_syncookies = 1

  # Enable ignoring broadcasts request

  net.ipv4.icmp_echo_ignore_broadcasts = 1

  # Enable bad error message Protection

  net.ipv4.icmp_ignore_bogus_error_responses = 1

  # Make more local ports available

  # net.ipv4.ip_local_port_range = 1024 65000

  # Set TCP Re-Ordering value in kernel to ‘5′

  net.ipv4.tcp_reordering = 5

  # Lower syn retry rates

  net.ipv4.tcp_synack_retries = 2

  net.ipv4.tcp_syn_retries = 3

  # Set Max SYN Backlog to ‘2048′

  net.ipv4.tcp_max_syn_backlog = 2048

  # Various Settings

  net.core.netdev_max_backlog = 1024

  # Increase the maximum number of skb-heads to be cached

  net.core.hot_list_length = 256

  # Increase the tcp-time-wait buckets pool size

  net.ipv4.tcp_max_tw_buckets = 360000

  # This will increase the amount of memory available for socket input/output queues

  net.core.rmem_default = 65535

  net.core.rmem_max = 8388608

  net.ipv4.tcp_rmem = 4096 87380 8388608

  net.core.wmem_default = 65535

  net.core.wmem_max = 8388608

  net.ipv4.tcp_wmem = 4096 65535 8388608

  net.ipv4.tcp_mem = 8388608 8388608 8388608

  net.core.optmem_max = 40960

  如果希望屏蔽別人 ping 你的主機,則加入以下代碼:

  # Disable ping requests

相關文章

Beyond APAC's No.1 Cloud

19.6% IaaS Market Share in Asia Pacific - Gartner IT Service report, 2018

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

聯繫我們

該頁面正文內容均來源於網絡整理,並不代表阿里雲官方的觀點,該頁面所提到的產品和服務也與阿里云無關,如果該頁面內容對您造成了困擾,歡迎寫郵件給我們,收到郵件我們將在5個工作日內處理。

如果您發現本社區中有涉嫌抄襲的內容,歡迎發送郵件至: info-contact@alibabacloud.com 進行舉報並提供相關證據,工作人員會在 5 個工作天內聯絡您,一經查實,本站將立刻刪除涉嫌侵權內容。