linux network optimize with sysctl

转载 2007年09月20日 02:31:00
原贴:http://www.fcicq.net/wp/?p=197

linux network optimize with sysctl

<script type="text/javascript"><!-- google_ad_client = "pub-4541717095573647"; google_ad_width = 250; google_ad_height = 250; google_ad_format = "250x250_as"; google_ad_type = "text_image"; //2007-06-10: content google_ad_channel = "2351211918"; google_color_border = "336699"; google_color_bg = "FFFFFF"; google_color_link = "0000FF"; google_color_text = "000000"; google_color_url = "008000"; //--> </script> <script src="http://pagead2.googlesyndication.com/pagead/show_ads.js" type="text/javascript"> </script> <iframe width="250" scrolling="no" height="250" frameborder="0" allowtransparency="true" hspace="0" vspace="0" marginheight="0" marginwidth="0" src="http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-4541717095573647&amp;dt=1190224319615&amp;lmt=1190224317&amp;format=250x250_as&amp;output=html&amp;correlator=1190224319614&amp;channel=2351211918&amp;url=http%3A%2F%2Fwww.fcicq.net%2Fwp%2F%3Fp%3D197&amp;color_bg=FFFFFF&amp;color_text=000000&amp;color_link=0000FF&amp;color_url=008000&amp;color_border=336699&amp;ad_type=text_image&amp;ref=http%3A%2F%2Fwww.google.cn%2Fsearch%3Fcomplete%3D1%26hl%3Dzh-CN%26ie%3DGB2312%26q%3Dlinux%2Bnet.core.netdev_max_backlog%26btnG%3DGoogle%2B%25CB%25D1%25CB%25F7%26meta%3D&amp;cc=100&amp;ga_vid=1221258047.1190224320&amp;ga_sid=1190224320&amp;ga_hid=1982649358&amp;flash=9&amp;u_h=800&amp;u_w=1280&amp;u_ah=776&amp;u_aw=1280&amp;u_cd=24&amp;u_tz=480&amp;u_his=1&amp;u_nplug=2&amp;u_nmime=3" name="google_ads_frame"></iframe>

Disabling the TCP options reduces the overhead of each TCP packet and might help to get the last few percent of performance out of the server. Be aware that disabling these options most likely decreases performance for high-latency and lossy links.
* net.ipv4.tcp_sack = 0
* net.ipv4.tcp_timestamps = 0

Increasing the TCP send and receive buffers will increase the performance a lot if (and only if) you have a lot of large files to send.

* net.ipv4.tcp_wmem = 4096 65536 524288
* net.core.wmem_max = 1048576

If you have a lot of large file uploads, increasing the receive buffers will help.

* net.ipv4.tcp_rmem = 4096 87380 524288
* net.core.rmem_max = 1048576

# These ensure that TIME_WAIT ports either get reused or closed fast.
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_tw_recycle = 1
# TCP memory
net.core.rmem_max = 16777216
net.core.rmem_default = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144

net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2

# you shouldn’t be using conntrack on a heavily loaded server anyway, but these are
# suitably high for our uses, insuring that if conntrack gets turned on, the box doesn’t die
net.ipv4.ip_conntrack_max = 1048576
net.nf_conntrack_max = 1048576

# increase Linux TCP buffer limits
echo 8388608 > /proc/sys/net/core/rmem_max
echo 8388608 > /proc/sys/net/core/wmem_max

# increase Linux autotuning TCP buffer limits
echo "4096 87380 8388608" > /proc/sys/net/ipv4/tcp_rmem
echo "4096 65536 8388608" > /proc/sys/net/ipv4/tcp_wmem

#echo 65536 > /proc/sys/fs/file-max # physical RAM * 256/4

echo "1024 65000" > /proc/sys/net/ipv4/ip_local_port_range

#echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 8192 > /proc/sys/net/ipv4/tcp_max_syn_backlog
# Decrease the time default value for tcp_fin_timeout connection
#echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
#echo 3 > /proc/sys/net/ipv4/tcp_syn_retries
#echo 2 > /proc/sys/net/ipv4/tcp_retries1
# Decrease the time default value for tcp_keepalive_time connection
#echo 1800 >/proc/sys/net/ipv4/tcp_keepalive_time
# Turn off tcp_window_scaling
echo 0 >/proc/sys/net/ipv4/tcp_window_scaling
#echo "67108864" > /proc/sys/kernel/shmmax
# Turn off the tcp_sack
echo 0 >/proc/sys/net/ipv4/tcp_sack # This disables RFC2018 TCP Selective Acknowledgements
#Turn off tcp_timestamps
echo 0 >/proc/sys/net/ipv4/tcp_timestamps # This disables RFC1323 TCP timestamps
echo 5 > /proc/sys/kernel/panic # reboot 5 minutes later then kernel panic

the third:
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_syncookies = 1
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216

Tags: , ,
Bookmark on del.icio.us

友情提示: 评论在文章中所占比例虽然不大, 但它们是文章重要的组成部分.
今天如果你不收藏,明天文章就可能找不到了.

订阅 (By feedsky) (By feedburner)

<script type="text/javascript"><!-- google_ad_client = "pub-4541717095573647"; google_ad_width = 336; google_ad_height = 280; google_ad_format = "336x280_as"; google_ad_type = "text_image"; //2007-08-19: content-after google_ad_channel = "4456241149"; google_color_border = "336699"; google_color_bg = "FFFFFF"; google_color_link = "0000FF"; google_color_text = "000000"; google_color_url = "008000"; //--> </script> <script src="http://pagead2.googlesyndication.com/pagead/show_ads.js" type="text/javascript"> </script> <iframe width="336" scrolling="no" height="280" frameborder="0" allowtransparency="true" hspace="0" vspace="0" marginheight="0" marginwidth="0" src="http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-4541717095573647&amp;dt=1190224319657&amp;lmt=1190224317&amp;prev_fmts=250x250_as&amp;format=336x280_as&amp;output=html&amp;correlator=1190224319614&amp;channel=4456241149&amp;url=http%3A%2F%2Fwww.fcicq.net%2Fwp%2F%3Fp%3D197&amp;color_bg=FFFFFF&amp;color_text=000000&amp;color_link=0000FF&amp;color_url=008000&amp;color_border=336699&amp;ad_type=text_image&amp;ref=http%3A%2F%2Fwww.google.cn%2Fsearch%3Fcomplete%3D1%26hl%3Dzh-CN%26ie%3DGB2312%26q%3Dlinux%2Bnet.core.netdev_max_backlog%26btnG%3DGoogle%2B%25CB%25D1%25CB%25F7%26meta%3D&amp;cc=100&amp;ga_vid=1221258047.1190224320&amp;ga_sid=1190224320&amp;ga_hid=1982649358&amp;flash=9&amp;u_h=800&amp;u_w=1280&amp;u_ah=776&amp;u_aw=1280&amp;u_cd=24&amp;u_tz=480&amp;u_his=1&amp;u_nplug=2&amp;u_nmime=3" name="google_ads_frame"></iframe>

4 Comments »

  1. fcicq said,

    July 29, 2007 @ 14:07:35

    Lot of tuning

    # Disables packet forwarding
    net.ipv4.ip_forward = 0
    # Enables source route verification
    net.ipv4.conf.default.rp_filter = 1
    # Disables the magic-sysrq key
    kernel.sysrq = 0
    # Decrease the time default value for tcp_fin_timeout connection
    net.ipv4.tcp_fin_timeout = 25
    # Decrease the time default value for tcp_keepalive_time connection
    net.ipv4.tcp_keepalive_time = 3600
    # Turn on the tcp_window_scaling
    net.ipv4.tcp_window_scaling = 1
    # Turn on the tcp_sack
    net.ipv4.tcp_sack = 1
    # tcp_fack should be on because of sack
    net.ipv4.tcp_fack = 1
    # Turn on the tcp_timestamps
    net.ipv4.tcp_timestamps = 1
    # Enable TCP SYN Cookie Protection
    net.ipv4.tcp_syncookies = 1
    # Enable ignoring broadcasts request
    net.ipv4.icmp_echo_ignore_broadcasts = 1
    # Disable ICMP Redirect Acceptance
    net.ipv4.conf.all.accept_redirects = 0
    # Enable bad error message Protection
    net.ipv4.icmp_ignore_bogus_error_responses = 1
    # Don’t Log Spoofed Packets, Source Routed Packets, Redirect Packets
    net.ipv4.conf.all.log_martians = 0
    # Make more local ports available
    net.ipv4.ip_local_port_range = 1024 65000
    # Increase maximum amount of memory allocated to shm
    kernel.shmmax = 1073741824
    # Improve file system performance
    vm.bdflush = 100 1200 128 512 15 5000 500 1884 2
    # This will increase the amount of memory available for socket input/output queues
    net.ipv4.tcp_rmem = 4096 25165824 25165824
    net.core.rmem_max = 25165824
    net.core.rmem_default = 25165824
    net.ipv4.tcp_wmem = 4096 65536 25165824
    net.core.wmem_max = 25165824
    net.core.wmem_default = 65536
    net.core.optmem_max = 25165824

    # If you are feeling daring, you can also use these settings below, otherwise just remove them. (Should increase performance)

    net.core.netdev_max_backlog = 2500
    net.ipv4.tcp_tw_recycle = 1
    net.ipv4.tcp_tw_reuse = 1

  2. fcicq said,

    July 29, 2007 @ 14:07:59

    net.ipv4.tcp_rmem = 4096 25165824 25165824
    net.core.rmem_max = 25165824
    net.core.rmem_default = 25165824
    net.ipv4.tcp_wmem = 4096 65536 25165824
    net.core.wmem_max = 25165824
    net.core.wmem_default = 65536

  3. fcicq said,

    July 29, 2007 @ 14:08:29

    # Disables packet forwarding
    net.ipv4.ip_forward=0

    # Disables IP source routing
    net.ipv4.conf.all.accept_source_route = 0
    net.ipv4.conf.lo.accept_source_route = 0
    net.ipv4.conf.eth0.accept_source_route = 0
    net.ipv4.conf.default.accept_source_route = 0

    # Enable IP spoofing protection, turn on source route verification
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.lo.rp_filter = 1
    net.ipv4.conf.eth0.rp_filter = 1
    net.ipv4.conf.default.rp_filter = 1

    # Disable ICMP Redirect Acceptance
    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.lo.accept_redirects = 0
    net.ipv4.conf.eth0.accept_redirects = 0
    net.ipv4.conf.default.accept_redirects = 0

    # Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
    net.ipv4.conf.all.log_martians = 0
    net.ipv4.conf.lo.log_martians = 0
    net.ipv4.conf.eth0.log_martians = 0

    # Disables IP source routing
    net.ipv4.conf.all.accept_source_route = 0
    net.ipv4.conf.lo.accept_source_route = 0
    net.ipv4.conf.eth0.accept_source_route = 0
    net.ipv4.conf.default.accept_source_route = 0

    # Enable IP spoofing protection, turn on source route verification
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.lo.rp_filter = 1
    net.ipv4.conf.eth0.rp_filter = 1
    net.ipv4.conf.default.rp_filter = 1

    # Disable ICMP Redirect Acceptance
    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.lo.accept_redirects = 0
    net.ipv4.conf.eth0.accept_redirects = 0
    net.ipv4.conf.default.accept_redirects = 0

    # Disables the magic-sysrq key
    kernel.sysrq = 0

    # Decrease the time default value for tcp_fin_timeout connection
    net.ipv4.tcp_fin_timeout = 15

    # Decrease the time default value for tcp_keepalive_time connection
    net.ipv4.tcp_keepalive_time = 1800

    # Turn off the tcp_window_scaling
    net.ipv4.tcp_window_scaling = 0

    # Turn off the tcp_sack
    net.ipv4.tcp_sack = 0

    # Turn off the tcp_timestamps
    net.ipv4.tcp_timestamps = 0

    # Enable TCP SYN Cookie Protection
    net.ipv4.tcp_syncookies = 1

    # Enable ignoring broadcasts request
    net.ipv4.icmp_echo_ignore_broadcasts = 1

    # Enable bad error message Protection
    net.ipv4.icmp_ignore_bogus_error_responses = 1

    # Log Spoofed Packets, Source Routed Packets, Redirect Packets
    net.ipv4.conf.all.log_martians = 1

    # Increases the size of the socket queue (effectively, q0).
    net.ipv4.tcp_max_syn_backlog = 1024

    # Increase the tcp-time-wait buckets pool size
    net.ipv4.tcp_max_tw_buckets = 1440000

    # Allowed local port range
    net.ipv4.ip_local_port_range = 16384 65536

  4. fcicq said,

    July 30, 2007 @ 14:50:16

    配置Linux内核如何更新dirty buffers到磁盘。
    当缓冲区内的数据完全dirty,使用:sysctl -w vm.bdflush=”30 500 0 0 500 3000 60 20 0″
    vm.bdflush有9个参数,但是建议只改变其中的3个:
    1 nfract, 为排队写入磁盘前,bdflush daemon允许的缓冲区最大百分比
    2 ndirty, 为bdflush即刻写的最大缓冲区的值。如果这个值很大,bdflush需要更多的时间完成磁盘的数据更新。
    7 nfract_sync, 发生同步前,缓冲区变dirty的最大百分比。
    配置kswapd daemon,指定Linux的内存交换页数量
    sysctl -w vm.kswapd=”1024 32 64″
    三个参数的描述如下:
    – tries_base 相当于内核每次所交换的“页”的数量的四倍。对于有很多交换信息的系统,增加这个值可以改进性能。
    – tries_min 是每次kswapd swaps出去的pages的最小数量。
    – swap_cluster 是kswapd 即刻写如的pages数量。数值小,会提高磁盘I/O的性能;数值大可能也会对请求队列产生负面影响。
    如果要对这些参数进行改动,请使用工具vmstat检查对性能的影响。其它可以改进性能的虚拟内存参数为:
    _ buffermem
    _ freepages
    _ overcommit_memory
    _ page-cluster
    _ pagecache
    _ pagetable_cache

· TrackBack URI

 

linux命令详解--网络配置、sysctl命令参数

【简 介】 懂得网络配置命令是一般技术人员必备的技术,经过一段时间的研究和学习,总结了一些常用的命令和示例以便日后查阅.   懂得网络配置命令是一般技术人员必备的技术,经过一段时间的研究和学习,总结了...
  • yusiguyuan
  • yusiguyuan
  • 2013年10月07日 22:14
  • 2946

sysctl: 深入使用Linux的必经之路

设置Sysctl.conf用以提高Linux的性能Sysctl是一个允许您改变正在运行中的Linux系统的接 口。它包含一些 TCP/IP 堆栈和虚拟内存系统的高级选项, 这可以让有经验的管理员...
  • locape
  • locape
  • 2011年03月31日 23:11
  • 9470

用sysctl调整linux内核参数

sysctl是一个允许您改变正在运行中的Linux系统的接口。它包含一些 TCP/IP 堆栈和虚拟内存系统的高级选项, 这可以让有经验的管理员提高引人注目的系统性能。用sysctl可以读取设置超过五百...
  • bb6lo
  • bb6lo
  • 2015年07月17日 16:31
  • 1728

Linux下sysctl函数的使用

昨天下午测试在Unix域套接口上使用数据报发描述字,发现如果接收端不收取的话,发送端最多发11个就阻塞住了,而且阻塞与否和数据报的字节数大小也没有关系。查了半天内核代码,确定是一个叫做unx.sysc...
  • HMSIWTV
  • HMSIWTV
  • 2012年12月14日 16:34
  • 2929

linux服务器历险之sysctl优化linux网络

1, 优化网络设备接收队列   net.core.netdev_max_backlog=3000    该文件表示在每个网络接口接收数据包的速率比内核处理这些包的速率快时,允许送到队列的数据包的最大数...
  • chinalinuxzend
  • chinalinuxzend
  • 2007年09月20日 02:26
  • 10011

sysctl函数

对于sysctl有关的函数,网上资料比较少,我整理了一些大家一起学习探讨。 1.sysctl有关函数 sysctl,sysctlname,sysctlnametomib,这三个函数的功能是获取或者...
  • liu1014020126
  • liu1014020126
  • 2015年12月30日 18:14
  • 2181

linux下sysctl()函数初探

ls /proc/sys/net/ipv4/ip_forward  /proc/sys/net/ipv4/ip_forward
  • zlyong0018
  • zlyong0018
  • 2014年11月11日 11:48
  • 1116

sysctl--查看设置内核参数

sysctl配置与显示在/proc/sys目录中的内核参数.可以用sysctl来设置或重新设置联网功能,如IP转发、IP碎片去除以及源路由检查等。用户只需要编辑/etc/sysctl.conf文件,即...
  • pao98pao
  • pao98pao
  • 2016年11月24日 17:32
  • 1781

Linux 系统 vm.overcommit_memory 内核参数

目录 场景:     分析问题:           1,对比法               2,看内核说明文档             3,下面的文档已经说的很清楚了。      ...
  • duloveding
  • duloveding
  • 2012年05月22日 15:44
  • 1513

sysctl 修改内核参数马上生效

sysctl设置和显示在/proc/sys目录中的内核参数.能用sysctl来设置或重新设置连网功能,如IP转发、IP碎片去除及源路由检查等。用户只需要编辑/etc/sysctl.conf文件,即可手...
  • a373503741
  • a373503741
  • 2012年12月27日 10:56
  • 30728
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:linux network optimize with sysctl
举报原因:
原因补充:

(最多只允许输入30个字)