关闭

linux network optimize with sysctl

1542人阅读 评论(0) 收藏 举报
原贴:http://www.fcicq.net/wp/?p=197

linux network optimize with sysctl

<script type="text/javascript"><!-- google_ad_client = "pub-4541717095573647"; google_ad_width = 250; google_ad_height = 250; google_ad_format = "250x250_as"; google_ad_type = "text_image"; //2007-06-10: content google_ad_channel = "2351211918"; google_color_border = "336699"; google_color_bg = "FFFFFF"; google_color_link = "0000FF"; google_color_text = "000000"; google_color_url = "008000"; //--> </script> <script src="http://pagead2.googlesyndication.com/pagead/show_ads.js" type="text/javascript"> </script> <iframe width="250" scrolling="no" height="250" frameborder="0" allowtransparency="true" hspace="0" vspace="0" marginheight="0" marginwidth="0" src="http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-4541717095573647&amp;dt=1190224319615&amp;lmt=1190224317&amp;format=250x250_as&amp;output=html&amp;correlator=1190224319614&amp;channel=2351211918&amp;url=http%3A%2F%2Fwww.fcicq.net%2Fwp%2F%3Fp%3D197&amp;color_bg=FFFFFF&amp;color_text=000000&amp;color_link=0000FF&amp;color_url=008000&amp;color_border=336699&amp;ad_type=text_image&amp;ref=http%3A%2F%2Fwww.google.cn%2Fsearch%3Fcomplete%3D1%26hl%3Dzh-CN%26ie%3DGB2312%26q%3Dlinux%2Bnet.core.netdev_max_backlog%26btnG%3DGoogle%2B%25CB%25D1%25CB%25F7%26meta%3D&amp;cc=100&amp;ga_vid=1221258047.1190224320&amp;ga_sid=1190224320&amp;ga_hid=1982649358&amp;flash=9&amp;u_h=800&amp;u_w=1280&amp;u_ah=776&amp;u_aw=1280&amp;u_cd=24&amp;u_tz=480&amp;u_his=1&amp;u_nplug=2&amp;u_nmime=3" name="google_ads_frame"></iframe>

Disabling the TCP options reduces the overhead of each TCP packet and might help to get the last few percent of performance out of the server. Be aware that disabling these options most likely decreases performance for high-latency and lossy links.
* net.ipv4.tcp_sack = 0
* net.ipv4.tcp_timestamps = 0

Increasing the TCP send and receive buffers will increase the performance a lot if (and only if) you have a lot of large files to send.

* net.ipv4.tcp_wmem = 4096 65536 524288
* net.core.wmem_max = 1048576

If you have a lot of large file uploads, increasing the receive buffers will help.

* net.ipv4.tcp_rmem = 4096 87380 524288
* net.core.rmem_max = 1048576

# These ensure that TIME_WAIT ports either get reused or closed fast.
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_tw_recycle = 1
# TCP memory
net.core.rmem_max = 16777216
net.core.rmem_default = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144

net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2

# you shouldn’t be using conntrack on a heavily loaded server anyway, but these are
# suitably high for our uses, insuring that if conntrack gets turned on, the box doesn’t die
net.ipv4.ip_conntrack_max = 1048576
net.nf_conntrack_max = 1048576

# increase Linux TCP buffer limits
echo 8388608 > /proc/sys/net/core/rmem_max
echo 8388608 > /proc/sys/net/core/wmem_max

# increase Linux autotuning TCP buffer limits
echo "4096 87380 8388608" > /proc/sys/net/ipv4/tcp_rmem
echo "4096 65536 8388608" > /proc/sys/net/ipv4/tcp_wmem

#echo 65536 > /proc/sys/fs/file-max # physical RAM * 256/4

echo "1024 65000" > /proc/sys/net/ipv4/ip_local_port_range

#echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 8192 > /proc/sys/net/ipv4/tcp_max_syn_backlog
# Decrease the time default value for tcp_fin_timeout connection
#echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
#echo 3 > /proc/sys/net/ipv4/tcp_syn_retries
#echo 2 > /proc/sys/net/ipv4/tcp_retries1
# Decrease the time default value for tcp_keepalive_time connection
#echo 1800 >/proc/sys/net/ipv4/tcp_keepalive_time
# Turn off tcp_window_scaling
echo 0 >/proc/sys/net/ipv4/tcp_window_scaling
#echo "67108864" > /proc/sys/kernel/shmmax
# Turn off the tcp_sack
echo 0 >/proc/sys/net/ipv4/tcp_sack # This disables RFC2018 TCP Selective Acknowledgements
#Turn off tcp_timestamps
echo 0 >/proc/sys/net/ipv4/tcp_timestamps # This disables RFC1323 TCP timestamps
echo 5 > /proc/sys/kernel/panic # reboot 5 minutes later then kernel panic

the third:
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_syncookies = 1
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216

Tags: , ,
Bookmark on del.icio.us

友情提示: 评论在文章中所占比例虽然不大, 但它们是文章重要的组成部分.
今天如果你不收藏,明天文章就可能找不到了.

订阅 (By feedsky) (By feedburner)

<script type="text/javascript"><!-- google_ad_client = "pub-4541717095573647"; google_ad_width = 336; google_ad_height = 280; google_ad_format = "336x280_as"; google_ad_type = "text_image"; //2007-08-19: content-after google_ad_channel = "4456241149"; google_color_border = "336699"; google_color_bg = "FFFFFF"; google_color_link = "0000FF"; google_color_text = "000000"; google_color_url = "008000"; //--> </script> <script src="http://pagead2.googlesyndication.com/pagead/show_ads.js" type="text/javascript"> </script> <iframe width="336" scrolling="no" height="280" frameborder="0" allowtransparency="true" hspace="0" vspace="0" marginheight="0" marginwidth="0" src="http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-4541717095573647&amp;dt=1190224319657&amp;lmt=1190224317&amp;prev_fmts=250x250_as&amp;format=336x280_as&amp;output=html&amp;correlator=1190224319614&amp;channel=4456241149&amp;url=http%3A%2F%2Fwww.fcicq.net%2Fwp%2F%3Fp%3D197&amp;color_bg=FFFFFF&amp;color_text=000000&amp;color_link=0000FF&amp;color_url=008000&amp;color_border=336699&amp;ad_type=text_image&amp;ref=http%3A%2F%2Fwww.google.cn%2Fsearch%3Fcomplete%3D1%26hl%3Dzh-CN%26ie%3DGB2312%26q%3Dlinux%2Bnet.core.netdev_max_backlog%26btnG%3DGoogle%2B%25CB%25D1%25CB%25F7%26meta%3D&amp;cc=100&amp;ga_vid=1221258047.1190224320&amp;ga_sid=1190224320&amp;ga_hid=1982649358&amp;flash=9&amp;u_h=800&amp;u_w=1280&amp;u_ah=776&amp;u_aw=1280&amp;u_cd=24&amp;u_tz=480&amp;u_his=1&amp;u_nplug=2&amp;u_nmime=3" name="google_ads_frame"></iframe>

4 Comments »

  1. fcicq said,

    July 29, 2007 @ 14:07:35

    Lot of tuning

    # Disables packet forwarding
    net.ipv4.ip_forward = 0
    # Enables source route verification
    net.ipv4.conf.default.rp_filter = 1
    # Disables the magic-sysrq key
    kernel.sysrq = 0
    # Decrease the time default value for tcp_fin_timeout connection
    net.ipv4.tcp_fin_timeout = 25
    # Decrease the time default value for tcp_keepalive_time connection
    net.ipv4.tcp_keepalive_time = 3600
    # Turn on the tcp_window_scaling
    net.ipv4.tcp_window_scaling = 1
    # Turn on the tcp_sack
    net.ipv4.tcp_sack = 1
    # tcp_fack should be on because of sack
    net.ipv4.tcp_fack = 1
    # Turn on the tcp_timestamps
    net.ipv4.tcp_timestamps = 1
    # Enable TCP SYN Cookie Protection
    net.ipv4.tcp_syncookies = 1
    # Enable ignoring broadcasts request
    net.ipv4.icmp_echo_ignore_broadcasts = 1
    # Disable ICMP Redirect Acceptance
    net.ipv4.conf.all.accept_redirects = 0
    # Enable bad error message Protection
    net.ipv4.icmp_ignore_bogus_error_responses = 1
    # Don’t Log Spoofed Packets, Source Routed Packets, Redirect Packets
    net.ipv4.conf.all.log_martians = 0
    # Make more local ports available
    net.ipv4.ip_local_port_range = 1024 65000
    # Increase maximum amount of memory allocated to shm
    kernel.shmmax = 1073741824
    # Improve file system performance
    vm.bdflush = 100 1200 128 512 15 5000 500 1884 2
    # This will increase the amount of memory available for socket input/output queues
    net.ipv4.tcp_rmem = 4096 25165824 25165824
    net.core.rmem_max = 25165824
    net.core.rmem_default = 25165824
    net.ipv4.tcp_wmem = 4096 65536 25165824
    net.core.wmem_max = 25165824
    net.core.wmem_default = 65536
    net.core.optmem_max = 25165824

    # If you are feeling daring, you can also use these settings below, otherwise just remove them. (Should increase performance)

    net.core.netdev_max_backlog = 2500
    net.ipv4.tcp_tw_recycle = 1
    net.ipv4.tcp_tw_reuse = 1

  2. fcicq said,

    July 29, 2007 @ 14:07:59

    net.ipv4.tcp_rmem = 4096 25165824 25165824
    net.core.rmem_max = 25165824
    net.core.rmem_default = 25165824
    net.ipv4.tcp_wmem = 4096 65536 25165824
    net.core.wmem_max = 25165824
    net.core.wmem_default = 65536

  3. fcicq said,

    July 29, 2007 @ 14:08:29

    # Disables packet forwarding
    net.ipv4.ip_forward=0

    # Disables IP source routing
    net.ipv4.conf.all.accept_source_route = 0
    net.ipv4.conf.lo.accept_source_route = 0
    net.ipv4.conf.eth0.accept_source_route = 0
    net.ipv4.conf.default.accept_source_route = 0

    # Enable IP spoofing protection, turn on source route verification
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.lo.rp_filter = 1
    net.ipv4.conf.eth0.rp_filter = 1
    net.ipv4.conf.default.rp_filter = 1

    # Disable ICMP Redirect Acceptance
    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.lo.accept_redirects = 0
    net.ipv4.conf.eth0.accept_redirects = 0
    net.ipv4.conf.default.accept_redirects = 0

    # Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
    net.ipv4.conf.all.log_martians = 0
    net.ipv4.conf.lo.log_martians = 0
    net.ipv4.conf.eth0.log_martians = 0

    # Disables IP source routing
    net.ipv4.conf.all.accept_source_route = 0
    net.ipv4.conf.lo.accept_source_route = 0
    net.ipv4.conf.eth0.accept_source_route = 0
    net.ipv4.conf.default.accept_source_route = 0

    # Enable IP spoofing protection, turn on source route verification
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.lo.rp_filter = 1
    net.ipv4.conf.eth0.rp_filter = 1
    net.ipv4.conf.default.rp_filter = 1

    # Disable ICMP Redirect Acceptance
    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.lo.accept_redirects = 0
    net.ipv4.conf.eth0.accept_redirects = 0
    net.ipv4.conf.default.accept_redirects = 0

    # Disables the magic-sysrq key
    kernel.sysrq = 0

    # Decrease the time default value for tcp_fin_timeout connection
    net.ipv4.tcp_fin_timeout = 15

    # Decrease the time default value for tcp_keepalive_time connection
    net.ipv4.tcp_keepalive_time = 1800

    # Turn off the tcp_window_scaling
    net.ipv4.tcp_window_scaling = 0

    # Turn off the tcp_sack
    net.ipv4.tcp_sack = 0

    # Turn off the tcp_timestamps
    net.ipv4.tcp_timestamps = 0

    # Enable TCP SYN Cookie Protection
    net.ipv4.tcp_syncookies = 1

    # Enable ignoring broadcasts request
    net.ipv4.icmp_echo_ignore_broadcasts = 1

    # Enable bad error message Protection
    net.ipv4.icmp_ignore_bogus_error_responses = 1

    # Log Spoofed Packets, Source Routed Packets, Redirect Packets
    net.ipv4.conf.all.log_martians = 1

    # Increases the size of the socket queue (effectively, q0).
    net.ipv4.tcp_max_syn_backlog = 1024

    # Increase the tcp-time-wait buckets pool size
    net.ipv4.tcp_max_tw_buckets = 1440000

    # Allowed local port range
    net.ipv4.ip_local_port_range = 16384 65536

  4. fcicq said,

    July 30, 2007 @ 14:50:16

    配置Linux内核如何更新dirty buffers到磁盘。
    当缓冲区内的数据完全dirty,使用:sysctl -w vm.bdflush=”30 500 0 0 500 3000 60 20 0″
    vm.bdflush有9个参数,但是建议只改变其中的3个:
    1 nfract, 为排队写入磁盘前,bdflush daemon允许的缓冲区最大百分比
    2 ndirty, 为bdflush即刻写的最大缓冲区的值。如果这个值很大,bdflush需要更多的时间完成磁盘的数据更新。
    7 nfract_sync, 发生同步前,缓冲区变dirty的最大百分比。
    配置kswapd daemon,指定Linux的内存交换页数量
    sysctl -w vm.kswapd=”1024 32 64″
    三个参数的描述如下:
    – tries_base 相当于内核每次所交换的“页”的数量的四倍。对于有很多交换信息的系统,增加这个值可以改进性能。
    – tries_min 是每次kswapd swaps出去的pages的最小数量。
    – swap_cluster 是kswapd 即刻写如的pages数量。数值小,会提高磁盘I/O的性能;数值大可能也会对请求队列产生负面影响。
    如果要对这些参数进行改动,请使用工具vmstat检查对性能的影响。其它可以改进性能的虚拟内存参数为:
    _ buffermem
    _ freepages
    _ overcommit_memory
    _ page-cluster
    _ pagecache
    _ pagetable_cache

· TrackBack URI

 
0
0

查看评论
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
    个人资料
    • 访问:3158911次
    • 积分:33207
    • 等级:
    • 排名:第146名
    • 原创:76篇
    • 转载:1209篇
    • 译文:0篇
    • 评论:200条
    最新评论
    牛逼的网站