Linux 内核参数优化
1.将vm,swappiness
设置为0-10
2.将vm,dirty_background_ratio
设置为5-10
,将vm,dirty_ratio
设置为它的两倍
左右,以确保能持续将脏数据刷新到磁盘
,避免瞬间I/O
写,产生严重等待
3.优化TCP协议栈
#减少TIME_WAIT,提高TCP效率
net.ipv4.tcp_tw_recyle=1
net.ipv4.tcp_tw_reuse=1
#减少处于FIN-WAIT-2连接状态的时间,使系统可以处理更多的连接
net.ipv4.tcp_fin_timeout=2
#减少TCP KeepAlived连接侦测的时间,使系统可以处理更多的连接。
net.ipv4.tcp_keepalived_time=600
#提高系统支持的最大SYN半连接数(默认1024)
net.ipv4.tcp_max_syn_backlog = 16384
#减少系统SYN连接重试次数(默认5)
net,ipv4.tcp_synack_retries = 1
net.ipv4.tcp_sync_retries = 1
#在内核放弃建立的连接之前发送SYN包的数量
net.ipv4.ip_local_prot_range = 4500 65535
#允许系统打开的端口范围
4.网络优化
#优化系统套接字缓冲区
#Increase TCP max buffer size
net.core.rmem_max=16777216 #最大socket读buffer
net.core.wmem_max=16777216 #最大socket写buffer
net.core.wmem_default = 8388608 #该文件指定了接收套接字缓冲区大小的缺省值(以字节为单位)
net.core.rmem_default = 8388608
#优化TCP接收/发送缓冲区
# Increase Linux autotuning TCP buffer limits
net.ipv4.tcp_rmem=4096 87380 16777216
net.ipv4.tcp_wmem=4096 65536 16777216
net.ipv4.tcp_mem = 94500000 915000000 927000000
#优化网络设备接收队列
net.core.netdev_max_backlog=3000
5.其他优化
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_tw_buckets = 360000
6. 优化linux打开文件数和进程数
[root@Python ~]# cat /etc/security/limits.d/20-nproc.conf
# Default limit for number of user's processes to prevent
# accidental fork bombs.
# See rhbz #432903 for reasoning.
* soft nproc 65535
root soft nproc unlimited
[root@Python ~]# cat /etc/security/limits.conf |tail -5
# End of file
* soft nproc 65535
* hard nproc 65535
* soft nofile 204800
* hard nofile 204800
[root@Python ~]# ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 7217
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 7217
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
7.完整/etc/sysctl/conf优化文件
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
#
# Use '/sbin/sysctl -a' to list all possible parameters.
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
# Controls source route verification
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
# Controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65536
# Controls the maximum size of a message, in bytes
kernel.msgmax = 65536
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736
# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296
vm.swappiness = 0
net.ipv4.neigh.default.gc_stale_time=120
# see details in https://help.aliyun.com/knowledge_detail/39428.html
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.all.arp_announce=2
# see details in https://help.aliyun.com/knowledge_detail/41334.html
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_synack_retries = 1
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
fs.file-max = 2000000