In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-06 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >
Share
Shulou(Shulou.com)06/03 Report--
/ proc/sys/net/ipv4/ how to configure Linux network parameters, many novices are not very clear about this. In order to help you solve this problem, the following editor will explain it in detail. People with this need can come and learn. I hope you can get something.
1) / proc/sys/net/ipv4/ip_forward
This file indicates whether IP forwarding is turned on.
0, forbid 1, forward
Default setting: 0
2) / proc/sys/net/ipv4/ip_default_ttl
This file represents the life cycle (TimeTo Live) of a Datagram, that is, the maximum number of routers it passes.
Default: 64 increasing this value will degrade system performance.
3) / proc/sys/net/ipv4/ip_no_pmtu_disc
This file indicates that path MTU detection is turned off globally.
Default setting: 0
4) / proc/sys/net/ipv4/route/min_pmtu
This file represents the size of the minimum path MTU.
Default: 552
5) / proc/sys/net/ipv4/route/mtu_expires
This file represents how long PMTU information is cached (in seconds).
Default setting: 600 (seconds)
6) / proc/sys/net/ipv4/route/min_adv_mss
This file represents the smallest MSS (MaximumSegment Size) size, depending on the router MTU of the first hop.
Default: 256 (bytes)
IP Fragmentation
1) / proc/sys/net/ipv4/ipfrag_low_thresh
/ proc/sys/net/ipv4/ipfrag_low_thresh
The two files represent the lowest and highest memory allocation values for reorganizing IP segments, respectively. Once the maximum memory allocation value is reached, the other segments will be discarded until the minimum memory allocation value is reached.
Default: 196608 (ipfrag_low_thresh)
262144 (ipfrag_high_thresh)
2) / proc/sys/net/ipv4/ipfrag_time
This file represents how many seconds an IP segment remains in memory.
INET Peer Storage
1) / proc/sys/net/ipv4/inet_peer_threshold
INET peer memory has an appropriate value, and when the threshold is exceeded, the entry will be discarded. The threshold also determines survival.
The time and the interval between the passage of waste collection. The more entries, the lower the lifetime and the shorter the GC interval.
Default: 65664
2) / proc/sys/net/ipv4/inet_peer_minttl
The minimum survival time of the entry. There must be sufficient fragment lifetime on the recombination side. This is the lowest.
The survival period must ensure that the buffer pool volume is less than inet_peer_threshold. The value is in jiffies
Unit measurement.
Default: 120
3) / proc/sys/net/ipv4/inet_peer_maxttl
The maximum lifetime of the entry. After this period, if the buffer pool does not run out of pressure (for example, slow
The number of entries in the punch pool is very small), and unused entries will time out. This value is measured in jiffies.
Default setting: 600
4) / proc/sys/net/ipv4/inet_peer_gc_mintime
The shortest interval for the passage of waste collection (GC). This interval affects the high pressure of memory in the buffer pool. This value
Measured in jiffies.
Default: 10
5) / proc/sys/net/ipv4/inet_peer_gc_maxtime
The maximum interval through which waste collection (GC) passes, which affects the low pressure of memory in the buffer pool. This value
Measured in jiffies.
Default: 120
TCP Variables
1) / proc/sys/net/ipv4/tcp_syn_retries
This file indicates that the number of timeout retransmissions of TCP SYN connections initiated by the machine should not be higher than 255; this value is only for outgoing connections and is controlled by tcp_retries1 for incoming connections.
Default setting: 5
2) / proc/sys/net/ipv4/tcp_keepalive_probes
This file represents the maximum number of TCP keepalive detections before dropping the TCP connection. Stay connected only when
The SO_KEEPALIVE socket option is not sent until it is turned on.
Default setting: 9 (times)
3) / proc/sys/net/ipv4/tcp_keepalive_time
This file represents the number of seconds between never transmitting data again and sending a keep-alive signal to the connection.
Default: 7200 (2 hours)
4) / proc/sys/net/ipv4/tcp_keepalive_intvl
This file represents the frequency at which TCP probes are sent, multiplied by tcp_keepalive_probes to indicate when there is no corresponding TCP connection disconnected.
Default: 75 (seconds)
5) / proc/sys/net/ipv4/tcp_retries1
This file indicates the number of retransmissions before abandoning the response to an TCP connection request.
Default setting: 3
6) / proc/sys/net/ipv4/tcp_retries2
This file represents the number of times a TCP packet has been retransmitted before it was abandoned in the established communication state.
Default: 15
7) / proc/sys/net/ipv4/tcp_orphan_retries
How many retries must be made before the near-end discards the TCP connection. The default value is 7, which is equivalent to 50 seconds-
16 minutes, depending on RTO. If your system is a heavily loaded web server, you may need to
To lower this value, such sockets can consume a lot of resources. Additional reference
Tcp_max_orphans .
8) / proc/sys/net/ipv4/tcp_fin_timeout
For locally disconnected socket connections, the amount of time that the TCP remains in the FIN-WAIT-2 state. The other party may
The connection will be disconnected or the connection will not end or the unexpected process will die. The default value is 60 seconds. In the past
Version 2.2 of the kernel is 180 seconds. You can set this value, but be aware that if your machine is negative
With a heavily loaded web server, you may run the risk of memory being filled with a large number of invalid datagrams
FIN-WAIT-2 sockets is less dangerous than FIN-WAIT-1 because they only eat 1.5K at most.
, but they last longer. Also refer to tcp_max_orphans.
Default: 60 (seconds)
9) / proc/sys/net/ipv4/tcp_max_tw_buckets
The maximum number of timewaitsockets processed by the system at the same time. If it exceeds this number,
The time-wait socket is immediately cut and a warning message is displayed. The reason for setting this limit is pure
In order to defend against those simple DoS attacks, do not artificially lower this limit, but if
If the network condition needs to be more than the default, you can improve it (and perhaps more memory).
Default: 180000
10) / proc/sys/net/ipv4/tcp_tw_recyle
Turn on Fast TIME-WAITsockets Recycling. Please do not follow unless advised or requested by a technical expert
Meaning to modify this value.
Default setting: 0
11) / proc/sys/net/ipv4/tcp_tw_reuse
This file indicates whether to allow socket in the TIME-WAIT state to be reapplied for new TCP connections.
Default setting: 0
12) / proc/sys/net/ipv4/tcp_max_orphans
The maximum number of TCPsockets that the system can handle that does not belong to any process. If it exceeds this amount, then
Connections that do not belong to any process are immediately reset with a warning message. The reason for setting this
Just to resist those simple DoS attacks, don't rely on this or artificial health.
Lower this limit.
Default: 8192
13) / proc/sys/net/ipv4/tcp_abort_on_overflow
When the daemon is too busy to accept a new connection, it sends a reset message to the other party. The default value is false.
This means that when the cause of the overflow is due to an accidental burst, then the connection will resume its state. Only if you do.
This option is turned on only when the letter daemon is really unable to complete the connection request, which affects the use of the customer.
Default setting: 0
14) / proc/sys/net/ipv4/tcp_syncookies
This file indicates whether to open the TCP synchronization tab (syncookie), and the kernel must have the CONFIG_SYN_COOKIES entry open for compilation. Synchronization tags (syncookie) prevent a socket from overloading when there are too many attempts to connect to it.
Default setting: 0
15) / proc/sys/net/ipv4/tcp_stdurg
Use the host request interpretation function in the TCP urg pointer field. Most mainframes use old ones.
BSD explains that if you open it in Linux, you may not be able to communicate with them correctly.
Default setting: 0
16) / proc/sys/net/ipv4/tcp_max_syn_backlog
For those connection requests that have not yet been confirmed by the client, you need to save the maximum number in the queue. For
The default value is 1024 for systems that exceed 128Mb memory and 128for systems that are lower than 128Mb. If
The server is often overloaded, so you can try to increase this number. Warning! If you set this value to greater than
1024, it is best to modify the TCP_SYNQ_HSIZE in include/net/tcp.h to keep
TCP_SYNQ_HSIZE*16 0) or bytes-bytes/ 2 ^ (- tcp_adv_win_scale) (such as
If tcp_adv_win_scale128Mb 32768-610000), the system will ignore all messages sent to itself.
ICMP ECHO requests or those requests for broadcast addresses
Default: 1024
17) / proc/sys/net/ipv4/tcp_window_scaling
This file indicates whether the sliding window size of the set tcp/ip session is variable. The parameter value is a Boolean value, a value of 1 means variable, and a value of 0 means immutable. The window commonly used by tcp/ip can be up to 65535 bytes, which may be too small for high-speed networks. If this feature is enabled, the sliding window size of tcp/ip can be increased by several orders of magnitude, thus improving the ability of data transmission.
Default setting: 1
18) / proc/sys/net/ipv4/tcp_sack
This file indicates whether selective reply (SelectiveAcknowledgment) is enabled, which improves performance by selectively responding to messages received out of order (which allows the sender to send only missing segments); this option should be enabled (for WAN communications), but it will increase the footprint of CPU.
Default setting: 1
19) / proc/sys/net/ipv4/tcp_timestamps
This file indicates whether to enable the calculation of RTT in a more precise way than timeout resend (see RFC 1323); this option should be enabled for better performance.
Default setting: 1
20) / proc/sys/net/ipv4/tcp_fack
This file indicates whether to turn on FACK congestion avoidance and fast retransmission.
Default setting: 1
21) / proc/sys/net/ipv4/tcp_dsack
This file indicates whether to allow TCP to send "two identical" SACK.
Default setting: 1
22) / proc/sys/net/ipv4/tcp_ecn
This file indicates whether to turn on the direct congestion notification function of TCP.
Default setting: 0
23) / proc/sys/net/ipv4/tcp_reordering
This file represents the maximum number of datagrams reordered in the TCP stream.
Default setting: 3
24) / proc/sys/net/ipv4/tcp_retrans_collapse
This file indicates whether compatibility for some printers with bug is provided for their bug.
Default setting: 1
25) / proc/sys/net/ipv4/tcp_wmem
The file contains three integer values, namely: min,default,max
Min: the minimum memory value reserved for send buffering for TCP socket. It can be used by every TCP socket.
Default: the amount of memory reserved for sending buffers for TCP socket. By default, this value affects the value of default in net.core.wmem used by other protocols, which is generally lower than the value of default in net.core.wmem.
Max: set aside the maximum memory for send buffering for TCP socket. This value does not affect net.core.wmem_max, and today's selection of the parameter SO_SNDBUF is not affected by this value. The default value is 128K.
Default: 4096 16384131072
26) / proc/sys/net/ipv4/tcp_rmem
The file contains three integer values, namely: min,default,max
Min: set aside the amount of memory for receive buffering for TCPsocket, and TCPsocket will have at least this amount of memory for receive buffering even if memory is tight.
Default: the amount of memory reserved for receiving buffers for TCP socket, which by default affects the value of default in net.core.wmem used by other protocols. This value determines that the TCP window size is 65535 at the default values of tcp_adv_win_scale, tcp_app_win, and tcp_app_win.
Max: set aside the maximum memory for receiving buffers for TCP socket. This value does not affect the value of max in net.core.wmem, and today's selection of the parameter SO_SNDBUF is not affected by this value.
Default: 4096 87380174760
27) / proc/sys/net/ipv4/tcp_mem
The file contains three integer values, namely: low,pressure,high
Low: when TCP uses less than this value of memory pages, TCP does not consider freeing memory.
Pressure: when TCP uses more than this value of memory pages, TCP tries to stabilize its memory usage, enters pressure mode, and exits the pressure state when memory consumption is lower than the low value.
High: allows all tcpsockets to queue up the number of pages used to buffer datagrams.
In general, these values are calculated according to the amount of system memory when the system is started.
Default: 2457632768 49152
28) / proc/sys/net/ipv4/tcp_app_win
This file represents the number of windows reserved for max (window/ 2 ^ TCP _ app_win,mss) due to the application of buffering. A value of 0 means no buffering is required.
Default: 31
29) / proc/sys/net/ipv4/tcp_adv_win_scale
This file represents the calculation buffer cost bytes/ 2 ^ TCP _ adv_win_scale (if tcp_adv_win_scale >; 0) or bytes-bytes/ 2 ^ (- tcp_adv_win_scale) (if tcp_adv_win_scale).
Default setting: 2
IP Variables
1) / proc/sys/net/ipv4/ip_local_port_range
This file represents the local port number opened by the TCP/UDP protocol.
Default: 1024 4999
Recommended setting: 32768 61000
2) / proc/sys/net/ipv4/ip_nonlocal_bind
This file indicates whether the process is allowed to bind to a non-local address.
Default setting: 0
3) / proc/sys/net/ipv4/ip_dynaddr
This parameter is usually used in the case of dial-up connection, which enables the system to immediately change the source address of the ip packet to the ip address, and at the same time interrupt the original tcp conversation and reissue a syn request packet with a new address to start a new tcp conversation. When using ip spoofing, this parameter can immediately change the masquerade address to the new ip address. This file indicates whether dynamic addresses are allowed, if the value is not 0, it is allowed; if the value is greater than 1, the kernel records dynamic address rewriting information through log.
Default setting: 0
4) / proc/sys/net/ipv4/icmp_echo_ignore_all
/ proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
This file indicates whether the kernel ignores all ICMPECHO requests or broadcast and multicast requests.
0, respond to the request
1, ignore the request
Default setting: 0
Recommended setting: 1
5) / proc/sys/net/ipv4/icmp_ratelimit
6) / proc/sys/net/ipv4/icmp_ratemask
7) / proc/sys/net/ipv4/icmp_ignore_bogus_error_reponses
Some routers violate the RFC1122 standard by sending bogus responses to broadcast frames. This kind of violation
It is usually recorded in the system log as an alarm. If this option is set to True, the kernel will not
Record this warning message.
Default setting: 0
8) / proc/sys/net/ipv4/igmp_max_memberships
This file represents the maximum number of members in a multicast group.
Default: 20
Other Configuration
1) / proc/sys/net/ipv4/conf/*/accept_redirects
If there are two routers in the network segment where the host is located, you set one of them as the default gateway, but the gateway
When you receive your ip packet, you find that the ip packet must pass through another router, and this router will give it to you.
Send a so-called "redirect" icmp packet that tells you to forward the ip packet to another router. Parameter value is Boolean
Value, 1 means to receive such redirect icmp information, and 0 means to ignore it. Missing on the linux host acting as the router
The dart value is 0, and the default value is 1 on normal linux hosts. It is recommended to change it to 0 to eliminate security risks.
2) / proc/sys/net/ipv4/*/accept_source_route
Whether to accept ip packets containing source routing information. The parameter value is a Boolean value, 1 for acceptance and 0 for non-acceptance. In
The default value is 1 on the linux host acting as the gateway and 0 by default on the normal linux host. From the security angle
Starting from the degree, it is recommended to turn off this function.
3) / proc/sys/net/ipv4/*/secure_redirects
In fact, the so-called "security redirection" is to accept only "redirect" icmp packets from the gateway. This parameter is
Used to set the Security Redirect feature. Parameter value is a Boolean value, 1 means enabled, 0 indicates prohibited, default value
To enable.
4) / proc/sys/net/ipv4/*/proxy_arp
Sets whether to relay arp packets on the network. Parameter value is Boolean, 1 indicates relay, 0 indicates ignore
The default value is 0. This parameter is usually only useful for linux hosts acting as routers.
Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.