Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How to adjust the working mode of network card under Linux

2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/01 Report--

This article introduces the relevant knowledge of "how to adjust the working mode of the network card under Linux". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

At present, the network card generally works in the adaptive mode of 10amp 100m, and we seldom consider its working mode when configuring the parameters of the network card, but on the key equipment with large traffic, such as router, switch, proxy server and so on, we should specify the correct working mode for it, which can improve the communication efficiency. In the Linux environment, we can use the system's own tool mii-tool (this is a special command to set the working mode of the network card) to configure the working mode of the network card. Let's talk about how to use it in detail.

1. View the working mode of the network card and enter the command:

# mii-tool-v

Eth0: negotiated 100baseTx FDD link ok

Product info:Vendor 00:05:be,model 8 rev 0

Basic status: autonegotiation complete,link ok

Basic mode:autonegotiation enabled.

Capabilities:.

As can be seen from the above information, this network card works in 100m full-duplex adaptive mode, and "100BaseTx-FD" means 100m Full Duplex.

two。 Change the working mode of the network card and enter the command:

# mii-tool-F media [interface]

The optional modes for media are 100baseTx-FD, 100baseTx-HD, 10baseT-FD, 10baseT-HD, and so on. Interface represents the selected network card, such as eth0, eth2, etc., and defaults to eth0.

For example, if you set the Nic to work in 10m half-duplex mode, enter the command:

# mii-tool-F 10baseT-HD eth0

3. To restore the adaptive working mode of the network card, enter the command:

# mii-tool-r eth0

More detailed usage can be obtained with mii-tool-h.

In the two articles "debugging tools for tuning LINUX network performance" and "detailed explanation of network configuration files for tuning LINUX network performance", we introduce the use, functions and contents of three network tuning testing tools: route, netstat and tcpdump. In this paper, we will introduce the methods of network performance tuning from the point of view of practice.

Next, let's introduce the first method of network performance tuning: the choice of service mode.

Choice of service mode

Because the network server wants to provide services to multiple customers at the same time, it must use some way to support this multitasking service mode. In general, there are three ways to choose, multi-process mode, multi-thread mode and asynchronous mode. Among them, in the multi-process mode, the server uses a process to provide services to a client, because in the operating system, generating a process requires additional overhead such as process memory replication, so the performance will be reduced when there are more customers. To overcome the extra overhead of this generation process, you can use a multithreaded or asynchronous approach. In a multithreaded approach, multiple threads in a process are used to provide services, and performance is improved because the threads have less overhead. In fact, the way that does not require any extra overhead is asynchronous, which communicates with each client in a non-blocking way, and the server uses a process to poll. In the asynchronous mode, the scheduling of multiple tasks is completed by the server program itself, and once there is a problem in one place, the whole server will have a problem, which is not within the scope of discussion. Increase the number of threads in the system: there are many factors that limit the number of threads, mainly the number of processes, memory size, mutex/semaphore/shm/ipc; generally, increase the maximum number of processes, and then expand memory, in increasing the maximum number of threads, and the method to increase the maximum number of threads is very simple. You only need to change the maximum number of threads and the size of the thread stack area in glibc. The increase in the maximum number of threads is at the expense of the process's asynchronous Ihop O performance; so it needs to be balanced.

Useful content in the network configuration file

1. For the database, increasing the number of shared memory segments and semaphores plays a very important role in improving the efficiency of data transmission.

Method: just edit the files linux/include/linux/sem.h and linux/include/asm-i386/shmparam.h.

two。 First increase the maximum number of processes, then expand memory, and then increase the maximum number of threads, and the method to increase the maximum number of threads is very simple, you only need to change two places in glibc: the maximum number of threads and the size of the thread stack area.

3. Commenting out a line in the "/ etc/inittab" file prevents the computer from shutting down with Control-Alt-Delete. This is important if the server is not in a safe place.

Edit the inittab file (vi / etc/inittab) to put this line:

Ca::ctrlaltdel:/sbin/shutdown-T3-r now

Change to:

# ca::ctrlaltdel:/sbin/shutdown-T3-r now

Use the following command to make the change effective:

[root@deep] # / sbin/init q

The 4. / etc/host.conf file specifies how the hostname is resolved. Linux obtains the IP address corresponding to the hostname through the parser library. Here is an example of "/ etc/host.conf":

Order bind,hosts: specify the query order of the host name. Here, use DNS to resolve the domain name, and then query the "/ etc/hosts" file (or vice versa).

You can add the following two sentences to the file:

Multi on: a specified host can have multiple addresses, and a host with multiple IP addresses is generally called a multi-hole host.

Ospoof on: IP address spoofing is not allowed on the server in order to improve the security of the server. IP spoofing is a means to attack system security by disguising the IP address as another computer to gain the trust of other computers.

Tunable Linux Kernel Network parameters

ICMP related kernel configuration parameters

Overview: we usually use icmp packages to detect whether other protocols, such as tcp and udp, are available on the destination host. For example, the icmp package that contains "destination unreachable" information is the most common icmp package.

(1) icmp_destunreach_rate: set the content to the response rate of "Destination Unreachable" icmp package. The setting value should be an integer.

Application example: suppose there are two hosts An and B, first of all, we execute the following ipchains statement on host A.

Ipchains-An input-p icmp-j REJECT

REJECT is different from DENY here. DENY will drop the qualified packet as if it had not been received, and REJECT will send back a "Destination Unreachable" icmp to the requesting host while dropping the packet.

Then ping host An on host B, and we will find that the response speed of the "Destination Unreachable" icmp package is very timely. Then we execute on host A:

Echo "1000" > / proc/sys/net/ipv4/icmp_destunreach_rate

That is, an icmp packet that responds to "Destination Unreachable" every 10 seconds.

At this point, ping Host A from Host B will find that the response speed of the "Destination Unreachable" icmp package has slowed down significantly. I tested it curiously and found that it responds exactly once every 10 seconds.

(2) icmp_echo_ignore_broadcasts: sets whether to broadcast in response to icmp echo request. The setting value should be a Boolean value. 0 means broadcast in response to icmp echo request, and 1 means ignore.

Note: the windows system does not broadcast in response to icmp echo requests.

Application example:

This value defaults to 0 on my RedHat6.x and RedHat7, so that when a user ping the network address of the network segment where my server is located, all linux servers will respond, thus allowing the user to get the ip address of my server, which can be executed

Echo "1" > / proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

To turn off the feature. So as to prevent icmp storm and network congestion.

(3) icmp_echoreply_rate: sets the response speed of the icmp packet that the system responds to icmp echo requests. The setting value is an integer.

Application example:

Suppose there are two hosts An and B, first we ping host An on host B, you can see that the response is normal, and then execute it on host A.

Echo "1000" > / proc/sys/net/ipv4/icmp_echoreply_rate

That is, an icmp echo request packet is responded to every 10 seconds. Then ping host An and you can see that the response speed has become 10 seconds once.

It is best to adjust the value of this parameter reasonably to prevent icmp storms.

(4) icmp_echo_ignore_all: sets whether the system ignores all icmp echo requests. If a non-zero value is set, the system ignores all icmp echo requests. In fact, this is an extreme case of icmp_echoreply_rate. The parameter value is a Boolean value, 1: ignore, 0: response.

(5) icmp_paramprob_rate: when the system receives a corrupted ip or tcp header of a Datagram, it sends an icmp packet containing the error message to the source. This parameter is used to set the speed at which such icmp packets are sent to the source. Of course, it is rare to see ip or tcp header errors in general. The parameter value is an integer.

(6) icmp_timeexceed_rate: when a Datagram is transmitted over the network, its time to live field decreases continuously. When the lifetime is zero, the router that is processing the Datagram discards the Datagram and sends a "time to live exceeded" icmp packet to the source host. This parameter is used to set the speed at which such icmp packets are sent. Of course, this is usually used as the linux host of the router.

IP related kernel configuration parameters

The configuration parameters of ip in the linux kernel network parameters are usually used to define or adjust some specific parameters of the ip package, in addition to defining some network characteristics of the system.

(1) ip_default_ttl: sets the lifetime of ip packets sent from the machine. The parameter value is an integer, with a range of 0,128 and a default value of 64. In windows systems, the lifetime of ip packets is usually 128. If your system often gets an icmp response from "Time to live exceeded", you can increase the value of this parameter appropriately, but not too much, because if your route is bad, it will increase the time for the system to report an error.

(2) ip_dynaddr: this parameter is usually used in the case of dial-up connection, which enables the system to immediately change the source address of the ip packet to the ip address, and at the same time interrupt the original tcp conversation and reissue a syn request packet with a new address to start a new tcp conversation. When using ip spoofing, this parameter can immediately change the masquerade address to the new ip address. The parameter values for this parameter can be:

1: enable this feature

2: enable this feature using redundancy mode

0: disable this feature

Application example: when using ipchains to configure ip spoofing to drive the local area network to share a ppp connection to the Internet, sometimes it will be impossible to connect to a site when it is just opened, and it can be refreshed and connected again, at this time, you can set the value of this parameter to 1, thus immediately change the camouflage address to the new ip address, you can solve this kind of problem. The command is:

Echo "1" > / proc/sys/net/ipv4/ip_dynaddr

(3) ip_forward: packet forwarding can be enabled through this parameter, thus making the system act as a router. Ip forwarding is enabled when the parameter value is 1, and ip forwarding is disabled when it is 0. Note that we can implement ip forwarding on hosts with single or dual network cards.

Application example:

Suppose we use a linux host with dual network cards as a firewall, then we must execute the following command to turn on ip forwarding:

Echo "1" > / proc/sys/net/ipv4/ip_forward

(4) ip_local_port_range: sets the port range to be used when the local system initiates a tcp or udp connection request. Set the value to two integers, and the default is "1024 4999".

Application example:

Echo "1450 6000" > / proc/sys/net/ipv4/ip_local_port_range

Tcp related kernel configuration parameters

The tcp configuration parameters allow you to control all aspects of the tcp session.

(1) tcp_fin_timeout: during a tcp session, at the end of the session, A first sends a fin packet to B. after obtaining the ack confirmation packet of B, An enters the FIN WAIT2 state and waits for the fin packet of B and then sends the ack confirmation packet to B. This parameter is used to set the timeout for A to enter the FIN WAIT2 state and wait for the other party's fin packet. If the time is up and the other party's fin packet is not received, the session will be released actively. The parameter value is an integer, in seconds, and the default is 180 seconds.

(2) tcp_syn_retires: sets the number of times to retry sending a syn connection request packet when you start a tcp session. The parameter value is an integer less than 255, and the default value is 10. If your connection speed is fast, you can consider lowering this value to improve the system response time, even for users with slow connection speed, by default

This is the end of the content of "how to adjust the working mode of the network card under Linux". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report