Shulou(Shulou.com)06/03 Report--

In this issue, the editor will bring you about how to optimize Linux kernel parameters. The article is rich in content and analyzes and describes for you from a professional point of view. I hope you can get something after reading this article.

Optimization of Linux kernel parameters

My inner core parameter adjustment principle is that which one encounters a bottleneck, which should be used cautiously, and that one cannot be adjusted randomly based on imagination. Take a look at the following example, where default is some of the default parameter values for the customized system of our company. Add

Not all by yangjian2 needs to be adjusted. I'll just pick a few more important parameters to illustrate. For more tuning on TCP, see man 7 tcp.

# + default++

Net.ipv4.tcp_syncookies = 1

Net.ipv4.tcp_max_tw_buckets = 180000

Net.ipv4.tcp_sack = 1

Net.ipv4.tcp_window_scaling = 1

Net.ipv4.tcp_rmem = 4096 87380 4194304

Net.ipv4.tcp_wmem = 4096 16384 4194304

# + add by yangjian2++

Net.ipv4.tcp_max_syn_backlog = 65536

Net.core.netdev_max_backlog = 32768

Net.core.somaxconn = 32768

Net.core.wmem_default = 8388608

Net.core.rmem_default = 8388608

Net.core.rmem_max = 16777216

Net.core.wmem_max = 16777216

Net.ipv4.tcp_timestamps = 0

Net.ipv4.tcp_synack_retries = 2

Net.ipv4.tcp_syn_retries = 2

Net.ipv4.tcp_tw_recycle = 1

# net.ipv4.tcp_tw_len = 1

Net.ipv4.tcp_tw_reuse = 1

Net.ipv4.tcp_mem = 94500000 915000000 927000000

Net.ipv4.tcp_max_orphans = 3276800

# +

Maxfd: for the largest file descriptor fd that the system can open, you can start the program with root, set maxfd with setrlimit (), and then convert to ordinary users to provide services through setuid (). I use int set_max_fds (int maxfds); the function is provided by zhongying. This is much more convenient than using ulimit, and I don't know why so many open source software don't use it.

Net.ipv4.tcp_max_syn_backlog = 65536: this parameter can be sure to be modified, the default value of 1024, I google a bit, almost follow others, did not say clearly. To be clear, start with man listen, int listen (int sockfd, int backlog); in early network programming, int backlog represents the sum of unfinished queue SYN_RECV status + completed queue ESTABLISHED. But that meaning has changed in implementations since Linux 2.2, int

Backlog only represents the length of the completed queue ESTABLISHED, in the AF_INET protocol family (this is what we widely use), when int backlog is greater than SOMAXCONN (128 in Linux 2.0)

Will be adjusted to a constant SOMAXCONN size. This constant can be modified through net.core.somaxconn. The size of the unfinished queue can be adjusted through net.ipv4.tcp_max_syn_backlog. Generally, websites that suffer from syn flood attacks have a large number of SYN_RECV states, so increasing the tcp_max_syn_backlog value can increase the ability to resist syn attacks.

Net.ipv4.tcp_syncookies = 1: send syncookies to the other party when there is an overflow in the syn waiting queue. The purpose is to prevent syn flood attacks, and the default value is 0. However, man listen said that when syncookies is enabled, tcp_max_syn_backlog 's sysctl adjustment will be invalidated, which does not quite match this description. See the following two descriptions: man listen and man 7 tcp:

When syncookies are enabled there is no logical maximum length and this tcp_max_syn_backlog sysctl setting is ignored.

Send out syncookies when the syn backlog queue of a socket overflows.

But I can say for sure that this option will not improve your performance, and it is a serious violation of the TCP protocol, does not allow the use of TCP extensions, unless attacked, otherwise not recommended.

Net.ipv4.tcp_synack_retries = 2: for the remote connection request SYN, the kernel sends a SYN + ACK Datagram to acknowledge receipt of the last SYN connection request packet. This is the second step in the so-called three-way handshake (threeway handshake) mechanism. This determines the number of SYN+ACK the kernel sends out before abandoning the connection. If your site does have a lot of SYN_RECV status, you can adjust the number of retransmissions in order to avoid syn attacks.

Net.ipv4.tcp_syn_retries = 2: for a new connection, how many SYN connection requests must the kernel send before deciding to give up. Should not be greater than 255, the default value is 5, corresponding to about 180 seconds. This is of no use in preventing syn attacks, and there is no need to adjust.

Net.ipv4.tcp_max_orphans = 3276800: this is best not modified, because every increase of 1 will consume ~ 64k of memory. Even if the error TCP: too many of orphaned sockets may also be due to your net.ipv4.tcp_mem is too small, resulting in Out of socket memory, and then caused.

Net.ipv4.tcp_wmem = 4096 16384 4194304: define the memory used by each socket for automatic tuning. The first value is the minimum number of bytes allocated for socket's send buffer. The second value is the default value (which is overridden by wmem_default), and the buffer can grow to this value if the system load is not heavy. The third value is the maximum number of bytes of send buffer space (this value will be overridden by wmem_max).

Net.ipv4.tcp_rmem = 4096 87380 4194304: receive buffer, same principle as above.

Net.ipv4.tcp_mem = 94500000 915000000 927000000:

Low: when TCP uses less than this value of memory pages, TCP does not consider freeing memory.

Pressure: when TCP uses more than this value of memory pages, TCP tries to stabilize its memory usage, enters pressure mode, and exits the pressure state when memory consumption is lower than the low value.

High: the number of memory pages that all tcp sockets is allowed to queue for buffering datagrams.

In general, this value is calculated according to the amount of system memory when the system starts. If your dmesg reports Out of socket memory, you can try to modify this parameter and introduce three modification methods:

1, echo "94500000 915000000 927000000" > / proc/sys/net/ipv4/tcp_wmem

2, sysctl-w "net.ipv4.tcp_mem = 94500000 915000000 927000000"

3, net.ipv4.tcp_mem = 94500000 915000000 927000000 (vi / etc/sysctl.conf and then sysctl-p takes effect)

The following command may provide some information as a reference when you modify the tcp parameter:

[sports@xk-6-244-a8 nbahttpd_beta4.0] $cat / proc/net/sockstat

Sockets: used 1195

TCP: inuse 1177 orphan 30 tw 199 alloc 1181 mem 216

UDP: inuse 0 mem 0

RAW: inuse 0

FRAG: inuse 0 memory 0

I won't say much about the rest. Knowing these can basically solve most of the problems.

This is what the editor shares with you on how to optimize Linux kernel parameters. If you happen to have similar doubts, please refer to the above analysis. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.