Shulou(Shulou.com)06/02 Report--

This article shows you the common Linux kernel network parameters and modification methods, the content is concise and easy to understand, absolutely can make your eyes bright, through the detailed introduction of this article, I hope you can get something.

Common kernel parameters of Linux

Parameter describes the default TCP data receiving window size (in bytes) for net.core.rmem_default. Net.core.rmem_max 's largest TCP data receiving window (in bytes). Net.core.wmem_default default TCP data send window size (in bytes). Net.core.wmem_max 's largest TCP data send window (in bytes). Net.core.netdev_max_backlog when the kernel processing speed is slower than the receiving speed of the network card, the extra packets will be saved on the receiving queue of the network card, and this parameter indicates the upper limit of the number of this queue. The maximum number of packets allowed to be sent to the queue when each network interface receives packets faster than the kernel processes them. Net.core.somaxconn this parameter defines the length of the maximum listening queue for each port in the system and is a global parameter. This parameter is associated with net.ipv4.tcp_max_syn_backlog, which refers to the upper limit of semi-connections still in the three-way handshake, and this parameter refers to the upper limit of the number of ESTABLISHED. If your ECS instance has a high business load, it is necessary to increase this parameter. The parameter backlog in the listen (2) function also indicates that the listening port is in the upper limit of the number of ESTABLISHED. When the backlog is greater than net.core.somaxconn, the net.core.somaxconn parameter shall prevail. Net.core.optmem_max represents the maximum buffer size allowed per socket. Net.ipv4.tcp_mem determines how the TCP stack should reflect memory usage, with each value being measured in memory pages (usually 4KB).

The first value is the lower limit of memory usage.

The second value is the upper limit at which the memory pressure mode starts applying pressure to the buffer.

The third value is the upper limit of memory usage. At this level, messages can be discarded, thus reducing the use of memory. For larger BDP, you can increase these values (in memory pages rather than bytes). Net.ipv4.tcp_rmem defines the memory used by Socket for automatic tuning.

The first value is the minimum number of bytes allocated for the Socket receive buffer.

The second value is the default value (which is overridden by rmem_default), and the buffer can grow to this value if the system load is not heavy.

The third value is the maximum number of bytes to receive buffer space (this value will be overridden by rmem_max). Net.ipv4.tcp_wmem defines the memory used by Socket for automatic tuning.

The first value is the minimum number of bytes allocated for the Socket send buffer.

The second value is the default value (which is overridden by wmem_default), and the buffer can grow to this value if the system load is not heavy.

The third value is the maximum number of bytes of send buffer space (this value will be overridden by wmem_max). The interval (in seconds) at which net.ipv4.tcp_keepalive_timeTCP sends keepalive probe messages to confirm that the TCP connection is valid. The interval (in seconds) at which a net.ipv4.tcp_keepalive_intvl probe message is retransmitted when it does not get a response. The maximum number of TCP probe messages sent by net.ipv4.tcp_keepalive_probes before it determines that the keepalive connection is invalid. Net.ipv4.tcp_sack enables selective replies (1 means enabled) to improve performance by selectively responding to messages received out of order, allowing the sender to send only missing segments, which should be enabled (for WAN communications), but will increase the footprint of CPU. Net.ipv4.tcp_fack enables forwarding replies, and selective replies (SACK) can be performed to reduce congestion, which should also be enabled. Net.ipv4.tcp_timestampsTCP timestamp (12B will be added to the TCP header) to enable the calculation of RTT in a more accurate way (see RFC 1323). This option should be enabled for better performance. Net.ipv4.tcp_window_scaling enables window scaling defined by RFC 1323. To support TCP windows that exceed 64KB, this value must be enabled (1 means enabled), and the maximum TCP window will not take effect until both sides of the 1GB TCP connection are enabled. Net.ipv4.tcp_syncookies this parameter indicates whether to turn on the TCP synchronization tag (SYN_COOKIES). The kernel must open and compile CONFIG_SYN_COOKIES,SYN_COOKIES to prevent a socket from overloading when there are too many attempts to connect. The default value of 0 means off.

When this parameter is set to 1 and the SYN_RECV queue is full, the kernel will modify the reply of the SYN packet, that is, in the response SYN+ACK packet, the initial sequence number is calculated by the five parameters of source IP+Port, destination IP+Port and time to form a carefully assembled TCP packet. Because the sequence number confirmed in the ACK package is not the previously calculated value, the malicious attacker cannot respond or misjudge, and the requestor will respond correctly based on the SYN+ACK packet received. When net.ipv4.tcp_syncookies is enabled, net.ipv4.tcp_max_syn_backlog is ignored. Net.ipv4.tcp_tw_reuse indicates whether to allow Socket (the port of TIME-WAIT) in the TIME-WAIT state to be used for new TCP connections. Net.ipv4.tcp_tw_recycle can recycle TIME-WAIT sockets faster. Net.ipv4.tcp_fin_timeout for locally disconnected Socket connections, the time (in seconds) that the TCP remains in the FIN-WAIT-2 state. The other party may disconnect or never end the connection or die an unexpected process. Net.ipv4.ip_local_port_range represents the local port number allowed by the TCP/UDP protocol. Net.ipv4.tcp_max_syn_backlog this parameter determines the number of TCP connections in the system in the SYN_RECV state. SYN_RECV status refers to the stage in which the system responds as a SYN and waits for the other party to reply to the last ACK in the three-way handshake after receiving the SYN+ACK. The maximum number of connection requests that can be saved in the queue for connection requests that have not been confirmed by the other party. If the server is often overloaded, you can try to increase this number. The default is 1024. Net.ipv4.tcp_low_latency allows the TCP/IP stack to adapt to low latency at high throughput, and this option should be disabled. Net.ipv4.tcp_westwood enables congestion control algorithms on the sender side, which maintains an assessment of throughput and attempts to optimize overall bandwidth utilization, which should be enabled for WAN communications. Net.ipv4.tcp_bic enables Binary Increase Congestion for fast, long-distance networks, which makes better use of links that operate at GB speed, which should be enabled for WAN communications. Net.ipv4.tcp_max_tw_buckets this parameter sets the number of TIME_WAIT for the system, which will be cleared immediately if the default value is exceeded. The default is 180000. Net.ipv4.tcp_synack_retries indicates the number of times the SYN+ACK packet is retransmitted when it is in the SYN_RECV state. When net.ipv4.tcp_abort_on_overflow sets this parameter to 1, when the system receives a large number of requests in a short period of time and the relevant application fails to process them, it will send a Reset packet to terminate these links directly. It is recommended to improve processing power by optimizing the efficiency of the application, rather than simply Reset. The default value is 0. The maximum number of routes allowed by the net.ipv4.route.max_size kernel. Forward messages between net.ipv4.ip_forward interfaces. The maximum number of hops a net.ipv4.ip_default_ttl message can pass. Net.netfilter.nf_conntrack_tcp_timeout_established within the specified period, if the established connection is not active, it is cleared through iptables. Maximum value of net.netfilter.nf_conntrack_max hash table item. View and modify Linux instance kernel parameters

Before modifying kernel parameters, you need to be aware of the following:

Starting from the actual needs, try to have the support of relevant data, it is not recommended to adjust kernel parameters at will.

To understand the specific role of parameters, it is important to note that kernel parameters may be different in the same type or version of the environment.

Back up important data in the ECS instance. For information about how to back up data, see creating Snapshots.

This article provides two ways to modify the kernel parameters of a Linux instance.

Method 1: view and modify kernel parameters through the / proc/sys/ directory

The / proc/sys/ directory is a pseudo-directory generated by the Linux kernel after startup. All the kernel parameters opened in the current system are stored in the net folder under the directory. The directory tree structure is related to the full name of the parameters, such as net.ipv4.tcp_tw_recycle, its corresponding file is the / proc/sys/net/ipv4/tcp_tw_recycle file, and the contents of the file are the parameter values. The modified parameter values in method 1 only take effect in the current operation, and will be rolled back to the historical value after the system is rebooted, which is generally used to temporarily verify the effect of the modification. If permanent modification is required, see method 2.

View kernel parameters: use the cat command to view the contents of the corresponding file and execute the following command to view the value of net.ipv4.tcp_tw_recycle.

Cat / proc/sys/net/ipv4/tcp_tw_recycle

Modify the kernel parameters: use the echo command to modify the file corresponding to the kernel parameters, and execute the following command to change the value of net.ipv4.tcp_tw_recycle to 0.

Echo "0" > / proc/sys/net/ipv4/tcp_tw_recycle method 2: view and modify kernel parameters through sysctl.conf file

View kernel parameters: execute the sysctl-a command to see all the parameters that are in effect on the current system, and the system displays something like this.

Net.ipv4.tcp_app_win = 31net.ipv4.tcp_adv_win_scale = 2net.ipv4.tcp_tw_reuse = 0net.ipv4.tcp_frto = 2net.ipv4.tcp_frto_response = 0net.ipv4.tcp_low_latency = 0net.ipv4.tcp_no_metrics_save = 0net.ipv4.tcp_moderate_rcvbuf = 1net.ipv4.tcp_tso_win_divisor = 3net.ipv4.tcp_congestion_control = cubicnet.ipv4.tcp_abc = 0net.ipv4.tcproommtu _ Probing = 0net.ipv4.tcp_base_mss = 512net.ipv4.tcp_workaround_signed_windows = 0net.ipv4.tcp_challenge_ack_limit = 1000net.ipv4.tcp_limit_output_bytes = 262144net.ipv4.tcp_dma_copybreak = 4096net.ipv4.tcp_slow_start_after_idle = 1net.ipv4.cipso_cache_enable = 1net.ipv4.cipso_cache_bucket_size = 10net.ipv4.cipso_rbm_optfmt = 0net.ipv4.cipso_rbm_strictvalid = 1

Modify kernel parameters in two ways.

Note: after adjusting the kernel parameters, the kernel is in an unstable state. Be sure to restart the instance.

Execute the following command to temporarily modify the kernel parameters.

/ sbin/sysctl-w kernel.parameter= "[$Example]"

Note: [$Example] is the parameter value, such as sysctl-w net.ipv4.tcp_tw_recycle= "0" command, change the parameter value to 0.

Modify kernel parameters by modifying the configuration file.

Execute the following command to modify the parameters in the / etc/sysctl.conf file.

Vi / etc/sysctl.conf

Execute the following command to make the configuration effective.

/ sbin/sysctl-p

The above is what are the common kernel network parameters and modification methods of Linux. Have you learned any knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.