原贴：http://www.fcicq.net/wp/?p=197

linux network optimize with sysctl

August 28, 2006 at 21:39:34 · Filed under LAMP, 技术文档

<script type="text/javascript"><!--google_ad_client = "pub-4541717095573647";google_ad_width = 250;google_ad_height = 250;google_ad_format = "250x250_as";google_ad_type = "text_image";//2007-06-10: contentgoogle_ad_channel = "2351211918";google_color_border = "336699";google_color_bg = "FFFFFF";google_color_link = "0000FF";google_color_text = "000000";google_color_url = "008000";//--></script><script src="http://pagead2.googlesyndication.com/pagead/show_ads.js" type="text/javascript"></script><iframe width="250" scrolling="no" height="250" frameborder="0" allowtransparency="true" hspace="0" vspace="0" marginheight="0" marginwidth="0" src="http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-4541717095573647&amp;dt=1190224319615&amp;lmt=1190224317&amp;format=250x250_as&amp;output=html&amp;correlator=1190224319614&amp;channel=2351211918&amp;url=http%3A%2F%2Fwww.fcicq.net%2Fwp%2F%3Fp%3D197&amp;color_bg=FFFFFF&amp;color_text=000000&amp;color_link=0000FF&amp;color_url=008000&amp;color_border=336699&amp;ad_type=text_image&amp;ref=http%3A%2F%2Fwww.google.cn%2Fsearch%3Fcomplete%3D1%26hl%3Dzh-CN%26ie%3DGB2312%26q%3Dlinux%2Bnet.core.netdev_max_backlog%26btnG%3DGoogle%2B%25CB%25D1%25CB%25F7%26meta%3D&amp;cc=100&amp;ga_vid=1221258047.1190224320&amp;ga_sid=1190224320&amp;ga_hid=1982649358&amp;flash=9&amp;u_h=800&amp;u_w=1280&amp;u_ah=776&amp;u_aw=1280&amp;u_cd=24&amp;u_tz=480&amp;u_his=1&amp;u_nplug=2&amp;u_nmime=3" name="google_ads_frame"></iframe>

Disabling the TCP options reduces the overhead of each TCP packet and might help to get the last few percent of performance out of the server. Be aware that disabling these options most likely decreases performance for high-latency and lossy links.
* net.ipv4.tcp_sack = 0
* net.ipv4.tcp_timestamps = 0

Increasing the TCP send and receive buffers will increase the performance a lot if (and only if) you have a lot of large files to send.

* net.ipv4.tcp_wmem = 4096 65536 524288
* net.core.wmem_max = 1048576

If you have a lot of large file uploads, increasing the receive buffers will help.

* net.ipv4.tcp_rmem = 4096 87380 524288
* net.core.rmem_max = 1048576

# These ensure that TIME_WAIT ports either get reused or closed fast.
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_tw_recycle = 1
# TCP memory
net.core.rmem_max = 16777216
net.core.rmem_default = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144

net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2

# you shouldn’t be using conntrack on a heavily loaded server anyway, but these are
# suitably high for our uses, insuring that if conntrack gets turned on, the box doesn’t die
net.ipv4.ip_conntrack_max = 1048576
net.nf_conntrack_max = 1048576

# increase Linux TCP buffer limits
echo 8388608 > /proc/sys/net/core/rmem_max
echo 8388608 > /proc/sys/net/core/wmem_max

# increase Linux autotuning TCP buffer limits
echo "4096 87380 8388608" > /proc/sys/net/ipv4/tcp_rmem
echo "4096 65536 8388608" > /proc/sys/net/ipv4/tcp_wmem

#echo 65536 > /proc/sys/fs/file-max # physical RAM * 256/4

echo "1024 65000" > /proc/sys/net/ipv4/ip_local_port_range

#echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 8192 > /proc/sys/net/ipv4/tcp_max_syn_backlog
# Decrease the time default value for tcp_fin_timeout connection
#echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
#echo 3 > /proc/sys/net/ipv4/tcp_syn_retries
#echo 2 > /proc/sys/net/ipv4/tcp_retries1
# Decrease the time default value for tcp_keepalive_time connection
#echo 1800 >/proc/sys/net/ipv4/tcp_keepalive_time
# Turn off tcp_window_scaling
echo 0 >/proc/sys/net/ipv4/tcp_window_scaling
#echo "67108864" > /proc/sys/kernel/shmmax
# Turn off the tcp_sack
echo 0 >/proc/sys/net/ipv4/tcp_sack # This disables RFC2018 TCP Selective Acknowledgements
#Turn off tcp_timestamps
echo 0 >/proc/sys/net/ipv4/tcp_timestamps # This disables RFC1323 TCP timestamps
echo 5 > /proc/sys/kernel/panic # reboot 5 minutes later then kernel panic

the third:
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_syncookies = 1
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216

Tags: linux, network, notes
Permalink Bookmark on del.icio.us

« 偶对玄箱(kurobox,玄箱网络硬盘盒)做了什么? | Home | How to Get 1000 Uniques From Google? »

友情提示: 评论在文章中所占比例虽然不大, 但它们是文章重要的组成部分.
今天如果你不收藏,明天文章就可能找不到了.

订阅 (By feedsky) (By feedburner)

<script type="text/javascript"><!--google_ad_client = "pub-4541717095573647";google_ad_width = 336;google_ad_height = 280;google_ad_format = "336x280_as";google_ad_type = "text_image";//2007-08-19: content-aftergoogle_ad_channel = "4456241149";google_color_border = "336699";google_color_bg = "FFFFFF";google_color_link = "0000FF";google_color_text = "000000";google_color_url = "008000";//--></script><script src="http://pagead2.googlesyndication.com/pagead/show_ads.js" type="text/javascript"></script><iframe width="336" scrolling="no" height="280" frameborder="0" allowtransparency="true" hspace="0" vspace="0" marginheight="0" marginwidth="0" src="http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-4541717095573647&amp;dt=1190224319657&amp;lmt=1190224317&amp;prev_fmts=250x250_as&amp;format=336x280_as&amp;output=html&amp;correlator=1190224319614&amp;channel=4456241149&amp;url=http%3A%2F%2Fwww.fcicq.net%2Fwp%2F%3Fp%3D197&amp;color_bg=FFFFFF&amp;color_text=000000&amp;color_link=0000FF&amp;color_url=008000&amp;color_border=336699&amp;ad_type=text_image&amp;ref=http%3A%2F%2Fwww.google.cn%2Fsearch%3Fcomplete%3D1%26hl%3Dzh-CN%26ie%3DGB2312%26q%3Dlinux%2Bnet.core.netdev_max_backlog%26btnG%3DGoogle%2B%25CB%25D1%25CB%25F7%26meta%3D&amp;cc=100&amp;ga_vid=1221258047.1190224320&amp;ga_sid=1190224320&amp;ga_hid=1982649358&amp;flash=9&amp;u_h=800&amp;u_w=1280&amp;u_ah=776&amp;u_aw=1280&amp;u_cd=24&amp;u_tz=480&amp;u_his=1&amp;u_nplug=2&amp;u_nmime=3" name="google_ads_frame"></iframe>

4 Comments»

1. fcicq said,

   July 29, 2007 @ 14:07:35

   Lot of tuning

   # Disables packet forwarding
   net.ipv4.ip_forward = 0
   # Enables source route verification
   net.ipv4.conf.default.rp_filter = 1
   # Disables the magic-sysrq key
   kernel.sysrq = 0
   # Decrease the time default value for tcp_fin_timeout connection
   net.ipv4.tcp_fin_timeout = 25
   # Decrease the time default value for tcp_keepalive_time connection
   net.ipv4.tcp_keepalive_time = 3600
   # Turn on the tcp_window_scaling
   net.ipv4.tcp_window_scaling = 1
   # Turn on the tcp_sack
   net.ipv4.tcp_sack = 1
   # tcp_fack should be on because of sack
   net.ipv4.tcp_fack = 1
   # Turn on the tcp_timestamps
   net.ipv4.tcp_timestamps = 1
   # Enable TCP SYN Cookie Protection
   net.ipv4.tcp_syncookies = 1
   # Enable ignoring broadcasts request
   net.ipv4.icmp_echo_ignore_broadcasts = 1
   # Disable ICMP Redirect Acceptance
   net.ipv4.conf.all.accept_redirects = 0
   # Enable bad error message Protection
   net.ipv4.icmp_ignore_bogus_error_responses = 1
   # Don’t Log Spoofed Packets, Source Routed Packets, Redirect Packets
   net.ipv4.conf.all.log_martians = 0
   # Make more local ports available
   net.ipv4.ip_local_port_range = 1024 65000
   # Increase maximum amount of memory allocated to shm
   kernel.shmmax = 1073741824
   # Improve file system performance
   vm.bdflush = 100 1200 128 512 15 5000 500 1884 2
   # This will increase the amount of memory available for socket input/output queues
   net.ipv4.tcp_rmem = 4096 25165824 25165824
   net.core.rmem_max = 25165824
   net.core.rmem_default = 25165824
   net.ipv4.tcp_wmem = 4096 65536 25165824
   net.core.wmem_max = 25165824
   net.core.wmem_default = 65536
   net.core.optmem_max = 25165824

   # If you are feeling daring, you can also use these settings below, otherwise just remove them. (Should increase performance)

   net.core.netdev_max_backlog = 2500
   net.ipv4.tcp_tw_recycle = 1
   net.ipv4.tcp_tw_reuse = 1

2. fcicq said,

   July 29, 2007 @ 14:07:59

   net.ipv4.tcp_rmem = 4096 25165824 25165824
   net.core.rmem_max = 25165824
   net.core.rmem_default = 25165824
   net.ipv4.tcp_wmem = 4096 65536 25165824
   net.core.wmem_max = 25165824
   net.core.wmem_default = 65536

3. fcicq said,

   July 29, 2007 @ 14:08:29

   # Disables packet forwarding
   net.ipv4.ip_forward=0

   # Disables IP source routing
   net.ipv4.conf.all.accept_source_route = 0
   net.ipv4.conf.lo.accept_source_route = 0
   net.ipv4.conf.eth0.accept_source_route = 0
   net.ipv4.conf.default.accept_source_route = 0

   # Enable IP spoofing protection, turn on source route verification
   net.ipv4.conf.all.rp_filter = 1
   net.ipv4.conf.lo.rp_filter = 1
   net.ipv4.conf.eth0.rp_filter = 1
   net.ipv4.conf.default.rp_filter = 1

   # Disable ICMP Redirect Acceptance
   net.ipv4.conf.all.accept_redirects = 0
   net.ipv4.conf.lo.accept_redirects = 0
   net.ipv4.conf.eth0.accept_redirects = 0
   net.ipv4.conf.default.accept_redirects = 0

   # Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
   net.ipv4.conf.all.log_martians = 0
   net.ipv4.conf.lo.log_martians = 0
   net.ipv4.conf.eth0.log_martians = 0

   # Disables IP source routing
   net.ipv4.conf.all.accept_source_route = 0
   net.ipv4.conf.lo.accept_source_route = 0
   net.ipv4.conf.eth0.accept_source_route = 0
   net.ipv4.conf.default.accept_source_route = 0

   # Enable IP spoofing protection, turn on source route verification
   net.ipv4.conf.all.rp_filter = 1
   net.ipv4.conf.lo.rp_filter = 1
   net.ipv4.conf.eth0.rp_filter = 1
   net.ipv4.conf.default.rp_filter = 1

   # Disable ICMP Redirect Acceptance
   net.ipv4.conf.all.accept_redirects = 0
   net.ipv4.conf.lo.accept_redirects = 0
   net.ipv4.conf.eth0.accept_redirects = 0
   net.ipv4.conf.default.accept_redirects = 0

   # Disables the magic-sysrq key
   kernel.sysrq = 0

   # Decrease the time default value for tcp_fin_timeout connection
   net.ipv4.tcp_fin_timeout = 15

   # Decrease the time default value for tcp_keepalive_time connection
   net.ipv4.tcp_keepalive_time = 1800

   # Turn off the tcp_window_scaling
   net.ipv4.tcp_window_scaling = 0

   # Turn off the tcp_sack
   net.ipv4.tcp_sack = 0

   # Turn off the tcp_timestamps
   net.ipv4.tcp_timestamps = 0

   # Enable TCP SYN Cookie Protection
   net.ipv4.tcp_syncookies = 1

   # Enable ignoring broadcasts request
   net.ipv4.icmp_echo_ignore_broadcasts = 1

   # Enable bad error message Protection
   net.ipv4.icmp_ignore_bogus_error_responses = 1

   # Log Spoofed Packets, Source Routed Packets, Redirect Packets
   net.ipv4.conf.all.log_martians = 1

   # Increases the size of the socket queue (effectively, q0).
   net.ipv4.tcp_max_syn_backlog = 1024

   # Increase the tcp-time-wait buckets pool size
   net.ipv4.tcp_max_tw_buckets = 1440000

   # Allowed local port range
   net.ipv4.ip_local_port_range = 16384 65536

4. fcicq said,

   July 30, 2007 @ 14:50:16

   配置Linux内核如何更新dirty buffers到磁盘。
   当缓冲区内的数据完全dirty，使用：sysctl -w vm.bdflush=”30 500 0 0 500 3000 60 20 0″
   vm.bdflush有9个参数，但是建议只改变其中的3个：
   1 nfract, 为排队写入磁盘前，bdflush daemon允许的缓冲区最大百分比
   2 ndirty, 为bdflush即刻写的最大缓冲区的值。如果这个值很大，bdflush需要更多的时间完成磁盘的数据更新。
   7 nfract_sync, 发生同步前，缓冲区变dirty的最大百分比。
   配置kswapd daemon，指定Linux的内存交换页数量
   sysctl -w vm.kswapd=”1024 32 64″
   三个参数的描述如下：
   – tries_base 相当于内核每次所交换的“页”的数量的四倍。对于有很多交换信息的系统，增加这个值可以改进性能。
   – tries_min 是每次kswapd swaps出去的pages的最小数量。
   – swap_cluster 是kswapd 即刻写如的pages数量。数值小，会提高磁盘I/O的性能；数值大可能也会对请求队列产生负面影响。
   如果要对这些参数进行改动，请使用工具vmstat检查对性能的影响。其它可以改进性能的虚拟内存参数为：
   _ buffermem
   _ freepages
   _ overcommit_memory
   _ page-cluster
   _ pagecache
   _ pagetable_cache

· TrackBack URI