linux network optimize with sysctl

原贴:http://www.fcicq.net/wp/?p=197

linux network optimize with sysctl

<script type="text/javascript"> </script> <script src="http://pagead2.googlesyndication.com/pagead/show_ads.js" type="text/javascript"> </script> width="250" scrolling="no" height="250" frameborder="0" allowtransparency="true" hspace="0" vspace="0" marginheight="0" marginwidth="0" src="http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-4541717095573647&dt=1190224319615&lmt=1190224317&format=250x250_as&output=html&correlator=1190224319614&channel=2351211918&url=http%3A%2F%2Fwww.fcicq.net%2Fwp%2F%3Fp%3D197&color_bg=FFFFFF&color_text=000000&color_link=0000FF&color_url=008000&color_border=336699&ad_type=text_image&ref=http%3A%2F%2Fwww.google.cn%2Fsearch%3Fcomplete%3D1%26hl%3Dzh-CN%26ie%3DGB2312%26q%3Dlinux%2Bnet.core.netdev_max_backlog%26btnG%3DGoogle%2B%25CB%25D1%25CB%25F7%26meta%3D&cc=100&ga_vid=1221258047.1190224320&ga_sid=1190224320&ga_hid=1982649358&flash=9&u_h=800&u_w=1280&u_ah=776&u_aw=1280&u_cd=24&u_tz=480&u_his=1&u_nplug=2&u_nmime=3" name="google_ads_frame">

Disabling the TCP options reduces the overhead of each TCP packet and might help to get the last few percent of performance out of the server. Be aware that disabling these options most likely decreases performance for high-latency and lossy links.
* net.ipv4.tcp_sack = 0
* net.ipv4.tcp_timestamps = 0

Increasing the TCP send and receive buffers will increase the performance a lot if (and only if) you have a lot of large files to send.

* net.ipv4.tcp_wmem = 4096 65536 524288
* net.core.wmem_max = 1048576

If you have a lot of large file uploads, increasing the receive buffers will help.

* net.ipv4.tcp_rmem = 4096 87380 524288
* net.core.rmem_max = 1048576

# These ensure that TIME_WAIT ports either get reused or closed fast.
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_tw_recycle = 1
# TCP memory
net.core.rmem_max = 16777216
net.core.rmem_default = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144

net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2

# you shouldn’t be using conntrack on a heavily loaded server anyway, but these are
# suitably high for our uses, insuring that if conntrack gets turned on, the box doesn’t die
net.ipv4.ip_conntrack_max = 1048576
net.nf_conntrack_max = 1048576

# increase Linux TCP buffer limits
echo 8388608 > /proc/sys/net/core/rmem_max
echo 8388608 > /proc/sys/net/core/wmem_max

# increase Linux autotuning TCP buffer limits
echo "4096 87380 8388608" > /proc/sys/net/ipv4/tcp_rmem
echo "4096 65536 8388608" > /proc/sys/net/ipv4/tcp_wmem

#echo 65536 > /proc/sys/fs/file-max # physical RAM * 256/4

echo "1024 65000" > /proc/sys/net/ipv4/ip_local_port_range

#echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 8192 > /proc/sys/net/ipv4/tcp_max_syn_backlog
# Decrease the time default value for tcp_fin_timeout connection
#echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
#echo 3 > /proc/sys/net/ipv4/tcp_syn_retries
#echo 2 > /proc/sys/net/ipv4/tcp_retries1
# Decrease the time default value for tcp_keepalive_time connection
#echo 1800 >/proc/sys/net/ipv4/tcp_keepalive_time
# Turn off tcp_window_scaling
echo 0 >/proc/sys/net/ipv4/tcp_window_scaling
#echo "67108864" > /proc/sys/kernel/shmmax
# Turn off the tcp_sack
echo 0 >/proc/sys/net/ipv4/tcp_sack # This disables RFC2018 TCP Selective Acknowledgements
#Turn off tcp_timestamps
echo 0 >/proc/sys/net/ipv4/tcp_timestamps # This disables RFC1323 TCP timestamps
echo 5 > /proc/sys/kernel/panic # reboot 5 minutes later then kernel panic

the third:
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_syncookies = 1
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216

Tags: linux, network, notes
Bookmark on del.icio.us

<script type="text/javascript"> </script> 友情提示: 评论在文章中所占比例虽然不大, 但它们是文章重要的组成部分.
今天如果你不收藏,明天文章就可能找不到了.

订阅 (By feedsky) (By feedburner)

<script type="text/javascript"> </script> <script src="http://pagead2.googlesyndication.com/pagead/show_ads.js" type="text/javascript"> </script> width="336" scrolling="no" height="280" frameborder="0" allowtransparency="true" hspace="0" vspace="0" marginheight="0" marginwidth="0" src="http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-4541717095573647&dt=1190224319657&lmt=1190224317&prev_fmts=250x250_as&format=336x280_as&output=html&correlator=1190224319614&channel=4456241149&url=http%3A%2F%2Fwww.fcicq.net%2Fwp%2F%3Fp%3D197&color_bg=FFFFFF&color_text=000000&color_link=0000FF&color_url=008000&color_border=336699&ad_type=text_image&ref=http%3A%2F%2Fwww.google.cn%2Fsearch%3Fcomplete%3D1%26hl%3Dzh-CN%26ie%3DGB2312%26q%3Dlinux%2Bnet.core.netdev_max_backlog%26btnG%3DGoogle%2B%25CB%25D1%25CB%25F7%26meta%3D&cc=100&ga_vid=1221258047.1190224320&ga_sid=1190224320&ga_hid=1982649358&flash=9&u_h=800&u_w=1280&u_ah=776&u_aw=1280&u_cd=24&u_tz=480&u_his=1&u_nplug=2&u_nmime=3" name="google_ads_frame">

4 Comments »

  1. fcicq said,

    July 29, 2007 @ 14:07:35

    Lot of tuning

    # Disables packet forwarding
    net.ipv4.ip_forward = 0
    # Enables source route verification
    net.ipv4.conf.default.rp_filter = 1
    # Disables the magic-sysrq key
    kernel.sysrq = 0
    # Decrease the time default value for tcp_fin_timeout connection
    net.ipv4.tcp_fin_timeout = 25
    # Decrease the time default value for tcp_keepalive_time connection
    net.ipv4.tcp_keepalive_time = 3600
    # Turn on the tcp_window_scaling
    net.ipv4.tcp_window_scaling = 1
    # Turn on the tcp_sack
    net.ipv4.tcp_sack = 1
    # tcp_fack should be on because of sack
    net.ipv4.tcp_fack = 1
    # Turn on the tcp_timestamps
    net.ipv4.tcp_timestamps = 1
    # Enable TCP SYN Cookie Protection
    net.ipv4.tcp_syncookies = 1
    # Enable ignoring broadcasts request
    net.ipv4.icmp_echo_ignore_broadcasts = 1
    # Disable ICMP Redirect Acceptance
    net.ipv4.conf.all.accept_redirects = 0
    # Enable bad error message Protection
    net.ipv4.icmp_ignore_bogus_error_responses = 1
    # Don’t Log Spoofed Packets, Source Routed Packets, Redirect Packets
    net.ipv4.conf.all.log_martians = 0
    # Make more local ports available
    net.ipv4.ip_local_port_range = 1024 65000
    # Increase maximum amount of memory allocated to shm
    kernel.shmmax = 1073741824
    # Improve file system performance
    vm.bdflush = 100 1200 128 512 15 5000 500 1884 2
    # This will increase the amount of memory available for socket input/output queues
    net.ipv4.tcp_rmem = 4096 25165824 25165824
    net.core.rmem_max = 25165824
    net.core.rmem_default = 25165824
    net.ipv4.tcp_wmem = 4096 65536 25165824
    net.core.wmem_max = 25165824
    net.core.wmem_default = 65536
    net.core.optmem_max = 25165824

    # If you are feeling daring, you can also use these settings below, otherwise just remove them. (Should increase performance)

    net.core.netdev_max_backlog = 2500
    net.ipv4.tcp_tw_recycle = 1
    net.ipv4.tcp_tw_reuse = 1

  2. fcicq said,

    July 29, 2007 @ 14:07:59

    net.ipv4.tcp_rmem = 4096 25165824 25165824
    net.core.rmem_max = 25165824
    net.core.rmem_default = 25165824
    net.ipv4.tcp_wmem = 4096 65536 25165824
    net.core.wmem_max = 25165824
    net.core.wmem_default = 65536

  3. fcicq said,

    July 29, 2007 @ 14:08:29

    # Disables packet forwarding
    net.ipv4.ip_forward=0

    # Disables IP source routing
    net.ipv4.conf.all.accept_source_route = 0
    net.ipv4.conf.lo.accept_source_route = 0
    net.ipv4.conf.eth0.accept_source_route = 0
    net.ipv4.conf.default.accept_source_route = 0

    # Enable IP spoofing protection, turn on source route verification
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.lo.rp_filter = 1
    net.ipv4.conf.eth0.rp_filter = 1
    net.ipv4.conf.default.rp_filter = 1

    # Disable ICMP Redirect Acceptance
    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.lo.accept_redirects = 0
    net.ipv4.conf.eth0.accept_redirects = 0
    net.ipv4.conf.default.accept_redirects = 0

    # Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
    net.ipv4.conf.all.log_martians = 0
    net.ipv4.conf.lo.log_martians = 0
    net.ipv4.conf.eth0.log_martians = 0

    # Disables IP source routing
    net.ipv4.conf.all.accept_source_route = 0
    net.ipv4.conf.lo.accept_source_route = 0
    net.ipv4.conf.eth0.accept_source_route = 0
    net.ipv4.conf.default.accept_source_route = 0

    # Enable IP spoofing protection, turn on source route verification
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.lo.rp_filter = 1
    net.ipv4.conf.eth0.rp_filter = 1
    net.ipv4.conf.default.rp_filter = 1

    # Disable ICMP Redirect Acceptance
    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.lo.accept_redirects = 0
    net.ipv4.conf.eth0.accept_redirects = 0
    net.ipv4.conf.default.accept_redirects = 0

    # Disables the magic-sysrq key
    kernel.sysrq = 0

    # Decrease the time default value for tcp_fin_timeout connection
    net.ipv4.tcp_fin_timeout = 15

    # Decrease the time default value for tcp_keepalive_time connection
    net.ipv4.tcp_keepalive_time = 1800

    # Turn off the tcp_window_scaling
    net.ipv4.tcp_window_scaling = 0

    # Turn off the tcp_sack
    net.ipv4.tcp_sack = 0

    # Turn off the tcp_timestamps
    net.ipv4.tcp_timestamps = 0

    # Enable TCP SYN Cookie Protection
    net.ipv4.tcp_syncookies = 1

    # Enable ignoring broadcasts request
    net.ipv4.icmp_echo_ignore_broadcasts = 1

    # Enable bad error message Protection
    net.ipv4.icmp_ignore_bogus_error_responses = 1

    # Log Spoofed Packets, Source Routed Packets, Redirect Packets
    net.ipv4.conf.all.log_martians = 1

    # Increases the size of the socket queue (effectively, q0).
    net.ipv4.tcp_max_syn_backlog = 1024

    # Increase the tcp-time-wait buckets pool size
    net.ipv4.tcp_max_tw_buckets = 1440000

    # Allowed local port range
    net.ipv4.ip_local_port_range = 16384 65536

  4. fcicq said,

    July 30, 2007 @ 14:50:16

    配置Linux内核如何更新dirty buffers到磁盘。
    当缓冲区内的数据完全dirty,使用:sysctl -w vm.bdflush=”30 500 0 0 500 3000 60 20 0″
    vm.bdflush有9个参数,但是建议只改变其中的3个:
    1 nfract, 为排队写入磁盘前,bdflush daemon允许的缓冲区最大百分比
    2 ndirty, 为bdflush即刻写的最大缓冲区的值。如果这个值很大,bdflush需要更多的时间完成磁盘的数据更新。
    7 nfract_sync, 发生同步前,缓冲区变dirty的最大百分比。
    配置kswapd daemon,指定Linux的内存交换页数量
    sysctl -w vm.kswapd=”1024 32 64″
    三个参数的描述如下:
    – tries_base 相当于内核每次所交换的“页”的数量的四倍。对于有很多交换信息的系统,增加这个值可以改进性能。
    – tries_min 是每次kswapd swaps出去的pages的最小数量。
    – swap_cluster 是kswapd 即刻写如的pages数量。数值小,会提高磁盘I/O的性能;数值大可能也会对请求队列产生负面影响。
    如果要对这些参数进行改动,请使用工具vmstat检查对性能的影响。其它可以改进性能的虚拟内存参数为:
    _ buffermem
    _ freepages
    _ overcommit_memory
    _ page-cluster
    _ pagecache
    _ pagetable_cache

· TrackBack URI

 
### SecureCRT 连接失败与 `smbd` 进程频繁退出解决方案 当遇到 SecureCRT 连接失败以及 `smbd` 进程频繁退出的问题时,可以从以下几个方面着手排查并解决问题。 #### 一、检查网络配置 确保服务器和客户端之间的网络连接稳定。可以尝试通过 ping 命令测试连通性: ```bash ping server_ip_address ``` 如果发现丢包率较高或延迟较大,则可能是网络不稳定造成的连接问题[^2]。 #### 二、验证 SSH 服务状态 确认目标主机上的 SSH 服务是否正常运行,并监听正确的端口(默认为22)。使用如下命令查看 sshd 的工作情况: ```bash systemctl status sshd.service netstat -an | grep ':22' ``` 对于 `smbd` 频繁重启的现象,这通常意味着 Samba 服务存在问题。可以通过日志来查找具体原因: ```bash tail -f /var/log/samba/log.* journalctl -u smb.service --since "1 hour ago" ``` 这些日志可以帮助定位到具体的错误信息,从而进一步分析是由于权限设置不当还是其他因素引起的异常终止。 #### 三、调整内核参数优化 TCP/IP 性能 有时为了提高系统的并发处理能力或者适应特定的应用场景,可能需要对 Linux 内核中的某些 TCP 参数做出适当修改。编辑 `/etc/sysctl.conf` 文件加入以下内容: ```bash # Increase system file descriptor limit fs.file-max = 655350 # Optimize network buffer sizes and timeouts net.core.rmem_max=16777216 net.ipv4.tcp_rmem = 4096 87380 16777216 net.ipv4.tcp_wmem = 4096 65536 16777216 net.ipv4.tcp_keepalive_time = 1200 net.ipv4.tcp_fin_timeout = 30 net.ipv4.ip_local_port_range = 1024 65000 ``` 保存更改后执行 sysctl -p 应用新的配置项。此类操作有助于改善长时间保持会话状态下可能出现的数据传输中断等问题。 #### 四、更新软件版本 考虑到安全性和兼容性的角度出发,建议定期升级操作系统及其上安装的各种应用程序至最新稳定版。特别是像 OpenSSH 和 Samba 这样的关键组件更应该及时打补丁修复已知漏洞。 ---
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值