linux network optimize with sysctl

最新推荐文章于 2024-08-28 08:09:21 发布
转载 最新推荐文章于 2024-08-28 08:09:21 发布 · 1.8k 阅读 · 0
文章标签:

#linux #network #tcp #redirect #performance #filter

本文提供了针对Linux系统的网络性能调优方法,包括禁用部分TCP选项以减少开销、增大TCP收发缓存来提升传输大量文件时的性能、调整TIME_WAIT状态的端口管理和优化内核参数等。
原贴:http://www.fcicq.net/wp/?p=197

linux network optimize with sysctl

August 28, 2006 at 21:39:34 · Filed under LAMP, 技术文档

<script src="http://pagead2.googlesyndication.com/pagead/show_ads.js" type="text/javascript"> </script> width="250" scrolling="no" height="250" frameborder="0" allowtransparency="true" hspace="0" vspace="0" marginheight="0" marginwidth="0" src="http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-4541717095573647&dt=1190224319615&lmt=1190224317&format=250x250_as&output=html&correlator=1190224319614&channel=2351211918&url=http%3A%2F%2Fwww.fcicq.net%2Fwp%2F%3Fp%3D197&color_bg=FFFFFF&color_text=000000&color_link=0000FF&color_url=008000&color_border=336699&ad_type=text_image&ref=http%3A%2F%2Fwww.google.cn%2Fsearch%3Fcomplete%3D1%26hl%3Dzh-CN%26ie%3DGB2312%26q%3Dlinux%2Bnet.core.netdev_max_backlog%26btnG%3DGoogle%2B%25CB%25D1%25CB%25F7%26meta%3D&cc=100&ga_vid=1221258047.1190224320&ga_sid=1190224320&ga_hid=1982649358&flash=9&u_h=800&u_w=1280&u_ah=776&u_aw=1280&u_cd=24&u_tz=480&u_his=1&u_nplug=2&u_nmime=3" name="google_ads_frame">

Disabling the TCP options reduces the overhead of each TCP packet and might help to get the last few percent of performance out of the server. Be aware that disabling these options most likely decreases performance for high-latency and lossy links.
* net.ipv4.tcp_sack = 0
* net.ipv4.tcp_timestamps = 0

Increasing the TCP send and receive buffers will increase the performance a lot if (and only if) you have a lot of large files to send.

* net.ipv4.tcp_wmem = 4096 65536 524288
* net.core.wmem_max = 1048576

If you have a lot of large file uploads, increasing the receive buffers will help.

* net.ipv4.tcp_rmem = 4096 87380 524288
* net.core.rmem_max = 1048576

# These ensure that TIME_WAIT ports either get reused or closed fast.
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_tw_recycle = 1
# TCP memory
net.core.rmem_max = 16777216
net.core.rmem_default = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144

net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2

# you shouldn’t be using conntrack on a heavily loaded server anyway, but these are
# suitably high for our uses, insuring that if conntrack gets turned on, the box doesn’t die
net.ipv4.ip_conntrack_max = 1048576
net.nf_conntrack_max = 1048576

# increase Linux TCP buffer limits
echo 8388608 > /proc/sys/net/core/rmem_max
echo 8388608 > /proc/sys/net/core/wmem_max

# increase Linux autotuning TCP buffer limits
echo "4096 87380 8388608" > /proc/sys/net/ipv4/tcp_rmem
echo "4096 65536 8388608" > /proc/sys/net/ipv4/tcp_wmem

#echo 65536 > /proc/sys/fs/file-max # physical RAM * 256/4

echo "1024 65000" > /proc/sys/net/ipv4/ip_local_port_range

#echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 8192 > /proc/sys/net/ipv4/tcp_max_syn_backlog
# Decrease the time default value for tcp_fin_timeout connection
#echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
#echo 3 > /proc/sys/net/ipv4/tcp_syn_retries
#echo 2 > /proc/sys/net/ipv4/tcp_retries1
# Decrease the time default value for tcp_keepalive_time connection
#echo 1800 >/proc/sys/net/ipv4/tcp_keepalive_time
# Turn off tcp_window_scaling
echo 0 >/proc/sys/net/ipv4/tcp_window_scaling
#echo "67108864" > /proc/sys/kernel/shmmax
# Turn off the tcp_sack
echo 0 >/proc/sys/net/ipv4/tcp_sack # This disables RFC2018 TCP Selective Acknowledgements
#Turn off tcp_timestamps
echo 0 >/proc/sys/net/ipv4/tcp_timestamps # This disables RFC1323 TCP timestamps
echo 5 > /proc/sys/kernel/panic # reboot 5 minutes later then kernel panic

the third:
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_syncookies = 1
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216

Tags: linux, network, notes
Bookmark on del.icio.us

友情提示: 评论在文章中所占比例虽然不大, 但它们是文章重要的组成部分.
今天如果你不收藏,明天文章就可能找不到了.

订阅 (By feedsky) (By feedburner)

width="336" scrolling="no" height="280" frameborder="0" allowtransparency="true" hspace="0" vspace="0" marginheight="0" marginwidth="0" src="http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-4541717095573647&dt=1190224319657&lmt=1190224317&prev_fmts=250x250_as&format=336x280_as&output=html&correlator=1190224319614&channel=4456241149&url=http%3A%2F%2Fwww.fcicq.net%2Fwp%2F%3Fp%3D197&color_bg=FFFFFF&color_text=000000&color_link=0000FF&color_url=008000&color_border=336699&ad_type=text_image&ref=http%3A%2F%2Fwww.google.cn%2Fsearch%3Fcomplete%3D1%26hl%3Dzh-CN%26ie%3DGB2312%26q%3Dlinux%2Bnet.core.netdev_max_backlog%26btnG%3DGoogle%2B%25CB%25D1%25CB%25F7%26meta%3D&cc=100&ga_vid=1221258047.1190224320&ga_sid=1190224320&ga_hid=1982649358&flash=9&u_h=800&u_w=1280&u_ah=776&u_aw=1280&u_cd=24&u_tz=480&u_his=1&u_nplug=2&u_nmime=3" name="google_ads_frame">

4 Comments »

  1. fcicq said,

    July 29, 2007 @ 14:07:35

    Lot of tuning

    # Disables packet forwarding
    net.ipv4.ip_forward = 0
    # Enables source route verification
    net.ipv4.conf.default.rp_filter = 1
    # Disables the magic-sysrq key
    kernel.sysrq = 0
    # Decrease the time default value for tcp_fin_timeout connection
    net.ipv4.tcp_fin_timeout = 25
    # Decrease the time default value for tcp_keepalive_time connection
    net.ipv4.tcp_keepalive_time = 3600
    # Turn on the tcp_window_scaling
    net.ipv4.tcp_window_scaling = 1
    # Turn on the tcp_sack
    net.ipv4.tcp_sack = 1
    # tcp_fack should be on because of sack
    net.ipv4.tcp_fack = 1
    # Turn on the tcp_timestamps
    net.ipv4.tcp_timestamps = 1
    # Enable TCP SYN Cookie Protection
    net.ipv4.tcp_syncookies = 1
    # Enable ignoring broadcasts request
    net.ipv4.icmp_echo_ignore_broadcasts = 1
    # Disable ICMP Redirect Acceptance
    net.ipv4.conf.all.accept_redirects = 0
    # Enable bad error message Protection
    net.ipv4.icmp_ignore_bogus_error_responses = 1
    # Don’t Log Spoofed Packets, Source Routed Packets, Redirect Packets
    net.ipv4.conf.all.log_martians = 0
    # Make more local ports available
    net.ipv4.ip_local_port_range = 1024 65000
    # Increase maximum amount of memory allocated to shm
    kernel.shmmax = 1073741824
    # Improve file system performance
    vm.bdflush = 100 1200 128 512 15 5000 500 1884 2
    # This will increase the amount of memory available for socket input/output queues
    net.ipv4.tcp_rmem = 4096 25165824 25165824
    net.core.rmem_max = 25165824
    net.core.rmem_default = 25165824
    net.ipv4.tcp_wmem = 4096 65536 25165824
    net.core.wmem_max = 25165824
    net.core.wmem_default = 65536
    net.core.optmem_max = 25165824

    # If you are feeling daring, you can also use these settings below, otherwise just remove them. (Should increase performance)

    net.core.netdev_max_backlog = 2500
    net.ipv4.tcp_tw_recycle = 1
    net.ipv4.tcp_tw_reuse = 1

  2. fcicq said,

    July 29, 2007 @ 14:07:59

    net.ipv4.tcp_rmem = 4096 25165824 25165824
    net.core.rmem_max = 25165824
    net.core.rmem_default = 25165824
    net.ipv4.tcp_wmem = 4096 65536 25165824
    net.core.wmem_max = 25165824
    net.core.wmem_default = 65536

  3. fcicq said,

    July 29, 2007 @ 14:08:29

    # Disables packet forwarding
    net.ipv4.ip_forward=0

    # Disables IP source routing
    net.ipv4.conf.all.accept_source_route = 0
    net.ipv4.conf.lo.accept_source_route = 0
    net.ipv4.conf.eth0.accept_source_route = 0
    net.ipv4.conf.default.accept_source_route = 0

    # Enable IP spoofing protection, turn on source route verification
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.lo.rp_filter = 1
    net.ipv4.conf.eth0.rp_filter = 1
    net.ipv4.conf.default.rp_filter = 1

    # Disable ICMP Redirect Acceptance
    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.lo.accept_redirects = 0
    net.ipv4.conf.eth0.accept_redirects = 0
    net.ipv4.conf.default.accept_redirects = 0

    # Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
    net.ipv4.conf.all.log_martians = 0
    net.ipv4.conf.lo.log_martians = 0
    net.ipv4.conf.eth0.log_martians = 0

    # Disables IP source routing
    net.ipv4.conf.all.accept_source_route = 0
    net.ipv4.conf.lo.accept_source_route = 0
    net.ipv4.conf.eth0.accept_source_route = 0
    net.ipv4.conf.default.accept_source_route = 0

    # Enable IP spoofing protection, turn on source route verification
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.lo.rp_filter = 1
    net.ipv4.conf.eth0.rp_filter = 1
    net.ipv4.conf.default.rp_filter = 1

    # Disable ICMP Redirect Acceptance
    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.lo.accept_redirects = 0
    net.ipv4.conf.eth0.accept_redirects = 0
    net.ipv4.conf.default.accept_redirects = 0

    # Disables the magic-sysrq key
    kernel.sysrq = 0

    # Decrease the time default value for tcp_fin_timeout connection
    net.ipv4.tcp_fin_timeout = 15

    # Decrease the time default value for tcp_keepalive_time connection
    net.ipv4.tcp_keepalive_time = 1800

    # Turn off the tcp_window_scaling
    net.ipv4.tcp_window_scaling = 0

    # Turn off the tcp_sack
    net.ipv4.tcp_sack = 0

    # Turn off the tcp_timestamps
    net.ipv4.tcp_timestamps = 0

    # Enable TCP SYN Cookie Protection
    net.ipv4.tcp_syncookies = 1

    # Enable ignoring broadcasts request
    net.ipv4.icmp_echo_ignore_broadcasts = 1

    # Enable bad error message Protection
    net.ipv4.icmp_ignore_bogus_error_responses = 1

    # Log Spoofed Packets, Source Routed Packets, Redirect Packets
    net.ipv4.conf.all.log_martians = 1

    # Increases the size of the socket queue (effectively, q0).
    net.ipv4.tcp_max_syn_backlog = 1024

    # Increase the tcp-time-wait buckets pool size
    net.ipv4.tcp_max_tw_buckets = 1440000

    # Allowed local port range
    net.ipv4.ip_local_port_range = 16384 65536

  4. fcicq said,

    July 30, 2007 @ 14:50:16

    配置Linux内核如何更新dirty buffers到磁盘。
    当缓冲区内的数据完全dirty,使用:sysctl -w vm.bdflush=”30 500 0 0 500 3000 60 20 0″
    vm.bdflush有9个参数,但是建议只改变其中的3个:
    1 nfract, 为排队写入磁盘前,bdflush daemon允许的缓冲区最大百分比
    2 ndirty, 为bdflush即刻写的最大缓冲区的值。如果这个值很大,bdflush需要更多的时间完成磁盘的数据更新。
    7 nfract_sync, 发生同步前,缓冲区变dirty的最大百分比。
    配置kswapd daemon,指定Linux的内存交换页数量
    sysctl -w vm.kswapd=”1024 32 64″
    三个参数的描述如下:
    – tries_base 相当于内核每次所交换的“页”的数量的四倍。对于有很多交换信息的系统,增加这个值可以改进性能。
    – tries_min 是每次kswapd swaps出去的pages的最小数量。
    – swap_cluster 是kswapd 即刻写如的pages数量。数值小,会提高磁盘I/O的性能;数值大可能也会对请求队列产生负面影响。
    如果要对这些参数进行改动,请使用工具vmstat检查对性能的影响。其它可以改进性能的虚拟内存参数为:
    _ buffermem
    _ freepages
    _ overcommit_memory
    _ page-cluster
    _ pagecache
    _ pagetable_cache

· TrackBack URI

 
Linux 内存调优之如何限制进程、系统级别内存资源
山河已无恙
08-03 251
博文内容涉及 通过Cgroup ,ulimit,内核参数等限制进程、系统级别内存资源理解不足小伙伴帮忙指正 😃,生活加油我看远山,远山悲悯持续分享技术干货,感兴趣小伙伴可以关注下。
关于 Linux中系统调优的一些笔记
山河已无恙
10-24 5123
我突然又明白,死亡是聪明的兄长,我们可以放心地把自己托付给他,他会知道在我们有所准备的适当时刻前来。我也突然懂得,原来痛苦、失望和悲愁不是为了惹恼我们,使我们气馁或者无地自容;它们的存在,是为了使我们心智成熟,臻于完善。—赫尔曼·黑塞《彼得·卡门青》...
optimize:调整现代 Linux 系统以获得更好的桌面性能
06-17
优化 调整现代 Linux 系统以获得更好的桌面性能。 欢迎请求额外的调整! 要求 猛击 ,用于与配置相关的调整 快速手动安装setconf 下载文件并将其解压缩到临时目录并安装可执行文件和手册页。 (如果您不想使用 sudo,请以 root 身份运行安装命令): curl -o- http://setconf.roboticoverlords.org/setconf-0.6.6.tar.xz | tar JxC /tmp sudo install -Dm755 /tmp/setconf-0.6.6/setconf.py /usr/bin/setconf sudo install -Dm644 /tmp/setconf-0.6.6/setconf.1.gz /usr/share/man/man1/setconf.1.gz setconf 带有自检,如果您想检查它是否正常工作:
linux optimizer,linux命令1—安装optimizer(示例代码)
weixin_30324561的博客
05-26 306
ZendChina官方:下面介绍一下关于在linux环境下ZendOptimizer3.3的安装方法。本篇文章是基于RHEL5架构的linux系统。(1)ZendOptimizer3.3.3版本的安装。ZendOptimizer3.3.3下载地址:安装:#wgethttp://down1.chinaunix.net/distfiles/ZendOptimizer-3.3.3-linux...
Linux Optimizer 项目教程
gitblog_00626的博客
08-28 408
Linux Optimizer 项目教程 1. 项目的目录结构及介绍 Linux Optimizer 项目的目录结构相对简单,主要包含以下文件和目录: LICENSE: 项目的许可证文件,采用 MIT 许可证。 README.md: 项目的说明文档,包含项目的基本介绍、使用方法和注意事项。 linux-optimizer.sh: 项目的主脚本文件,用于执行优化操作。 2. 项目的启动文件介绍 ...
linux内核参数优化重要项
厚嘉的it窝
10-21 514
#optimize network performance net.ipv4.tcp_max_syn_backlog = 8192 net.ipv4.tcp_synack_retries= 3 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_syn_retries = 3 net.core.somaxconn = 262144 kernel.sysrq = 1 net.ipv4.ip_no_pmtu_disc = 1 net.ipv4.tcp_keepalive
linux下GCC编译代码的优化方法总结
行而不辍,未来可期 - King
08-16 3215
代码优化指的是编译器通过分析源代码,找出其中尚未达到最优的部分,然后对其重新进行组合,目的是改善程序的执行性能。      GCC提供的代码优化功能非常强大,它通过编译选项-On来控制优化代码的生成,其中n是一个代表优化级别的整数。      对于不同版本的GCC来讲,n的取值范围及其对应的优化效果可能并不完全相同,比较典型的范围是从0变化到2或3。      编译时使用选项-O可以告诉
linux 网络速度慢
最新发布
03-14
def optimize_network(): """执行一系列命令用于提升Linux主机上的网络效能""" commands = [ "sysctl -w net.core.rmem_max=16777216", "sysctl -w net.core.wmem_max=16777216", "sysctl -w ...
porting linux 5.5.3 & u-boot 2020.04-rc2 to stm32f429-discovery board
Embedded System 开发记录
02-26 4870
just create a outline with kernel startup log here, will add detail steps some times later u-boot configure, compile openocd script linux configure, compile stm32 2m flash memory map use mkimag...
linux 内核编译选项详解
12-09 3246
Code maturity level options  [代码成熟度选项]                 Prompt for development and/or incomplete code/drivers [使能尚在开发中或尚未完成的代码与驱动.除非你是测试人员或者开发者,否则请勿选择] General setup             Local version - ap
sysctl命令
啥也不是
10-30 768
本文介绍sysctl命令。一、功能该命令用于配置内核参数,sysctl配置与显示在/proc/sys目录中的内核参数。二、参数 -w 临时改变某个指定参数的值,如 sysctl -w net.ipv4.ip_forward=1-a 显示所有的系统参数 -p 从指定的文件加载系统参数,如不指定即从/etc/sysctl.conf中加载,示例如下: sysctl -p /etc/sysct
sysctlLinux内核/网络的设置说明
fishermen
01-11 406
通过/etc/sysctl.conf控制和配置Linux内核及网络设置。 #忽略icmp ping广播包,应开启,避免放大攻击 net.ipv4.icmp_echo_ignore_broadcasts = 1 # 开启恶意icmp错误消息保护 net.ipv4.icmp_ignore_bogus_error_responses = 1 # 开启SYN洪水攻击保护,表示开启...
Linux: sysctlsysctl 配置选项说明
mzhan017的博客
06-16 1300
带有非法地址的包,称为martians 包,火星包。
linux 内核参数 rss,容器内核参数
weixin_29605669的博客
05-01 811
容器安全-内核参数?容器与宿主机共用内核,修改内核参数可能会影响到宿主机和其他容器。非特权容器大部分内核参数无法修改,可以修改的内核参数主要涉及到 IPC Namespace和Net Namespace,可修改内核参数需要满足3个条件docker白名单可命名空间化容器中可见docker白名单IPC Namespace kernel.msgmax kernel.msgmnb kernel.msgmn...
sysctl命令详解
hncdsun的专栏
12-28 11万+
个人一般sysctl -p 或sysctl -a比较多使用  sysctl配置与显示在/proc/sys目录中的内核参数.可以用sysctl来设置或重新设置联网功能,如IP转发、IP碎片去除以及源路由检查等。用户只需要编辑/etc/sysctl.conf文件,即可手工或自动执行由sysctl控制的功能。     命令格式:    sysctl [-n] [-e] -w vari
Linux 内核网络优化
ysdaniel的专栏
02-29 1万+
核心的网络功能,所以相关的设定数据都是放置在 /proc/sys/net/ipv4/ 这个目录当中。 至于该目录下各个档案的详细资料,建议大家可以参考核心的说明文件: /usr/src/linux-{version}/networking/ip-sysctl.txt  RHEL 6.0: /usr/src/kernels/2.6.32-71.el6.i686/net/ipv4/Kco
Linux性能优化 - CPU优化
李嘉图呀李嘉图的博客
08-22 3420
CPU优从应用程序和系统的角度,分别来看看如何才能降低CPU使用率,提高CPU的并行处理能力。
Linux系统中sysctl命令详解 sysctl -p、sysctl -a、sysctl -w
热门推荐
phymat.nico的专栏
12-31 18万+
sysctl命令用于运行时配置内核参数,这些参数位于/proc/sys目录下。sysctl配置与显示在/proc/sys目录中的内核参数.可以用sysctl来设置或重新设置联网功能,如IP转发、IP碎片去除以及源路由检查等。用户只需要编辑/etc/sysctl.conf文件,即可手工或自动执行由sysctl控制的功能。     命令格式:     sysctl [-n] [-e] -w v
systemd.network网络配置
Huangxiang6的博客
10-26 7704
译者:金步国 描述 网络配置的操作由 systemd-networkd.service(8) 执行。 注意,网络设备的Network文件必须以 .network 作为后缀名,否则将被忽略。 一旦与Network文件匹配的网卡出现,对应的Network文件就会立即生效。 Network文件分别位于: 系统网络目录(/usr/lib/systemd/network)、 运行时网络目录(/run/systemd/network)、 本机网络目录(/etc/systemd/network)。 所有的Network
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值