linux network optimize with sysctl

最新推荐文章于 2025-05-22 13:16:34 发布
最新推荐文章于 2025-05-22 13:16:34 发布
阅读量1.8k 收藏
点赞数
分类专栏: lamp系统优化 文章标签: linux network tcp redirect performance filter
原贴:http://www.fcicq.net/wp/?p=197

linux network optimize with sysctl

August 28, 2006 at 21:39:34 · Filed under LAMP, 技术文档

<script type="text/javascript"> </script> <script src="http://pagead2.googlesyndication.com/pagead/show_ads.js" type="text/javascript"> </script> width="250" scrolling="no" height="250" frameborder="0" allowtransparency="true" hspace="0" vspace="0" marginheight="0" marginwidth="0" src="http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-4541717095573647&dt=1190224319615&lmt=1190224317&format=250x250_as&output=html&correlator=1190224319614&channel=2351211918&url=http%3A%2F%2Fwww.fcicq.net%2Fwp%2F%3Fp%3D197&color_bg=FFFFFF&color_text=000000&color_link=0000FF&color_url=008000&color_border=336699&ad_type=text_image&ref=http%3A%2F%2Fwww.google.cn%2Fsearch%3Fcomplete%3D1%26hl%3Dzh-CN%26ie%3DGB2312%26q%3Dlinux%2Bnet.core.netdev_max_backlog%26btnG%3DGoogle%2B%25CB%25D1%25CB%25F7%26meta%3D&cc=100&ga_vid=1221258047.1190224320&ga_sid=1190224320&ga_hid=1982649358&flash=9&u_h=800&u_w=1280&u_ah=776&u_aw=1280&u_cd=24&u_tz=480&u_his=1&u_nplug=2&u_nmime=3" name="google_ads_frame">

Disabling the TCP options reduces the overhead of each TCP packet and might help to get the last few percent of performance out of the server. Be aware that disabling these options most likely decreases performance for high-latency and lossy links.
* net.ipv4.tcp_sack = 0
* net.ipv4.tcp_timestamps = 0

Increasing the TCP send and receive buffers will increase the performance a lot if (and only if) you have a lot of large files to send.

* net.ipv4.tcp_wmem = 4096 65536 524288
* net.core.wmem_max = 1048576

If you have a lot of large file uploads, increasing the receive buffers will help.

* net.ipv4.tcp_rmem = 4096 87380 524288
* net.core.rmem_max = 1048576

# These ensure that TIME_WAIT ports either get reused or closed fast.
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_tw_recycle = 1
# TCP memory
net.core.rmem_max = 16777216
net.core.rmem_default = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144

net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2

# you shouldn’t be using conntrack on a heavily loaded server anyway, but these are
# suitably high for our uses, insuring that if conntrack gets turned on, the box doesn’t die
net.ipv4.ip_conntrack_max = 1048576
net.nf_conntrack_max = 1048576

# increase Linux TCP buffer limits
echo 8388608 > /proc/sys/net/core/rmem_max
echo 8388608 > /proc/sys/net/core/wmem_max

# increase Linux autotuning TCP buffer limits
echo "4096 87380 8388608" > /proc/sys/net/ipv4/tcp_rmem
echo "4096 65536 8388608" > /proc/sys/net/ipv4/tcp_wmem

#echo 65536 > /proc/sys/fs/file-max # physical RAM * 256/4

echo "1024 65000" > /proc/sys/net/ipv4/ip_local_port_range

#echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 8192 > /proc/sys/net/ipv4/tcp_max_syn_backlog
# Decrease the time default value for tcp_fin_timeout connection
#echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
#echo 3 > /proc/sys/net/ipv4/tcp_syn_retries
#echo 2 > /proc/sys/net/ipv4/tcp_retries1
# Decrease the time default value for tcp_keepalive_time connection
#echo 1800 >/proc/sys/net/ipv4/tcp_keepalive_time
# Turn off tcp_window_scaling
echo 0 >/proc/sys/net/ipv4/tcp_window_scaling
#echo "67108864" > /proc/sys/kernel/shmmax
# Turn off the tcp_sack
echo 0 >/proc/sys/net/ipv4/tcp_sack # This disables RFC2018 TCP Selective Acknowledgements
#Turn off tcp_timestamps
echo 0 >/proc/sys/net/ipv4/tcp_timestamps # This disables RFC1323 TCP timestamps
echo 5 > /proc/sys/kernel/panic # reboot 5 minutes later then kernel panic

the third:
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_syncookies = 1
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216

Tags: linux, network, notes
Bookmark on del.icio.us

<script type="text/javascript"> </script> 友情提示: 评论在文章中所占比例虽然不大, 但它们是文章重要的组成部分.
今天如果你不收藏,明天文章就可能找不到了.

订阅 (By feedsky) (By feedburner)

<script type="text/javascript"> </script> <script src="http://pagead2.googlesyndication.com/pagead/show_ads.js" type="text/javascript"> </script> width="336" scrolling="no" height="280" frameborder="0" allowtransparency="true" hspace="0" vspace="0" marginheight="0" marginwidth="0" src="http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-4541717095573647&dt=1190224319657&lmt=1190224317&prev_fmts=250x250_as&format=336x280_as&output=html&correlator=1190224319614&channel=4456241149&url=http%3A%2F%2Fwww.fcicq.net%2Fwp%2F%3Fp%3D197&color_bg=FFFFFF&color_text=000000&color_link=0000FF&color_url=008000&color_border=336699&ad_type=text_image&ref=http%3A%2F%2Fwww.google.cn%2Fsearch%3Fcomplete%3D1%26hl%3Dzh-CN%26ie%3DGB2312%26q%3Dlinux%2Bnet.core.netdev_max_backlog%26btnG%3DGoogle%2B%25CB%25D1%25CB%25F7%26meta%3D&cc=100&ga_vid=1221258047.1190224320&ga_sid=1190224320&ga_hid=1982649358&flash=9&u_h=800&u_w=1280&u_ah=776&u_aw=1280&u_cd=24&u_tz=480&u_his=1&u_nplug=2&u_nmime=3" name="google_ads_frame">

4 Comments »

  1. fcicq said,

    July 29, 2007 @ 14:07:35

    Lot of tuning

    # Disables packet forwarding
    net.ipv4.ip_forward = 0
    # Enables source route verification
    net.ipv4.conf.default.rp_filter = 1
    # Disables the magic-sysrq key
    kernel.sysrq = 0
    # Decrease the time default value for tcp_fin_timeout connection
    net.ipv4.tcp_fin_timeout = 25
    # Decrease the time default value for tcp_keepalive_time connection
    net.ipv4.tcp_keepalive_time = 3600
    # Turn on the tcp_window_scaling
    net.ipv4.tcp_window_scaling = 1
    # Turn on the tcp_sack
    net.ipv4.tcp_sack = 1
    # tcp_fack should be on because of sack
    net.ipv4.tcp_fack = 1
    # Turn on the tcp_timestamps
    net.ipv4.tcp_timestamps = 1
    # Enable TCP SYN Cookie Protection
    net.ipv4.tcp_syncookies = 1
    # Enable ignoring broadcasts request
    net.ipv4.icmp_echo_ignore_broadcasts = 1
    # Disable ICMP Redirect Acceptance
    net.ipv4.conf.all.accept_redirects = 0
    # Enable bad error message Protection
    net.ipv4.icmp_ignore_bogus_error_responses = 1
    # Don’t Log Spoofed Packets, Source Routed Packets, Redirect Packets
    net.ipv4.conf.all.log_martians = 0
    # Make more local ports available
    net.ipv4.ip_local_port_range = 1024 65000
    # Increase maximum amount of memory allocated to shm
    kernel.shmmax = 1073741824
    # Improve file system performance
    vm.bdflush = 100 1200 128 512 15 5000 500 1884 2
    # This will increase the amount of memory available for socket input/output queues
    net.ipv4.tcp_rmem = 4096 25165824 25165824
    net.core.rmem_max = 25165824
    net.core.rmem_default = 25165824
    net.ipv4.tcp_wmem = 4096 65536 25165824
    net.core.wmem_max = 25165824
    net.core.wmem_default = 65536
    net.core.optmem_max = 25165824

    # If you are feeling daring, you can also use these settings below, otherwise just remove them. (Should increase performance)

    net.core.netdev_max_backlog = 2500
    net.ipv4.tcp_tw_recycle = 1
    net.ipv4.tcp_tw_reuse = 1

  2. fcicq said,

    July 29, 2007 @ 14:07:59

    net.ipv4.tcp_rmem = 4096 25165824 25165824
    net.core.rmem_max = 25165824
    net.core.rmem_default = 25165824
    net.ipv4.tcp_wmem = 4096 65536 25165824
    net.core.wmem_max = 25165824
    net.core.wmem_default = 65536

  3. fcicq said,

    July 29, 2007 @ 14:08:29

    # Disables packet forwarding
    net.ipv4.ip_forward=0

    # Disables IP source routing
    net.ipv4.conf.all.accept_source_route = 0
    net.ipv4.conf.lo.accept_source_route = 0
    net.ipv4.conf.eth0.accept_source_route = 0
    net.ipv4.conf.default.accept_source_route = 0

    # Enable IP spoofing protection, turn on source route verification
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.lo.rp_filter = 1
    net.ipv4.conf.eth0.rp_filter = 1
    net.ipv4.conf.default.rp_filter = 1

    # Disable ICMP Redirect Acceptance
    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.lo.accept_redirects = 0
    net.ipv4.conf.eth0.accept_redirects = 0
    net.ipv4.conf.default.accept_redirects = 0

    # Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
    net.ipv4.conf.all.log_martians = 0
    net.ipv4.conf.lo.log_martians = 0
    net.ipv4.conf.eth0.log_martians = 0

    # Disables IP source routing
    net.ipv4.conf.all.accept_source_route = 0
    net.ipv4.conf.lo.accept_source_route = 0
    net.ipv4.conf.eth0.accept_source_route = 0
    net.ipv4.conf.default.accept_source_route = 0

    # Enable IP spoofing protection, turn on source route verification
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.lo.rp_filter = 1
    net.ipv4.conf.eth0.rp_filter = 1
    net.ipv4.conf.default.rp_filter = 1

    # Disable ICMP Redirect Acceptance
    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.lo.accept_redirects = 0
    net.ipv4.conf.eth0.accept_redirects = 0
    net.ipv4.conf.default.accept_redirects = 0

    # Disables the magic-sysrq key
    kernel.sysrq = 0

    # Decrease the time default value for tcp_fin_timeout connection
    net.ipv4.tcp_fin_timeout = 15

    # Decrease the time default value for tcp_keepalive_time connection
    net.ipv4.tcp_keepalive_time = 1800

    # Turn off the tcp_window_scaling
    net.ipv4.tcp_window_scaling = 0

    # Turn off the tcp_sack
    net.ipv4.tcp_sack = 0

    # Turn off the tcp_timestamps
    net.ipv4.tcp_timestamps = 0

    # Enable TCP SYN Cookie Protection
    net.ipv4.tcp_syncookies = 1

    # Enable ignoring broadcasts request
    net.ipv4.icmp_echo_ignore_broadcasts = 1

    # Enable bad error message Protection
    net.ipv4.icmp_ignore_bogus_error_responses = 1

    # Log Spoofed Packets, Source Routed Packets, Redirect Packets
    net.ipv4.conf.all.log_martians = 1

    # Increases the size of the socket queue (effectively, q0).
    net.ipv4.tcp_max_syn_backlog = 1024

    # Increase the tcp-time-wait buckets pool size
    net.ipv4.tcp_max_tw_buckets = 1440000

    # Allowed local port range
    net.ipv4.ip_local_port_range = 16384 65536

  4. fcicq said,

    July 30, 2007 @ 14:50:16

    配置Linux内核如何更新dirty buffers到磁盘。
    当缓冲区内的数据完全dirty,使用:sysctl -w vm.bdflush=”30 500 0 0 500 3000 60 20 0″
    vm.bdflush有9个参数,但是建议只改变其中的3个:
    1 nfract, 为排队写入磁盘前,bdflush daemon允许的缓冲区最大百分比
    2 ndirty, 为bdflush即刻写的最大缓冲区的值。如果这个值很大,bdflush需要更多的时间完成磁盘的数据更新。
    7 nfract_sync, 发生同步前,缓冲区变dirty的最大百分比。
    配置kswapd daemon,指定Linux的内存交换页数量
    sysctl -w vm.kswapd=”1024 32 64″
    三个参数的描述如下:
    – tries_base 相当于内核每次所交换的“页”的数量的四倍。对于有很多交换信息的系统,增加这个值可以改进性能。
    – tries_min 是每次kswapd swaps出去的pages的最小数量。
    – swap_cluster 是kswapd 即刻写如的pages数量。数值小,会提高磁盘I/O的性能;数值大可能也会对请求队列产生负面影响。
    如果要对这些参数进行改动,请使用工具vmstat检查对性能的影响。其它可以改进性能的虚拟内存参数为:
    _ buffermem
    _ freepages
    _ overcommit_memory
    _ page-cluster
    _ pagecache
    _ pagetable_cache

· TrackBack URI

 
关于 Linux中系统调优的一些笔记
山河已无恙
10-24 5002
我突然又明白,死亡是聪明的兄长,我们可以放心地把自己托付给他,他会知道在我们有所准备的适当时刻前来。我也突然懂得,原来痛苦、失望和悲愁不是为了惹恼我们,使我们气馁或者无地自容;它们的存在,是为了使我们心智成熟,臻于完善。—赫尔曼·黑塞《彼得·卡门青》...
Linux: sysctlsysctl 配置选项说明
mzhan017的博客
06-16 1130
带有非法地址的包,称为martians 包,火星包。
optimize:调整现代 Linux 系统以获得更好的桌面性能
06-17
优化 调整现代 Linux 系统以获得更好的桌面性能。 欢迎请求额外的调整! 要求 猛击 ,用于与配置相关的调整 快速手动安装setconf 下载文件并将其解压缩到临时目录并安装可执行文件和手册页。 (如果您不想使用 sudo,请以 root 身份运行安装命令): curl -o- http://setconf.roboticoverlords.org/setconf-0.6.6.tar.xz | tar JxC /tmp sudo install -Dm755 /tmp/setconf-0.6.6/setconf.py /usr/bin/setconf sudo install -Dm644 /tmp/setconf-0.6.6/setconf.1.gz /usr/share/man/man1/setconf.1.gz setconf 带有自检,如果您想检查它是否正常工作:
linux optimizer,linux命令1—安装optimizer(示例代码)
weixin_30324561的博客
05-26 279
ZendChina官方:下面介绍一下关于在linux环境下ZendOptimizer3.3的安装方法。本篇文章是基于RHEL5架构的linux系统。(1)ZendOptimizer3.3.3版本的安装。ZendOptimizer3.3.3下载地址:安装:#wgethttp://down1.chinaunix.net/distfiles/ZendOptimizer-3.3.3-linux...
Linux Optimizer 项目教程
gitblog_00626的博客
08-28 392
Linux Optimizer 项目教程 Linux-OptimizerLinux Optimizer项目地址:https://gitcode.com/gh_mirrors/li/Linux-Optimizer 1. 项目的目录结构及介绍 Linux Optimizer 项目的目录结构相对简单,主要包含以下文件和目录: LICENSE: 项目的许可证文件,采用 MIT 许可证。 README....
linux内核参数优化重要项
厚嘉的it窝
10-21 469
#optimize network performance net.ipv4.tcp_max_syn_backlog = 8192 net.ipv4.tcp_synack_retries= 3 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_syn_retries = 3 net.core.somaxconn = 262144 kernel.sysrq = 1 net.ipv4.ip_no_pmtu_disc = 1 net.ipv4.tcp_keepalive
linux下GCC编译代码的优化方法总结
行而不辍,未来可期 - King
08-16 3149
代码优化指的是编译器通过分析源代码,找出其中尚未达到最优的部分,然后对其重新进行组合,目的是改善程序的执行性能。      GCC提供的代码优化功能非常强大,它通过编译选项-On来控制优化代码的生成,其中n是一个代表优化级别的整数。      对于不同版本的GCC来讲,n的取值范围及其对应的优化效果可能并不完全相同,比较典型的范围是从0变化到2或3。      编译时使用选项-O可以告诉
Linux操作系统的系统参数调优方法
最新发布
操作系统内核探秘的博客
05-22 561
本文旨在提供一套完整的Linux系统参数调优方法论,涵盖从基础到高级的调优技术。我们将重点讨论影响系统性能的关键参数,包括内存管理、CPU调度、I/O性能和网络堆栈等方面的优化。文章首先介绍Linux性能调优的基本概念,然后深入探讨各个子系统的调优方法,最后提供实际案例和工具推荐。SysctlLinux内核运行时参数调整工具OOM Killer:内存耗尽时终止进程的机制Swappiness:控制系统使用交换分区倾向的参数:控制脏页写回磁盘的阈值参数自动化调优:机器学习驱动的自动调优系统正在兴起。
mobian与主线linux在红米5plus(vince)上的移植 (1) 编译lk2nd以及主线内核的调试
qq_59833291的博客
03-12 2756
lk2nd是一个在高通MSM设备上面运行的bootloader, 基于 CodeAurora Little Kernel fork. 它提供了一个可定制化fastboot环境(你可以在里面为所欲为比如输出' flash success,fuck you Qualcomm').lk2nd不会替换原始bootloader(lk1st)。它被打包到Android中引导映像,然后由股票引导加载程序作为“辅助”引导加载程序加载。真正的Android引导映像被放置在具有1MB偏移的引导分区中,然后用lk2nd加载。
porting linux 5.5.3 & u-boot 2020.04-rc2 to stm32f429-discovery board
Embedded System 开发记录
02-26 4714
just create a outline with kernel startup log here, will add detail steps some times later u-boot configure, compile openocd script linux configure, compile stm32 2m flash memory map use mkimag...
linux TCP流量控制
永无止境
05-28 4134
I.流量控制 TCP使用流量控制来管理数据流量。流量控制限制发送字节大小,防止接收方接收缓存溢出。   1.发送方发送数据速度比接收方处理速度高;这种情况会使接收方缓存溢出,引起数据段被丢弃   2.应用取socket中的缓存数据存在间隔,所以只会偶尔出现缓存为空的情况;比如多媒体数据的接收速度高于播放速度 所以流量控制可以避免因接收方缓存溢出而产生的数据包丢弃,引起不必要的重传 TCP
sysctl命令
啥也不是
10-30 697
本文介绍sysctl命令。一、功能该命令用于配置内核参数,sysctl配置与显示在/proc/sys目录中的内核参数。二、参数 -w 临时改变某个指定参数的值,如 sysctl -w net.ipv4.ip_forward=1-a 显示所有的系统参数 -p 从指定的文件加载系统参数,如不指定即从/etc/sysctl.conf中加载,示例如下: sysctl -p /etc/sysct
sysctlLinux内核/网络的设置说明
fishermen
01-11 350
通过/etc/sysctl.conf控制和配置Linux内核及网络设置。 #忽略icmp ping广播包,应开启,避免放大攻击 net.ipv4.icmp_echo_ignore_broadcasts = 1 # 开启恶意icmp错误消息保护 net.ipv4.icmp_ignore_bogus_error_responses = 1 # 开启SYN洪水攻击保护,表示开启...
linux 内核参数 rss,容器内核参数
weixin_29605669的博客
05-01 730
容器安全-内核参数?容器与宿主机共用内核,修改内核参数可能会影响到宿主机和其他容器。非特权容器大部分内核参数无法修改,可以修改的内核参数主要涉及到 IPC Namespace和Net Namespace,可修改内核参数需要满足3个条件docker白名单可命名空间化容器中可见docker白名单IPC Namespace kernel.msgmax kernel.msgmnb kernel.msgmn...
Linux性能优化 - CPU优化
李嘉图呀李嘉图的博客
08-22 3349
CPU优从应用程序和系统的角度,分别来看看如何才能降低CPU使用率,提高CPU的并行处理能力。
sysctl命令详解
hncdsun的专栏
12-28 11万+
个人一般sysctl -p 或sysctl -a比较多使用  sysctl配置与显示在/proc/sys目录中的内核参数.可以用sysctl来设置或重新设置联网功能,如IP转发、IP碎片去除以及源路由检查等。用户只需要编辑/etc/sysctl.conf文件,即可手工或自动执行由sysctl控制的功能。     命令格式:    sysctl [-n] [-e] -w vari
Linux系统中sysctl命令
weixin_41831919的博客
08-08 1320
sysctl 所有的参数信息运行时配置内核参数,这些参数都位于/proc/sys目录下 #sysctl -a 显示所有的运行配置信息 #sysctl -w临时修改参数信息 当被重启或执行service network restart后参数信息将会恢复原先的配置 #sysctl -p <filename>加载配置文件中的配置信息,默认为/etc/systcl.conf e...
Linux系统中sysctl命令详解 sysctl -p、sysctl -a、sysctl -w
热门推荐
phymat.nico的专栏
12-31 17万+
sysctl命令用于运行时配置内核参数,这些参数位于/proc/sys目录下。sysctl配置与显示在/proc/sys目录中的内核参数.可以用sysctl来设置或重新设置联网功能,如IP转发、IP碎片去除以及源路由检查等。用户只需要编辑/etc/sysctl.conf文件,即可手工或自动执行由sysctl控制的功能。     命令格式:     sysctl [-n] [-e] -w v
内核参数说明
zdy0_2004的专栏
12-22 5960
http://www.cnblogs.com/tolimit/p/5065761.html     因个人能力有限,不能保证所有描述都正确,还请大家集思广益,有错误的地方欢迎大家留言指正,同时也欢迎大家留言对未标注项进行补偿,谢谢。   内核参数列表 kernel.acct acct功能用于系统记录进程信息,正常结束的进程都会在该文件尾添加对应的信息。异
Linux启动加速:QUICKBOOT优化与策略
LinuxQuickBoot是一个关于Linux系统启动时间优化的重要主题,特别关注于在嵌入式设备和关键应用中实现快速启动。本文由Tristan Lelong撰写,他是一位经验丰富的嵌入式软件工程师,来自法国,专长于Linux内核和开源...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值