1
2
|
net.core.rmem_max = 33554432 net.core.wmem_max = 33554432 |
1
2
|
net.ipv4.tcp_rmem = 4096 87380 33554432 net.ipv4.tcp_wmem = 4096 65536 33554432 |
1
2
3
|
sysctl net.ipv4.tcp_window_scaling sysctl net.ipv4.tcp_timestamps sysctl net.ipv4.tcp_sack |
1
|
[root@server1 ~] ifconfig eth0 txqueuelen 5000 |
TCP_FIN_TIMEOUT – This setting determines the time that must elapse before TCP/IP can release a closed connection and reuse its resources. During this TIME_WAIT state, reopening the connection to the client costs less than establishing a new connection. By reducing the value of this entry, TCP/IP can release closed connections faster, making more resources available for new connections. Addjust this in the presense of many connections sitting in the TIME_WAIT state:
1
|
[root@server:~] # echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout |
TCP_KEEPALIVE_INTERVAL – This determines the wait time between isAlive interval probes. To set:
1
|
[root@server:~] # echo 30 > /proc/sys/net/ipv4/tcp_keepalive_intvl |
TCP_KEEPALIVE_PROBES – This determines the number of probes before timing out. To set:
1
|
[root@server:~] # echo 5 > /proc/sys/net/ipv4/tcp_keepalive_probes |
TCP_TW_RECYCLE – This enables fast recycling of TIME_WAIT sockets. The default value is 0 (disabled). Should be used with caution with loadbalancers.
1
|
[root@server:~] # echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle |
TCP_TW_REUSE – This allows reusing sockets in TIME_WAIT state for new connections when it is safe from protocol viewpoint. Default value is 0 (disabled). It is generally a safer alternative to tcp_tw_recycle
1
|
[root@server:~] # echo 1 > /proc/sys/net/ipv4/tcp_tw_reuse |
Note: The tcp_tw_reuse setting is particularly useful in environments where numerous short connections are open and left in TIME_WAIT state, such as web servers and loadbalancers. Reusing the sockets can be very effective in reducing server load.
1
|
net.ipv4.tcp_no_metrics_save = 1 |
1
|
net.core.netdev_max_backlog = 30000 |
1
|
[root@server1 ~] # sysctl net.ipv4.tcp_available_congestion_control |
1
2
|
[root@server1 ~] # /sbin/modprobe tcp_htcp [root@server1 ~] # /sbin/modprobe tcp_cubic |
1
|
[root@server1 ~] # sysctl -w net.ipv4.tcp_congestion_control=cubic |
1
|
[root@host1 ~] # echo 5 > /proc/sys/net/ipv4/tcp_fin_timeout |
1
2
3
|
[root@host1 ~] # sysctl -w net.ipv4.tcp_max_syn_backlog="16384" [root@host1 ~] # sysctl -w net.ipv4.tcp_synack_retries="1" [root@host1 ~] # sysctl -w net.ipv4.tcp_max_orphans="400000" |
The parameter on line 1 is the maximum number of remembered connection requests, which still have not received an acknowledgment from connecting clients.
The parameter on line 2 determines the number of SYN+ACK packets sent before the kernel gives up on the connection. To open the other side of the connection, the kernel sends a SYN with a piggybacked ACK on it, to acknowledge the earlier received SYN. This is part 2 of the three-way handshake.
And lastly on line 3 is the maximum number of TCP sockets not attached to any user file handle, held by system. If this number is exceeded orphaned connections are reset immediately and warning is printed. This limit exists only to prevent simple DoS attacks, you _must_ not rely on this or lower the limit artificially, but rather increase it (probably, after increasing installed memory), if network conditions require more than default value, and tune network services to linger and kill such states more aggressively.
More information on tuning parameters and defaults for Linux 2.6 are available in the file ip-sysctl.txt, which is part of the 2.6 source distribution.
1
|
[root@server1 ~] # sysctl -w net.ipv4.route.flush=1 |
Lastly I would like to point out how important it is to have a sufficient number of available file descriptors, since pretty much everything on Linux is a file.
To check your current max and availability run the following:
1
2
|
[root@host1 ~] # sysctl fs.file-nr fs. file -nr = 197600 0 3624009 |
The first value (197600) is the number of allocated file handles.
The second value (0) is the number of unused but allocated file handles. And the third value (3624009) is the system-wide maximum number of file handles. It can be increased by tuning the following kernel parameter:
1
|
[root@host1 ~] # echo 10000000 > /proc/sys/fs/file-max |
To see how many file descriptors are being used by a process you can use one of the following:
1
2
|
[root@host1 ~] # lsof -a -p 28290 [root@host1 ~] # ls -l /proc/28290/fd | wc -l |
The 28290 number is the process id.