Summary of Oracle system kernel parameters, resource limits and ipcs related commands

One, oracle kernel parameters

The Oracle kernel parameter configuration file is in the /etc/sysctl.conf path:

vi /etc/sysctl.conf
# System default settings live in /usr/lib/sysctl.d/00-system.conf.
# To override those settings, enter new settings here, or in an /etc/sysctl.d/<name>.conf file
#
# For more information, see sysctl.conf(5) and sysctl.d(5).

#ORACLE SETTING
kernel.shmmax = 64424509440
kernel.shmmni = 4096
kernel.shmall = 15728640
kernel.sem = 5010 641280 5010 128
net.ipv4.ip_local_port_range = 9000 65500
net.core.rmem_default = 262144
net.core.rmem_max = 4194304
net.core.wmem_default = 262144
net.core.wmem_max = 1048586
fs.aio-max-nr = 1048576
fs.file-max = 6815744

1. Kernel.shmall: The maximum number of shared memory pages, which refers to the maximum number of shared memory segments that the system can use at one time. The
Linux shared memory page size in units of pages is 4KB (the page size in the RedHat linux system is 4096 or 4K, The actual environment is subject to the result of getconf PAGE_SIZE), the size of the shared memory segment is an integer multiple of the shared memory page size. The maximum size of a shared memory segment can be set to 16G, and the corresponding number of shared memory pages required is 16GB/4KB=16777216KB/4KB=4194304 (pages).
The parameter value is optimized according to the system memory size.

 ORACLE默认是2097152            
  1G*1024*1024/4=262144
  kernel.shmall = 1G/4k=1048576k/4k=262144    ---内存1G
  kernel.shmall = 2G/4k=2097152k/4k=524288    ---内存2G
  kernel.shmall = 4G/4k=4194304k/4k=1048576    ---内存4G
  kernel.shmall = 8G/4k=8388608k/4k=2097152    ---内存8G
  kernel.shmall = 16G/4k=16777216k/4k=4194304    ---内存16G
  kernel.shmall = 32G/4k=33554432k/4k=8388608    ---内存32G
  kernel.shmall = 64G/4k=67108864k/4k=16777216   ---内存64G

2. Kernel.shmmax: The maximum value of a single shared memory segment, in bytes.
shmmax is one of the most important parameters in the core parameters. It is used to define the maximum value of a single shared memory segment. The shmmax setting should be large enough and greater than The value of sga-max-size in Oracle, otherwise it will cause oracle performance degradation, generally 32bit operating system, directly set to the maximum memory supported by the system, 64bit operating system can be set greater than the value of sga-max-size, in general The maximum shared memory can be set to half of the physical memory. If the physical memory is 1G, the maximum shared memory can be set to 512 1024 1024 = 536870912; and so on, the maximum shared memory on redhat is not recommended to exceed 410241024*1024-1= 4294967295.

 32位的操作系统4G最大值 4294967295  
 64位操作系统1G*1024*1024*1024-1即一个G{（1G*1073741824）-1}
kernel.shmmax = 2147483647    ---内存2G
kernel.shmmax = 4294967295    ---内存4G
kernel.shmmax = 8589934592    ---内存8G
kernel.shmmax = 12884901887    ---内存12G
kernel.shmmax = 17179869184    ---内存16G
kernel.shmmax = 34359738368    ---内存32G
kernel.shmmax = 68719476736    ---内存64G

3. Kernel.shmmni: The minimum number of shared memory segments
oracle sets the default value to 4096, which is generally sufficient and does not require adjustment

4. Kernel.sem: Corresponding to 4 values
SEMMSL, SEMMNS, SEMOPM, SEMMNI

(1) SEMMSL: The maximum number of signals per signal set.
When the PROCESSES parameter in the oracle DB initialization parameter file is large, you need to adjust the SEMAPHORES setting. SEMMSL should be set to the largest PROCESSES parameter in each instance in the server +10, for example, when When the largest PROCESSES parameter is 5000, SEMMSL should be set to 5010. Oracle recommends setting the value of SEMMSL to not less than 100.
View oracle's maximum number of connections command:

select * from v$license;

(2) SEMMNS: Used to control the maximum number of signals (not signal sets) in the entire Linux system.
Oracle recommends that SEMMNS be set to: the sum of the PROCESSES instance parameter settings of each database in the system, plus twice the maximum PROCESSES value, and finally, add 10 to each according to the number of Oracle databases in the system.
The SEMMNS parameter should be set to SEMMSLSEMMNI, the SEMMSL is 5010, and the SEMMNS parameter should be (5010128)=641280

(3) SEMOPM: Kernel parameters are used to control the number of signal operations that can be performed for each semop system call. The semop system call (function) provides the function of using one semop system call to complete multiple signal operations. A signal set can have the maximum number of SEMMSL signals in each signal set, so it is recommended to set SEMOPM equal to SEMMSL, and Oracle recommends that the value of SEMOPM be set to not less than 100.

(4) SEMMNI: The kernel parameter is used to control the maximum number of signal sets in the entire Linux system.
Oracle recommends setting the value of SEMMNI to not less than 100.

以默认的配置kernel.sem = 250 32000 100 128为例：
250是参数semmsl的值，表示一个信号量集合中能够包含的信号量最大数目。
32000是参数semmns的值，表示系统内可允许的信号量最大数目。
100是参数semopm的值，表示单个semopm()调用在一个信号量集合上可以执行的操作数量。
128是参数semmni的值，表示系统信号量集合总数。

kernel.sem = 510 65280 510 128      --PROCESSES参数为500
kernel.sem = 1010 129280 1010 128    --PROCESSES参数为1000
kernel.sem = 3010 385280 3010 128     --PROCESSES参数为3000
4个值从左到右分别为semmsl、semmns、semopm和semmni
例：在oracle  ora.init文件参数中设置PROCESSES参数为5000
则semmsl=5010,semmni=128，semmns=semmsl* semmni=641280
另外semopm建议设置等于semmsl值即5010
那么kernel.sem=5010 641280 5010 128

alter system set processes=1000 scope=spfile;  
alter system set sessions=1522 scope=spfile; 

Pay attention to the difference between the different settings of
the version: The version before oracle11gR2: sessions=processes1.1+5
The version after oracle11gR2: sessions=processes1.5+22

5, fs.aio-max-nr = 1048576
refers to the maximum allowed by the system asynchronous IO request size as the default setting oracle 1M i.e. 1048576, generally do not change
. 6, max = fs.file-6815744
fs.file-max means that the system can be opened The
recommended setting for the maximum number of file handles : fs.file-max=512processes=6.51024*1024=6.5M

Two, other kernel parameters

(1) Kernel TCP related parameters are all under /proc/sys/net/ipv4, with the following options

tcp_abort_on_overflow
tcp_adv_win_scale
tcp_allowed_congestion_control
tcp_app_win
tcp_autocorking
tcp_available_congestion_control
tcp_base_mss
tcp_challenge_ack_limit
tcp_congestion_control
tcp_dsack
tcp_early_retrans
tcp_ecn
tcp_fack
tcp_fastopen
tcp_fastopen_key
tcp_fin_timeout
tcp_frto
tcp_invalid_ratelimit
tcp_keepalive_intvl
tcp_keepalive_probes
tcp_keepalive_time
tcp_limit_output_bytes
tcp_low_latency
tcp_max_orphans
tcp_max_ssthresh
tcp_max_syn_backlog
tcp_max_tw_buckets
tcp_mem
tcp_min_tso_segs
tcp_moderate_rcvbuf
tcp_mtu_probing
tcp_no_metrics_save
tcp_notsent_lowat
tcp_orphan_retries
tcp_reordering
tcp_retrans_collapse
tcp_retries1
tcp_retries2
tcp_rfc1337
tcp_rmem
tcp_sack
tcp_slow_start_after_idle
tcp_stdurg
tcp_synack_retries
tcp_syncookies
tcp_syn_retries
tcp_thin_dupack
tcp_thin_linear_timeouts
tcp_timestamps
tcp_tso_win_divisor
tcp_tw_recycle
tcp_tw_reuse
tcp_window_scaling
tcp_wmem
tcp_workaround_signed_windows

(2) ARP related kernel parameters, ARP cache limit explanation:

net.ipv4.neigh.default.gc_thresh1  在该值以下不gc，常驻缓存
net.ipv4.neigh.default.gc_thresh2  soft limit，可以临时超过该值，但只能保留5秒，之后会被gc掉
net.ipv4.neigh.default.gc_thresh3  hard limit，超过该值，就立即gc掉

(3) The number of TCP-related connections:

tcp_max_syn_backlog: 半连接队列，是指定所能接受SYN同步包的最大客户端数量，即半连接上限；
somaxconn: 全连接队列，指服务端所能accept即处理数据的最大客户端数量，即完成连接上限。
tcp_max_syn_backlog：默认值为256
somaxconn：默认值为128，对应socket编程中的backlog，min{somaxconn,backlog}为实际值; 可以使用 ss -lnt中Recv-Q查看对列是否满

(4) About net-related parameters

net.ipv4.ip_local_port_range = 9000 65500
net.core.rmem_default = 262144
net.core.rmem_max = 4194304
net.core.wmem_default = 262144
net.core.wmem_max = 1048586
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.core.somaxconn = 262144
net.core.netdev_max_backlog = 262144
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 30

The function notes of the corresponding parameters:
net.ipv4.ip_local_port_range indicates the IPv4 port range that the application can use. The recommended port range before oracle10g is 1024 65000, and the recommended port range for oracle11g is 9000 65500

net.core.rmem_default represents the default value of the socket receive buffer size oracle recommends setting it to 265K or 262144

net.core.rmem_max indicates the maximum socket receive buffer size oracle10g and previous versions are recommended to be set to 256k or 262144 oracle11g is recommended to be set to 4M or 4194304

net.core.wmem_default represents the default value of the socket send buffer size oracle recommends setting it to 265K or 262144

net.core.wmem_max represents the maximum size of the socket send buffer size for oracle10g and previous versions, the recommended setting is 256k, which is 262144 oracle11g, which is recommended to be set to 1M, which is 1048576

net.ipv4.tcp_tw_reuse enables reuse. Allow TIME-WAIT sockets to be reused for new TCP connections

net.ipv4.tcp_tw_recycle Enable timewait fast recycling

net.ipv4.tcp_syncookies enable SYN Cookies, when the SYN waiting queue overflows, enable cookies to process

net.core.somaxconn In the web application, the backlog of the listen function will limit the net.core.somaxconn of the kernel parameter to 128 by default, while the NGXLISTENBACKLOG defined by nginx defaults to 511, so it is necessary to adjust this value

net.core.netdev_max_backlog The maximum number of data packets that are allowed to be sent to the queue when the rate at which each network interface receives packets is faster than the rate at which the kernel processes these packets

net.ipv4.tcp_max_orphans The maximum number of TCP sockets in the system that are not associated with any user file handle. If this number is exceeded, the connection will be reset immediately and a warning message will be printed out. This limit is just to prevent simple DoS***, you can't rely on it too much or artificially reduce this value, you should increase this value (if the memory is increased)

net.ipv4.tcp_max_syn_backlog records the maximum number of connection requests that have not yet received client confirmation. For systems with 128M memory, the default value is 1024, and for systems with small memory, it is 128

net.ipv4.tcp_timestamps timestamp can avoid the winding of the serial number. A 1Gbps link will definitely encounter the serial number used before. The timestamp allows the kernel to accept such "abnormal" packets. You need to turn it off here

net.ipv4.tcp_synack_retries In order to open the connection of the opposite end, the kernel needs to send a SYN with an ACK in response to the previous SYN. This is the second handshake in the so-called three-way handshake. This setting determines the number of SYN+ACK packets sent before the kernel gives up the connection

net.ipv4.tcp_syn_retries The number of SYN packets sent before the kernel gives up establishing a connection

net.ipv4.tcp_fin_timeout If the socket is closed by the local request, this parameter determines how long it will stay in the FIN-WAIT-2 state. The peer can make mistakes and never close the connection, or even crash unexpectedly. The default value is 60 seconds. The usual value of the 2.2 kernel is 180 seconds, 3 you can press this setting, but remember that even if your machine is a lightly loaded WEB server, there is a risk of memory overflow due to a large number of dead sockets, FIN -WAIT-2 is less dangerous than FIN-WAIT-1, because it can only eat up to 1.5K of memory, but their lifetime is longer

net.ipv4.tcp_keepalive_time When keepalive is enabled, how often TCP sends keepalive messages. The default is 2 hours

After configuring these, use the following command to reload to take effect

sysctl -p

3. About resource restrictions

vi /etc/security/limits.conf
oracle soft nproc 2048
oracle hard nproc 16384
oracle soft nofile 1024
oracle hard nofile 65536

1. The difference between "soft" and "hard"

soft  xxx  : 代表警告的设定，可以超过这个设定值，但是超过后会有警告。

hard  xxx  : 代表严格的设定，不允许超过这个设定的值。

For example: soft is set to 2048, hard is set to 16384, you can use it casually when the used number is between 1-2048, when the used number is between 2048-16384, a warning message will appear, if it is greater than 16384, an error will be reported.

2. The difference between "nproc" and "nofile"

nproc  : 是操作系统级别对每个用户创建的进程数的限制

nofile : 是每个进程可以打开的文件数的限制

3. Modify the configuration of the system and
open /etc/security/limits.conf (some systems are in /etc/security/limits.d/90-nproc.conf)

设置限制数量，第一列表示用户，* 表示所有用户

soft nproc ：单个用户可用的最大进程数量(超过会警告);
hard nproc：单个用户可用的最大进程数量(超过会报错);
soft nofile  ：可打开的文件描述符的最大数(超过会警告);
hard nofile ：可打开的文件描述符的最大数(超过会报错);

4. Remarks

1）一般soft的值会比hard小，也可相等。
2）/etc/security/limits.d/里面配置会覆盖/etc/security/limits.conf的配置
3）只有root用户才有权限修改/etc/security/limits.conf
4）如果limits.conf没有做设定，则默认值是1024

Four, about the ipcs command to view shared memory, message queue, semaphore usage

(1) The ipcs -l command can view the system limit information of each resource, and you can see the maximum semaphore set and semaphore number limit allowed by the system, and the maximum number of messages in the message queue.

[oracle@localhost ~]$ ipcs -l

------ Messages Limits --------
max queues system wide = 7578
max size of message (bytes) = 8192
default max size of queue (bytes) = 16384

------ Shared Memory Limits --------
max number of segments = 4096
max seg size (kbytes) = 524288
max total shared memory (kbytes) = 18014398442373116
min seg size (bytes) = 1

------ Semaphore Limits --------             信号量限制
max number of arrays = 128                   最大数组数量
max semaphores per array = 250               每个数组的最大信号量数目
max semaphores system wide = 32000           系统最大信号量数
max ops per semop call = 100                 每次信号量调用最大操作数
semaphore max value = 32767                  信号量最大值

(2) The ipcs -u command can view the summary information of the use of each resource, in which you can see the number of semaphore sets used, the number of semaphores, and the total number of messages currently used in the message queue and the space occupied Number of bytes

[oracle@localhost ~]$ ipcs -u

------ Messages Status --------
allocated queues = 0
used headers = 0
used space = 0 bytes

------ Shared Memory Status --------
segments allocated 5
pages allocated 40
pages resident  40
pages swapped   0
Swap performance: 0 attempts     0 successes

------ Semaphore Status --------  信号量状态
used arrays = 2                           已使用数组
allocated semaphores = 168       已分配信号量数

(3) The ipcs -p command can get messages between processes related to shared memory and message queues

[oracle@localhost ~]$ ipcs -p

------ Message Queues PIDs --------
msqid      owner      lspid      lrpid     

------ Shared Memory Creator/Last-op PIDs --------
shmid      owner      cpid       lpid      
32768      root       12624      6914 

(4) ipcs -a View all information of the currently used shared memory, message queue and semaphore

[oracle@localhost ~]$ ipcs -a

------ Message Queues --------
key        msqid      owner      perms      used-bytes   messages    

------ Shared Memory Segments --------
key        shmid      owner      perms      bytes      nattch     status      
0x6c001f61 32768      root       600        292944     6                       

------ Semaphore Arrays --------
key        semid      owner      perms      nsems     
0x7a001f61 163840     oracle     600        12        
0x00000000 196609     nobody     600        1         
0x00000000 262146     nobody     600        1         
0x00000000 294915     nobody     600        1         
0x00000000 327684     nobody     600        1         
0x00000000 491525     nobody     600        1   

(5) Other parameters of ipcs

ipcs -m　　查看系统共享内存信息
ipcs -q　　查看系统消息队列信息
ipcs -s　　查看系统信号量信息
ipcs -t　　查看最新调用IPC资源的详细时间
ipcs -c　　查看IPC的创建者和所有者
额外格式控制：
ipcs -l --human　以人类可以阅读的方式显示size