Linux optimization combat (system optimization at the network and system levels)
The optimization of kernel parameters must modify the parameters of the kernel, and there are two ways to modify the parameters.
1. Use the echo value method to directly append to the file, such as echo "1" >/proc/sys/net/ipv4/tcp_syn_retries, but this method will restore to the default value after restarting the device
2. Add the parameters to /etc/sysctl.conf, and then execute sysctl -p to make the parameters take effect and take effect permanently
Of course, it is recommended to use a permanent method, because the optimized parameters are basically optimized for the network level and will not cause major damage to the system.
The commonly used kernel optimization parameters are as follows:
net.ipv4.ip_default_ttl=128# Pretend to be a Windows host, the ttl value when pinging this machine is 128, and the Linux system is 64.
net.ipv4.tcp_syn_retries = 1# indicates the number of times the machine initiates TCP SYN connection timeout retransmissions. In layman's terms, the number of reconnections after the tcp handshake fails does not exceed #2, because when the traffic is too large, the network resources will be very large. It's almost exhausted, small stations can increase the value, and large stations should not be too large.
net.ipv4.tcp_synack_retries = 1# Same as above, in fact, 1 is a symbolic reconnection, which means that you have done your best. Really there is a problem with the network, no matter how big it is.
net.ipv4.tcp_keepalive_time = 600#If a TCP connection has been inactive for 600 seconds, the kernel will initiate a probe. If the probe 3 times (15 seconds each time) is unsuccessful, the inner# core will give up completely, thinking that the connection has failed .
net.ipv4.tcp_keepalive_probes = 3#The three keepalives are together
net.ipv4.tcp_keepalive_intvl =15#These three keeps are together
net.ipv4.tcp_retries2 = 5#
net.ipv4.tcp_fin_timeout = 2#Reduce the time in the waiting-connection state, similar to network spam links, so that the system can handle more connections
net.ipv4.tcp_max_tw_buckets = 36000# The system maintains the maximum number of TIME_WAIT sockets at the same time. If this number is exceeded, the TIME_WAIT socket will be cleared immediately and a warning message will be printed.
net.ipv4.tcp_tw_recycle = 1# Turn on the TIME-WAIT socket reuse function, which is very effective for web servers with a large number of connections, indicating that sockets in the TIME_WAIT state are allowed to be reused for new TCP connections
net.ipv4.tcp_tw_reuse = 1#Open the TIME-WAIT socket reuse function, which is very effective for web servers with a large number of connections
net.ipv4.tcp_max_orphans = 32768# The system can handle the maximum number of TCP sockets that do not belong to any process, and set the maximum number of tcp sockets allowed in the system that are not associated with any user file handle. If this number is exceeded, the tcp socket characters that are not associated with the user's file handle will be reset immediately and a warning message will be given. This restriction is just to prevent simple DoS tools. Generally, when the system memory is sufficient, the assignment of this parameter can be increased
net.ipv4.tcp_syncookies = 1#Prevent flood attacks
net.ipv4.tcp_max_syn_backlog = 16384#Enter the maximum request queue of SYN packets. The default is 1024
net.ipv4.ip_local_port_range = 1024 65000# The port range provided by this machine for external connections
net.ipv4.ip_conntrack_max = 65536#Maximum number of network connections
net.ipv4.netfilter.ip_conntrack_max=65536#
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=180#
net.core.somaxconn = 16384# The default value of the option is 128. This parameter is used to adjust the number of TCP connections initiated by the system at the same time. In high concurrent requests, the default value may cause link timeout or retransmission, so it needs to be combined with high The number of concurrent requests adjusts this value.
net.core.netdev_max_backlog = 16384# indicates that when each network interface receives data packets faster than the kernel processing these packets, the maximum number of data packets allowed to be sent to the queue, the general default value is 128 (may be different linux The value of the system is also different). The default value of NGX_LISTEN_BACKLOG defined in the nginx server is 511.
net.ipv4.tcp_wmem = 8192 131072 16777216# Define the minimum, default, and maximum values of TCP send buffer.
net.ipv4.tcp_rmem = 32768 131072 16777216# defines the minimum, default, and larger values of TCP acceptance buffer
net.ipv4.tcp_mem = 786432 1048576 1572864#Increase the maximum TCP buffer size
fs.inotify.max_queued_events = 327679
fs.inotify.max_user_instances = 128
fs.inotify.max_user_watches = 50000000#These six are best sysctl -a and write as many as you find out
[root@localhost ~]# sysctl -a | grep fs.inotify
fs.inotify.max_queued_events = 327679
fs.inotify.max_user_instances = 128#This value does not need to be queried, generally 1024 is enough.
fs.inotify.max_user_watches = 50000000
sysctl -a write as much as you find out
================================================================================
vim /etc/security/limits.conf# add the following at the end: the maximum number of open files in the system
* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* soft nproc 65535
#If 65535 is not enough, you can increase it. This is for the user level. The limits.conf file is for all users (because it is *, it means all users).
fs.file-max = 1048575# Increase the system file descriptor limit 2^20-1. This is in the sysctr.conf file and is for system modifications.
kernel.watchdog_thresh=60# To prevent the system from crashing too quickly, if the watchdog module is not selected when recompiling the kernel, no configuration is required.