fs.fime-max: 381971
Operating system maximum number of file handles
fs.file-nr: 1408 0 381971
handles have been allocated, the allocated handles are not used, the maximum number of file handles
fs.nr_open: 1048576
process can allocate maximum file handles, the default is 1024 * 1024
# to note here that the adjustments made here only for the kernel, the actual use is also subject to other restrictions, refer to the following ulimit
net.core.optmem_max: 20480
each kit the maximum allowable word buffer
net.core.somaxconn: 128
connection has been established, the program waits for the accept queue length
net.core.netdev_max_backlog: 1000
network more quickly than when the queue length
net.core.rmem_default: 212992
specifies the default value of the receive socket buffer size (in bytes)
net.core.rmem_max: 212 992
specifies the maximum receive socket buffer size (in bytes).
net.core.wmem_default: 212992
define the default send window size
net.core.wmem_max: 212992
Defines the maximum size of the send window
net.ipv4.tcp_fin_timeout: 60
Time fin_wait_2 stage
net.ipv4.tcp_tw_reuse: 0
to time_wait connection status for new tcp connection
net.ipv4.tcp_tw_recycle: 0
will be in a state of connection time_wait fast recovery (and this together with the above may be a problem with above that on the line)
net.ipv4.tcp_syncookies:. 1
used when the Cookie SYN_RECV queue overflow, i.e., when the kernel modified reply packet syn, ack acknowledgment packet sequence number is not the original value, but with the source IP + Port, the purpose of IP + Port and five time parameters calculated normal requester to make the right response, but a malicious attacker could not respond
net.ipv4.tcp_keepalive_time: 7200
when the connection is not sending data, will begin to detect whether too tcp_keepalive_time online (by sending an empty data packet)
net.ipv4.tcp_keepalive_probes:. 9
tcp_keepalive_probes define several failed disconnected
net.ipv4.tcp_keepalive_intvl: 75
tcp_keepalive_intvl represents an interval of detection
net.ipv4.ip_local_port_range: 32768 60999
ranges are used as a source port
net.ipv4.tcp_max_syn_backlog: 1024
SYN queue length degree
net.ipv4.tcp_max_tw_buckets: 5000
Maximum number of TIME_WAIT state of the connection
net.ipv4.tcp_syn_retries: 6
to establish a connection when a few retries will be identified as the connection failed
net.ipv4.tcp_max_orphans: 16384
represents a tcp socket does not belong to any process the maximum number of words
net.ipv4.tcp_orphan_retries: 0
times before disposal orphaned retry
net.ipv4.tcp_mem: 88500 118001 177000
memory core to tcp connection assignment, in 4k
no memory pressure distribution memory pressure mode rejection Socket
net.ipv4 .tcp_wmem: 4096 16384 4194304
memory socket transmit buffer for each use, bytes
allocated the minimum default (wmem_default is covered) the maximum
net.ipv4.tcp_wmem: 4096 87380 6291456
reading of each socket used memory fetch buffer, in bytes
minimum value default value assigned (wmem_default will be covered) Max
vm.swappiness: 0
the swap tendency, 0 indicates the maximum physical memory
to modify the parameters of the kernel mode
temporarily applied:
1. echo command value directly modify proc / / sys corresponding file
2. Use sysctl -w temporarily modify the parameters
permanent:
modify /etc/sysctl.conf configuration file, then use sysctl -p reload the configuration file
umilit command
ulimit is a shell built-in commands, can limit the current resource shell and start the process occupied, so sometimes after adjusting kernel parameters also need to see if there are restrictions in uimit
view and modify the way
temporary: ulimit command
-a: View All resource limits
-n: maximum number of open files
permanently: /etc/security/limits.conf
Note: The
only part of the more commonly used parameters listed 1. Here, if you need to configure or more query parameters, we recommend check the official document https://www.kernel.org/doc/html/latest/
2. listed here the parameters are default parameters Ali cloud server 2 nuclear 4g
3. Some network-related parameters can refer http://man7.org/linux/man-pages/man7/tcp.7.html