Linux系統(tǒng)優(yōu)化部分內(nèi)核參數(shù)調(diào)優(yōu)中文注釋

命運之輪 2010-04-20

展開全文

應(yīng)用服務(wù)器sysctl.conf部分參數(shù)
## network configurations
net.ipv4.ip_forward = 0 # IP packet forwarding
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_tw_recycle=1
net.ipv4.tcp_fin_timeout=30 #60,每條至多占 1.5K 的內(nèi)存
net.ipv4.tcp_keepalive_time=1800 #7200
net.core.netdev_max_backlog=3000 #1000每個網(wǎng)絡(luò)接口接收數(shù)據(jù)包的速率比內(nèi)核處理這些包的速率快時，允許送到隊列的數(shù)據(jù)包的最大數(shù)目
net.ipv4.tcp_max_syn_backlog=4096 #1024 增加TCP SYN隊列長度，使系統(tǒng)可以處理更多的并發(fā)連接
net.core.wmem_default = 2097152 #108544,系統(tǒng)套接字緩沖區(qū)
net.core.rmem_default = 2097152 #108544,系統(tǒng)套接字緩沖區(qū)
net.core.rmem_max=16777216   #131071,系統(tǒng)套接字緩沖區(qū)
net.core.wmem_max=16777216 #131071,系統(tǒng)套接字緩沖區(qū)
net.ipv4.tcp_rmem=4096 87380 16777216 #4096   87380   174760, TCP接收緩沖區(qū)
net.ipv4.tcp_wmem=4096 65536 16777216 #4096 16384   131072, TCP發(fā)送緩沖區(qū)
net.ipv4.tcp_mem = 786432 1048576 1572864 # Out of socket memory
net.ipv4.tcp_syncookies=1 #0,防SyncFlood攻擊
net.ipv4.ip_local_port_range = 32768 61000 #用于向外連接的端口范圍,這是默認(rèn)值
net.ipv4.tcp_max_tw_buckets = 5000 #180000,同時保持TIME_WAIT套接字的最大數(shù)量
#以下可能需要加載ip_conntrack模塊 modprobe ip_conntrack
# net.ipv4.ip_conntrack_max=6553600
# net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 1800
# net.ipv4.netfilter.ip_conntrack_max=6553600
# net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait=120
# net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait=60
# net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait=120
# net.ipv4.icmp_echo_ignore_all = 1 #0, Disable ping requests
# net.ipv4.icmp_echo_ignore_broadcasts = 1 #1, Enable ignoring broadcasts request
net.ipv4.neigh.default.gc_thresh3 = 40960 #1024
net.ipv4.neigh.default.gc_thresh2 = 20480 #512
net.ipv4.neigh.default.gc_thresh1 = 10240 #128
##以上三條語句可以解決內(nèi)核中出現(xiàn)的如下兩行錯誤
#Linux kernel: printk: xxxxx messages suppressed.
#Linux kernel: Neighbour table overflow.

## system configurations
fs.file-max = 372901 #23712, 整個系統(tǒng)所有可打開文件總數(shù)的限制, 可按256/4M內(nèi)存計算值。
# ulimit -n 10000 #某一程序可打開文件總數(shù)的限制
# kernel.ctrl-alt-del = 1 #0,Disable CTR+ALT+DEL Restart Keys

附:sysctl.conf
fs.file-max = 372901
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_tw_recycle=1
net.ipv4.tcp_fin_timeout=30
net.ipv4.tcp_keepalive_time=1800
net.core.netdev_max_backlog=3000
net.ipv4.tcp_max_syn_backlog=4096
net.core.wmem_default = 2097152
net.core.rmem_default = 2097152
net.ipv4.tcp_rmem=4096 87380 16777216
net.core.rmem_max=33554432
net.ipv4.tcp_wmem=4096 65536 16777216
net.core.wmem_max=33554432
net.ipv4.tcp_mem = 786432 1048576 1572864
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_max_tw_buckets = 180000
net.ipv4.ip_conntrack_max=6553600
net.ipv4.netfilter.ip_conntrack_max=6553600
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait=60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait=30
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait=60
net.ipv4.ip_local_port_range = 32768 61000