The following two files are typically modified to configure the TCP/IP parameter configuration and the maximum file descriptor.

  • /etc/sysctl.conf
  • /etc/security/limits.conf

TCP/IP parameter Settings

Modify the /etc/sysctl.conf file and set TCP/IP network parameters.

net.ipv4.tcp_wmem = 4096 87380 4161536
net.ipv4.tcp_rmem = 4096 87380 4161536
net.ipv4.tcp_mem = 786432 2097152 3145728
Copy the code

The /sbin/sysctl -p command takes effect immediately.

Maximum file descriptor

The Linux kernel itself has a maximum limit on file descriptors.

  1. /proc/sys/fs/file-max
  2. ulimit -n
  3. /proc/sys/fs/nr_open

Maximum number of open file descriptors in the system [cat /proc/sys/fs/file-max]

Add the configuration of file-max to the /etc/sysctl.conf file.

fs.file-max = 1000000
Copy the code

Maximum number of open file descriptors for a process [ulimit -n]

Modify the file/etc/security/limits. Conf, increase the ulimit configuration.

*         hard    nofile      1000000
*         soft    nofile      1000000
root      hard    nofile      1000000
root      soft    nofile      1000000
Copy the code

Maximum number of open file handles for a single process [echo 2000000 > /proc/sys/fs/nr_open]

The hard limit cannot be greater than /proc/sys/fs/nr_open.

conclusion

  1. Number of open file descriptors for all processes <=/proc/sys/fs/file-max
  2. Number of open file descriptors for a single process <=soft limit(ulimit – Sn)
  3. soft limit< =hard limit(ulimit – Hn)
  4. hard limit< =/proc/sys/fs/nr_open
  5. Temporary modification file in/proc/sys/net/ipv4/

reference

Optimize the Linux kernel parameters to improve the concurrent processing capability of the server. Nginx does the Optimization of the Linux kernel parameters of the Web server

Common production environment parameters

Net.core.net dev_max_backlog = 400000 # This parameter determines the maximum number of packets that can be sent to the queue if the network device receives packets faster than the kernel can process them. Net.core. optmem_max = 10000000 # This parameter specifies the maximum buffer size allowed per socket net.core.rmem_default = 10000000 # Specifies the default value (in bytes) for the buffer size of the received socket. Net.core. rmem_max = 10000000 # Specifies the maximum buffer size (in bytes) for the received socket. Net.core. Wmem_default = 11059200 # Define the default send window size; This size should also be larger for a larger BDP. Net.core. wmem_max = 11059200 # define the maximum size of the send window; This size should also be larger for a larger BDP. Net.ipv4.conf.all. rp_filter = 1 net.ipv4.conf.default.rp_filter = 1 # Rigorous mode 1 (recommended) # Loose mode 0 net.ipv4.tcp_CONGestion_control Tcp_window_scaling = 0 # disable tcp_window_scaling # enable window scaling as defined in RFC 1323; This value must be enabled to support Windows larger than 64KB. Net.ipv4. tcp_ECn = 0 # Turn off TCP direct congestion notification (tcp_ECn) net.ipv4.tcp_sack = 1 # Turn off tcp_sack # Enable Selective Acknowledgment, This can improve performance by selectively replying to messages received out of order (thus allowing the sender to send only the missing segments); # (for wan communication) This option should be enabled, but it increases CPU usage. Net.ipv4. tcp_max_syn_backlog = 8192 # Indicates the length of the SYN queue. The default value is 1024. Change to 8192 to accommodate more network connections waiting to be connected. Net.ipv4. tcp_syncookies = 1 # SYN Cookies are enabled. When SYN overflow occurs, cookies are enabled to prevent a small number of SYN attacks. The default value is 0, indicating that the SYN wait queue is disabled. Net.ipv4. tcp_timestamps = 1 # Enable TCP timestamps # enable the calculation of RTT in a more precise way than sending timeouts (see RFC 1323); This option should be enabled for better performance. Net.ipv4. tcp_tw_reuse = 1 # Indicates that reuse is enabled. Allow time-Wait Sockets to be re-used for new TCP connections. Default is 0, indicating closure. Net.ipv4. tcp_TW_recycle = 1 # Fast recovery of time-wait Sockets from TCP connections is enabled. The default value is 0. Net.ipv4. tcp_fin_TIMEOUT = 10 # Indicates that if the socket is closed at the request of the local end, this parameter determines how long it will remain in fin-WaIT-2 state. Net.ipv4. tcp_keepalive_time = 1800 # Indicates the frequency at which TCP sends keepalive messages when Keepalive is enabled. The default value is 2 hours. The default value is 30 minutes. Net.ipv4. tcp_keepalive_probes = 3 # Net.ipv4. tcp_keepalive_intvl = 15 # The interval between keepalive packets to be sent net.ipv4.tcp_mem # Determine how the TCP stack should reflect memory usage; Each value is in pages of memory (typically 4KB). The first value is the lower limit of memory usage. The second value is the upper limit at which memory pressure mode starts to apply pressure to the buffer. The third value is the memory limit. At this level, packets can be discarded to reduce memory usage. You can increase these values for larger BDP (but remember that they are in pages of memory, not bytes). Net.ipv4. tcp_rmem # is similar to tcp_wmem, except that it represents the value of the receive buffer used for automatic tuning. Net.ipv4.tcp_wmem = 30000000 30000000 30000000 30000000 # Define the memory used by each socket for automatic tuning. The first value is the minimum number of bytes allocated to the socket's send buffer. The second value is the default value (overridden by wmem_default) to which the buffer can grow without heavy system load. The third value is the maximum number of bytes in the send buffer space (this value is overridden by wmem_max). Net.ipv4. ip_local_port_range = 1024 65000 # Indicates the range of ports used for outbound connections. The default value is small: 32768 to 61000, changed to 1024 to 65000. Net.ipv4. tcp_slow_start_after_IDLE = 0 # Disable slow start of TCP connection transport, That is, to rest for a period of time, and then initialize the congestion window. Net.ipv4.route. gc_timeout = 100 # Route cache refresh rate, how long it takes to jump to another route when one route fails. Default is 300. Net.ipv4. tcp_syn_retries = 1 # Number of SYN packets to be sent before the kernel distries the connection. Net.ipv4. icmp_echo_ignore_broadcasts = 1 # Avoid amplified attacks net.ipv4.icmp_ignore_bogus_error_responses = 1 # Enable malicious ICMP error message protection Net. Inet. Udp. The checksum = 1 # to prevent incorrect udp packet attack net. Ipv4. Conf. Default. Accept_source_route = 0 # whether to accept IP packet containing the source routing information. The parameter value is a Boolean value, where 1 indicates acceptance and 0 indicates rejection. # The default value is 1 on Linux hosts that act as gateways and 0 on normal Linux hosts. # For security reasons, I suggest you turn this feature off.Copy the code