This paper is participating in thePerformance optimization combat record”Topic essay activity
Theoretical overview of performance problems
System performance refers to the efficiency, stability and response speed of the operating system to complete tasks. For example, when you build a Web service on Linux, the web page may be unable to be opened and the opening speed may be slow. When you encounter these problems, some people say that the Linux system is bad, but it is not the case. When an operating system completes a task, it is related to the system’s own Settings, network topology, network connection, access policy and many other links. Any problem in any link will affect the performance of the entire system. When problems occur, comprehensive investigation should be conducted from the application program, operating system, network environment and other aspects to find out the problems and then solve them.
In the application program, operating system, network environment and so on, the biggest impact is the application program and operating system two aspects, because these two aspects of the problem is not easy to detect, hidden.
System Hardware Resources
cpu
CPU is fundamental to the operation of an operating system. The speed and performance of THE CPU largely determine the performance of the system. Therefore, the more cpus, the higher the frequency, the better the performance of the server.
Currently, most cpus can only run one thread at most times. Hyperthreaded processors can handle multiple threads at the same time, which can improve performance by taking advantage of the hyperthreaded processing feature. Under Linux, hyperthreading can only be supported if the SMP kernel is running, but the more cpus installed, the less performance gain hyperthreading gets.
Possible CPU bottlenecks are db servers, dynamic Web servers, and for such applications, CPU performance and configuration should be the primary focus
memory
Memory size is also an important factor affecting Linux performance. Too little memory will block system processes, and too much memory will waste resources.
Data server, cache server, etc. For this kind of application, memory size should be the first priority.
Disk I/O
Disk I/O performance directly affects application performance. Disk RAID technology is now used to improve I/O performance.
Optimization of kernel parameters
Centos7 kernel optimization
Under the default parameters. Linux does not support high concurrency well, mainly due to the single-thread maximum open file limit, kernel TCP parameter aspects and I/O event allocation mechanism
The iptables parameters
If not necessary, disable or uninstall the iptables firewall and prevent the kernel from loading the iptables module. These modules affect the high concurrency performance
Maximum open file in a single thread
The general distribution maximum open file limit is 1024, but this is not enough
# ulimit -n 65535 Set the maximum number of open files for a single process started by root to 65535. If Operationnotpermitted is displayed, the modification fails. In fact, because the value specified in, exceeds the Linux soft or hard limit for the user to open files, you need to change the Linux soft or hard limit for the user to open filesCopy the code
- First, modify the limits.conf file and add
#vim /etc/security/limits.conf
*softnofile 65535
*hard nofile65535
Copy the code
Soft and hard specify the soft limit and hard limit to be changed. 65535 indicates the new limit to be changed, that is, the maximum number of open files to be changed. (Note that the soft limit is less than or equal to the hard limit.
- Second, modify the /etc/pam.d/login file and add the following line to the file (if you don’t have the file directly)
ulimit -n
If you look at it, you can see the changes. Do not perform this step.
vim /etc/pan.d/login
sessionrequired/lib/security/pam_limits.so
Copy the code
This tells Linux to call the pam_limits.so module after the user has logged in to the system to set the maximum limit on the number of resources available to the user. The pam_limits. So the module from the/etc/security/limits the conf file reading configuration to set the limit, after the changes, save the file.
- Third, check the Linux maximum open file limit
cat /proc/sys/fs/file-max
32568
Copy the code
This indicates that the maximum number of open files in Linux is 32,568. This is the hard limit of the Linux system. It is usually calculated based on the system hardware resources when Linux is started. To modify the hard limit, modify file-max=131072 in /etc/sysctl.conf and save the file
After the preceding steps are complete, restart the system and run the ulimit -n command to view the changed number of open files
With these steps, the system limits on the number of open files are lifted for communication handlers that support high-concurrency TCP connection processing.
Kernel TCP parameters
In Linux, TCP connections will be saved in TIME_WAIT state for a period of time, and then the port will be released. When too many requests are made, a large number of connections in TIME_WAIT state will be generated. Otherwise, a large number of resources will be occupied. To clear ports in TIME_WAIT state
This method takes effect only for a large number of systems in TIME_WAIT state. If the effect is not obvious, run the netstat command to view the effect
Edit the configuration file /etc/systcl.conf and add the following content
Vim /etc/systcl.conf net/ipv4/tcp_syncookies=1 # Indicates that SYNcookies are enabled. When SYN overflow occurs, cookies are enabled to prevent a small number of SYN attacks. Net /ipv4/ tcp_TW_reuse =1 # Reuse is enabled. Time-wait sockets (time-wait ports) are allowed to be used for new TCP connections. The default value is 0. Net /ipv4/tcp_fin_timeout=30 # Change the default TIME OUT to 30 secondsCopy the code
Enter the following parameters for the kernel parameters to take effect
sysctl-p
Copy the code
After modification, will further enhance the load capacity of the server, but also can defend against a small number of SYN attacks, and DOS attacks
If you have a lot of connections, you can optimize the TCP port range
I/O event allocation
To enable high-concurrency TCP connections on Linux, you must verify that the application uses appropriate network I/O technologies and I/O event allocation mechanisms. The available I/O mechanisms include synchronous I/O and asynchronous I/O non-blocking synchronous I/O. Under high TCP concurrency, using synchronous I/0 will severely block the program unless one thread is created for each TCP connection’S I/O, and too many threads cause a huge overhead for thread scheduling. Therefore, synchronous I/O is not used.
Asynchronous I/O technology AIO
Non-blocking synchronous I/O techniques include: select(); poll(); Select () supports a limited number of concurrent connections (less than 1024). Poll () adopts a rotational training mechanism, which is quite inefficient and may have uneven distribution.
This is not the case with epoll() or AIO
In summary, try to use epoll() or AIO techniques for I/O control over high-concurrency TCP connections.
The above configuration is for reference only. The actual situation can be adjusted and observed according to the work.