# Kernel sysctl configuration file for Linux

#

# Version 1.12 - 2015-09-30

# Michiel Klaver - IT Professional

# http://klaver.it/linux/ for the latest version - http://klaver.it/bsd/ for a BSD variant

#

# This file should be saved as /etc/sysctl.conf and can be activated using the command:

# sysctl -e -p /etc/sysctl.conf

#

# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and sysctl.conf(5) for more details.

#

# Tested with: Ubuntu 14.04 LTS kernel version 3.13

#              Debian 7 kernel version 3.2

#              CentOS 7 kernel version 3.10

#

# Intended use for dedicated server systems at high-speed networks with loads of RAM and bandwidth available

# Optimised and tuned for high-performance web/ftp/mail/dns servers with high connection-rates

# DO NOT USE at busy networks or xDSL/Cable connections where packetloss can be expected

# ----------

# Credits:

# http://www.enigma.id.au/linux_tuning.txt

# http://www.securityfocus.com/infocus/1729

# http://fasterdata.es.net/TCP-tuning/linux.html

# http://fedorahosted.org/ktune/browser/sysctl.ktune

# http://www.cymru.com/Documents/ip-stack-tuning.html

# http://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt

# http://www.frozentux.net/ipsysctl-tutorial/chunkyhtml/index.html

# http://knol.google.com/k/linux-performance-tuning-and-measurement

# http://www.cyberciti.biz/faq/linux-kernel-tuning-virtual-memory-subsystem/

# http://www.redbooks.ibm.com/abstracts/REDP4285.html

# http://www.speedguide.net/read_articles.php?id=121

# http://lartc.org/howto/lartc.kernel.obscure.html

# http://en.wikipedia.org/wiki/Sysctl

###

### GENERAL SYSTEM SECURITY OPTIONS ###

###

# Controls the System Request debugging functionality of the kernel

kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename.

# Useful for debugging multi-threaded applications.

kernel.core_uses_pid = 1

#Allow for more PIDs

kernel.pid_max = 65535

# The contents of /proc/<pid>/maps and smaps files are only visible to

# readers that are allowed to ptrace() the process

kernel.maps_protect = 1

#Enable ExecShield protection

kernel.exec-shield = 1

kernel.randomize_va_space = 2

# Controls the maximum size of a message, in bytes

kernel.msgmnb = 65535

# Controls the default maxmimum size of a mesage queue

kernel.msgmax = 65535

# Restrict core dumps

fs.suid_dumpable = 0

# Hide exposed kernel pointers

kernel.kptr_restrict = 1

###

### IMPROVE SYSTEM MEMORY MANAGEMENT ###

###

# Increase size of file handles and inode cache

fs.file-max = 209708

# Do less swapping

vm.swappiness = 30

vm.dirty_ratio = 30

vm.dirty_background_ratio = 5

# specifies the minimum virtual address that a process is allowed to mmap

vm.mmap_min_addr = 4096

# 50% overcommitment of available memory

vm.overcommit_ratio = 50

vm.overcommit_memory = 0

# Set maximum amount of memory allocated to shm to 256MB

kernel.shmmax = 268435456

kernel.shmall = 268435456

# Keep at least 64MB of free RAM space available

vm.min_free_kbytes = 65535

###

### GENERAL NETWORK SECURITY OPTIONS ###

###

#Prevent SYN attack, enable SYNcookies (they will kick-in when the max_syn_backlog reached)

net.ipv4.tcp_syncookies = 1

net.ipv4.tcp_syn_retries = 2

net.ipv4.tcp_synack_retries = 2

net.ipv4.tcp_max_syn_backlog = 4096

# Disables packet forwarding

net.ipv4.ip_forward = 0

net.ipv4.conf.all.forwarding = 0

net.ipv4.conf.default.forwarding = 0

net.ipv6.conf.all.forwarding = 0

net.ipv6.conf.default.forwarding = 0

# Disables IP source routing

net.ipv4.conf.all.send_redirects = 0

net.ipv4.conf.default.send_redirects = 0

net.ipv4.conf.all.accept_source_route = 0

net.ipv4.conf.default.accept_source_route = 0

net.ipv6.conf.all.accept_source_route = 0

net.ipv6.conf.default.accept_source_route = 0

# Enable IP spoofing protection, turn on source route verification

net.ipv4.conf.all.rp_filter = 1

net.ipv4.conf.default.rp_filter = 1

# Disable ICMP Redirect Acceptance

net.ipv4.conf.all.accept_redirects = 0

net.ipv4.conf.default.accept_redirects = 0

net.ipv4.conf.all.secure_redirects = 0

net.ipv4.conf.default.secure_redirects = 0

net.ipv6.conf.all.accept_redirects = 0

net.ipv6.conf.default.accept_redirects = 0

# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets

net.ipv4.conf.all.log_martians = 1

net.ipv4.conf.default.log_martians = 1

# Decrease the time default value for tcp_fin_timeout connection

net.ipv4.tcp_fin_timeout = 7

# Decrease the time default value for connections to keep alive

net.ipv4.tcp_keepalive_time = 300

net.ipv4.tcp_keepalive_probes = 5

net.ipv4.tcp_keepalive_intvl = 15

# Don't relay bootp

net.ipv4.conf.all.bootp_relay = 0

# Don't proxy arp for anyone

net.ipv4.conf.all.proxy_arp = 0

# Turn on the tcp_timestamps, accurate timestamp make TCP congestion control algorithms work better

net.ipv4.tcp_timestamps = 1

# Don't ignore directed pings

net.ipv4.icmp_echo_ignore_all = 0

# Enable ignoring broadcasts request

net.ipv4.icmp_echo_ignore_broadcasts = 1

# Enable bad error message Protection

net.ipv4.icmp_ignore_bogus_error_responses = 1

# Allowed local port range

net.ipv4.ip_local_port_range = 16384 65535

# Enable a fix for RFC1337 - time-wait assassination hazards in TCP

net.ipv4.tcp_rfc1337 = 1

# Do not auto-configure IPv6

net.ipv6.conf.all.autoconf=0

net.ipv6.conf.all.accept_ra=0

net.ipv6.conf.default.autoconf=0

net.ipv6.conf.default.accept_ra=0

net.ipv6.conf.eth0.autoconf=0

net.ipv6.conf.eth0.accept_ra=0

###

### TUNING NETWORK PERFORMANCE ###

###

# For high-bandwidth low-latency networks, use 'htcp' congestion control

# Do a 'modprobe tcp_htcp' first

net.ipv4.tcp_congestion_control = htcp

# For servers with tcp-heavy workloads, enable 'fq' queue management scheduler (kernel > 3.12)

net.core.default_qdisc = fq

# Turn on the tcp_window_scaling

net.ipv4.tcp_window_scaling = 1

# Increase the read-buffer space allocatable

net.ipv4.tcp_rmem = 8192 87380 16777216

net.ipv4.udp_rmem_min = 16384

net.core.rmem_default = 262144

net.core.rmem_max = 16777216

# Increase the write-buffer-space allocatable

net.ipv4.tcp_wmem = 8192 65536 16777216

net.ipv4.udp_wmem_min = 16384

net.core.wmem_default = 262144

net.core.wmem_max = 16777216

# Increase number of incoming connections

net.core.somaxconn = 32768

# Increase number of incoming connections backlog

net.core.netdev_max_backlog = 16384

net.core.dev_weight = 64

# Increase the maximum amount of option memory buffers

net.core.optmem_max = 65535

# Increase the tcp-time-wait buckets pool size to prevent simple DOS attacks

net.ipv4.tcp_max_tw_buckets = 1440000

# try to reuse time-wait connections, but don't recycle them (recycle can break clients behind NAT)

net.ipv4.tcp_tw_recycle = 0

net.ipv4.tcp_tw_reuse = 1

# Limit number of orphans, each orphan can eat up to 16M (max wmem) of unswappable memory

net.ipv4.tcp_max_orphans = 16384

net.ipv4.tcp_orphan_retries = 0

# Increase the maximum memory used to reassemble IP fragments

net.ipv4.ipfrag_high_thresh = 512000

net.ipv4.ipfrag_low_thresh = 446464

# don't cache ssthresh from previous connection

net.ipv4.tcp_no_metrics_save = 1

net.ipv4.tcp_moderate_rcvbuf = 1

# Increase size of RPC datagram queue length

net.unix.max_dgram_qlen = 50

# Don't allow the arp table to become bigger than this

net.ipv4.neigh.default.gc_thresh3 = 2048

# Tell the gc when to become aggressive with arp table cleaning.

# Adjust this based on size of the LAN. 1024 is suitable for most /24 networks

net.ipv4.neigh.default.gc_thresh2 = 1024

# Adjust where the gc will leave arp table alone - set to 32.

net.ipv4.neigh.default.gc_thresh1 = 32

# Adjust to arp table gc to clean-up more often

net.ipv4.neigh.default.gc_interval = 30

# Increase TCP queue length

net.ipv4.neigh.default.proxy_qlen = 96

net.ipv4.neigh.default.unres_qlen = 6

# Enable Explicit Congestion Notification (RFC 3168), disable it if it doesn't work for you

net.ipv4.tcp_ecn = 1

net.ipv4.tcp_reordering = 3

# How many times to retry killing an alive TCP connection

net.ipv4.tcp_retries2 = 15

net.ipv4.tcp_retries1 = 3

# Avoid falling back to slow start after a connection goes idle

# keeps our cwnd large with the keep alive connections (kernel > 3.6)

net.ipv4.tcp_slow_start_after_idle = 0

# Allow the TCP fastopen flag to be used, beware some firewalls do not like TFO! (kernel > 3.7)

net.ipv4.tcp_fastopen = 3

# This will enusre that immediatly subsequent connections use the new values

net.ipv4.route.flush = 1

net.ipv6.route.flush = 1

###

### Comments/suggestions/additions are welcome!

###

tcp/ip 调优示例的更多相关文章

  1. Linux TCP/IP调优参数 /proc/sys/net/目录

    所有的TCP/IP调优参数都位于/proc/sys/net/目录. 例如, 下面是最重要的一些调优参数,后面是它们的含义: /proc/sys/net/core/rmem_default " ...

  2. [转]linux tcp/ip调优

    LINUX tcp/ip性能调优 On 2011年03月15日, in linux, tips, by netoearth 在TCP/IP协议中,TCP协议提供可靠的连接服务,采用三次握手建立一个连接 ...

  3. Linux TCP/IP调优-Linux内核参数注释

    固定文件的内核参数 下列文件所在目录: /proc/sys/net/ipv4/ 名称 默认值 建议值 描述 tcpsyn_retries 5 1 对于一个新建连接,内核要发送多少个SYN连接请求才决定 ...

  4. linux tcp/ip 调优

    sysctl 变量修改方法:sysctl –a 使用 sysctl 命令修改系统变量,和通过编辑 sysctl.conf 文件来修改系统变量两种.但并不是所有的 变量都可以在这个模式下设定. 注:sy ...

  5. linux下改动内核參数进行Tcp性能调优 -- 高并发

    前言: Tcp/ip协议对网络编程的重要性,进行过网络开发的人员都知道,我们所编写的网络程序除了硬件,结构等限制,通过改动Tcp/ip内核參数也能得到非常大的性能提升, 以下就列举一些Tcp/ip内核 ...

  6. Perf -- Linux下的系统性能调优工具,第 2 部分 特殊用法以及内核调优示例

    https://www.ibm.com/developerworks/cn/linux/l-cn-perf2/ 本文内容简介 之前介绍了 perf 最常见的一些用法,关注于 Linux 系统上应用程序 ...

  7. [转载] 高流量大并发Linux TCP 性能调优

    原文: http://cenwj.com/2015/2/25/19 本文参考文章为: 优化Linux下的内核TCP参数来提高服务器负载能力 Linux Tuning 本文所面对的情况为: 高并发数 高 ...

  8. Linux 系统最大TCP连接数 调优

    Linux系统TCP最大连接数 Linux系统可接连接到最大的TCP连接数,高并发情况下可进行扩展加大,最大为65536. 限制最大TCP连接数 修改文件:/etc/sysctl.conf 生效命令: ...

  9. Nginx-PHP优化设置 + lnmp调优的关键影响因素 + php-fpm + nginx返回码 + tcp调优 + 最大文件描述符

    https://www.cnblogs.com/zengkefu/p/5602473.html最大文件描述符 https://blog.csdn.net/fanren224/article/detai ...

随机推荐

  1. Go 语言 基础 【第一篇】:package fmt导入

    package  main 解释:只要你 一个可执行 程序

  2. bzoj1221软件开发 费用流

    题目传送门 思路: 网络流拆点有的是“过程拆点”,有的是“状态拆点”,这道题应该就属于状态拆点. 每个点分需要用的,用完的. 对于需要用的,这些毛巾来自新买的和用过的毛巾进行消毒的,流向终点. 对于用 ...

  3. 小数据池 is 和 == ,以及再谈编码

    一.小数据池 1.id() 小数据池针对的是:int ,str,boo(都是不可变的数据类型) (1)如果是在py文件中写的字符串,几乎都是缓存的 (2)在黑窗口里写的机会都不会缓存 (3)不同的解释 ...

  4. vux构建的项目打包成app出的一些问题

    1.static里面能放一些外部的插件,css可以放static,引用的时候按照相对路径写, less不可以,因为放在static里面的文件不会经过webpack的处理,所以也就不会编译成css,所以 ...

  5. dedecms 中变量函数

    {dede:global.cfg_cmsurl/} 是网站根目录{dede:global.cfg_cmsurl/} 是当前目录{dede:global.cfg_templets_skin/} 当前模板 ...

  6. [转] JAVA从本机获取IP地址

    [From] https://www.cnblogs.com/xiaoBlog2016/p/7076230.html 论述: 此篇博客是在工作的时候,需要获得当前网络下面正确的ip地址,在网上查阅很多 ...

  7. sql语句中开窗函数的使用

    开窗函数主要分为2类: 1.排序开窗函数: rank() over(partition by xxx order by yyy) //各分区按照yyy字段排序,如果yyy字段值一样,则rank值一样, ...

  8. vue-scroller的使用 && 开发自己的 scroll 插件

    vue-scroller的使用 在spa开发过程中,难免会遇到使用scroll的情况,比如下面的: 即,当用户选择好商品之后,点击购物车,就会有一个购物车弹窗,如果选择的商品小于三个,刚好合适,如果多 ...

  9. 动态替换animator的研究

    http://blog.csdn.net/tonnychu/article/details/49903657 http://blog.csdn.net/tlrainty/article/details ...

  10. 如何将git上的代码迁移到Coding上

    1.首先需要找到项目的.git文件 2..git文件下的config中的url修改成新的地址 3.打开.ssh文件夹 4.将文件下的.pub后缀的文件里面的内容复制到Coding平台的key设置里面即 ...