Created
February 29, 2012 17:32
-
-
Save kfox/1942782 to your computer and use it in GitHub Desktop.
Linux kernel tuning settings for large number of concurrent clients
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Kernel sysctl configuration file for Red Hat Linux | |
| # | |
| # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and | |
| # sysctl.conf(5) for more details. | |
| # Controls source route verification | |
| net.ipv4.conf.default.rp_filter = 1 | |
| # Do not accept source routing | |
| net.ipv4.conf.default.accept_source_route = 0 | |
| # Controls the System Request debugging functionality of the kernel | |
| kernel.sysrq = 0 | |
| # Controls whether core dumps will append the PID to the core filename. | |
| # Useful for debugging multi-threaded applications. | |
| kernel.core_uses_pid = 1 | |
| # Disable netfilter on bridges. | |
| #net.bridge.bridge-nf-call-ip6tables = 0 | |
| #net.bridge.bridge-nf-call-iptables = 0 | |
| #net.bridge.bridge-nf-call-arptables = 0 | |
| # cf. http://www.psc.edu/networking/projects/tcptune/#Linux | |
| net.ipv4.ip_forward = 1 | |
| net.ipv4.neigh.default.gc_thresh1 = 4096 | |
| net.ipv4.neigh.default.gc_thresh2 = 8192 | |
| net.ipv4.neigh.default.gc_thresh3 = 16384 | |
| net.ipv4.neigh.default.gc_interval = 5 | |
| net.ipv4.neigh.default.base_reachable_time = 120 | |
| net.ipv4.neigh.default.gc_stale_time = 120 | |
| net.ipv4.neigh.default.base_reachable_time = 120 | |
| net.ipv4.neigh.default.gc_stale_time = 120 | |
| net.core.netdev_max_backlog = 262144 | |
| #net.core.rmem_default = 16777216 | |
| net.core.rmem_max = 108544 | |
| net.core.somaxconn = 262144 | |
| net.core.wmem_max = 108544 | |
| net.netfilter.nf_conntrack_max = 10000000 | |
| net.netfilter.nf_conntrack_tcp_timeout_established = 40 | |
| net.netfilter.nf_conntrack_tcp_timeout_close = 10 | |
| net.netfilter.nf_conntrack_tcp_timeout_close_wait = 10 | |
| net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 10 | |
| net.netfilter.nf_conntrack_tcp_timeout_last_ack = 10 | |
| net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 10 | |
| net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 10 | |
| net.netfilter.nf_conntrack_tcp_timeout_time_wait = 10 | |
| net.ipv4.tcp_fin_timeout = 1 | |
| net.ipv4.tcp_max_orphans = 262144 | |
| net.ipv4.tcp_max_syn_backlog = 16384 | |
| net.ipv4.tcp_max_syn_backlog = 262144 | |
| net.ipv4.tcp_rmem = 4096 87380 16777216 | |
| net.ipv4.tcp_sack = 0 | |
| net.ipv4.tcp_syn_retries = 2 | |
| net.ipv4.tcp_synack_retries = 2 | |
| net.ipv4.tcp_syncookies = 0 | |
| net.ipv4.tcp_timestamps = 0 | |
| net.ipv4.tcp_tw_recycle = 1 | |
| net.ipv4.tcp_wmem = 4096 16384 16777216 |
net.ipv4.tcp_max_syn_backlog twice
Be careful, do not blindly copy/paste this configurations.
For example, you should carefully consider net.ipv4.tcp_tw_recycle = 1
check: https://vincent.bernat.im/en/blog/2014-tcp-time-wait-state-linux
Also net.ipv4.tcp_syncookies = 0 means just hiding problems.
I can confirm tcp_tw_recycle=1 can cause problems when server being behind NAT
the option tcp_tw_recycle casuse problems with multiples connections behind a IP address.
you can use tcp_tw_reuse without problems.
hello, "net.netfilter.nf_conntrack_tcp_timeout_fin_wait" means what ? What's the different between "net.netfilter.nf_conntrack_tcp_timeout_fin_wait" and net.ipv4.tcp_fin_timeout?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
You repeat
net.ipv4.tcp_max_syn_backlogtwice.And you cannot use a value over 65535 for that setting anyway, it's in the kernel.
Watch this for more insight: http://vimeo.com/70369211
Slides http://cdn.oreillystatic.com/en/assets/1/event/94/Tuning%20TCP%20For%20The%20Web%20Presentation.pdf