OS version:Red Hat Enterprise Linux Server release 6.4
Kernel version:2.6.32-358.el6.x86_64
-------------------------------------------------------------------------
# -------------------------------- Tuning the kernel TCP parameters --------------------------------
#--------net.ipv4.tcp_syn_retries--------
# 對於一個新建連接,內核要發送多少個SYN連接請求才決定放棄
SYN_Times=2 # SYN連接次數
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_syn_retries` ]]
then
sed -i 's/net.ipv4.tcp_syn_retries = .*/net.ipv4.tcp_syn_retries = '$SYN_Times'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_syn_retries = $SYN_Times" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_synack_retries--------
# 對於遠端的連接請求SYN,內核會發送SYN+ACK數據報,以確認收到上一個SYN連接請求包
# 這裏決定內核在放棄連接之前所送出的SYN+ACK數目
SYN_ACK_Nu=2 # 設置SYN+ACK數目
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_synack_retries` ]]
then
sed -i 's/net.ipv4.tcp_synack_retries = .*/net.ipv4.tcp_synack_retries = '$SYN_ACK_Nu'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_synack_retries = $SYN_ACK_Nu" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_keepalive_time--------
# TCP發送keepalive探測消息的間隔時間(秒),用於確認TCP連接是否有效
# 防止兩邊建立連接但不發送數據的***
Keepalive_time=600 #間隔時間
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_keepalive_time` ]]
then
sed -i 's/net.ipv4.tcp_keepalive_time = .*/net.ipv4.tcp_keepalive_time = '$Keepalive_time'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_keepalive_time = $Keepalive_time" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_keepalive_probes--------
# TCP發送keepalive探測消息用於確認TCP連接是否有效,單位:秒
Keepalive_probes=15 #間隔時間
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_keepalive_probes` ]]
then
sed -i 's/net.ipv4.tcp_keepalive_probes = .*/net.ipv4.tcp_keepalive_probes = '$Keepalive_probes'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_keepalive_probes = $Keepalive_probes" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_keepalive_intvl--------
# 探測消息未獲得響應時,重發該消息的間隔時間(秒)
Keepalive_intvl=15 #間隔時間
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_keepalive_intvl` ]]
then
sed -i 's/net.ipv4.tcp_keepalive_intvl = .*/net.ipv4.tcp_keepalive_intvl = '$Keepalive_intvl'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_keepalive_intvl = $Keepalive_intvl" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_retries2--------
# 在丟棄激活(已建立通訊狀況)的TCP連接之前﹐需要進行多少次重試
Tcp_retries=3 #重試次數
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_retries2` ]]
then
sed -i 's/net.ipv4.tcp_retries2 = .*/net.ipv4.tcp_retries2 = '$Tcp_retries'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_retries2 = $Tcp_retries" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_orphan_retries--------
# 在近端丟棄TCP連接之前﹐要進行多少次重試
Tcp_orphan_retries=3 #重試次數
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_orphan_retries` ]]
then
sed -i 's/net.ipv4.tcp_orphan_retries = .*/net.ipv4.tcp_orphan_retries = '$Tcp_orphan_retries'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_orphan_retries = $Tcp_orphan_retries" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_max_orphans--------
# 系統所能處理不屬於任何進程的TCP sockets最大數量
# 假如超過這個數量﹐那麼不屬於任何進程的連接會被立即reset,並同時顯示警告信息
Tcp_Max_orphans=8388608 #最大數量
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_max_orphans` ]]
then
sed -i 's/net.ipv4.tcp_max_orphans = .*/net.ipv4.tcp_max_orphans = '$Tcp_Max_orphans'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_max_orphans = $Tcp_Max_orphans" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_fin_timeout--------
# 對於本端斷開的socket連接,TCP保持在FIN-WAIT-2狀態的時間,單位 秒
Tcp_fin_timeout=2 #保持時間
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_fin_timeout` ]]
then
sed -i 's/net.ipv4.tcp_fin_timeout = .*/net.ipv4.tcp_fin_timeout = '$Tcp_fin_timeout'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_fin_timeout = $Tcp_fin_timeout" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_max_tw_buckets--------
# 系統在同時所處理的最大 timewait sockets 數目
# 如果超過此數的話﹐time-wait socket 會被立即砍除並且顯示警告信息
Tcp_max_tw_buckets=3600 #最大 timewait sockets 數目
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_max_tw_buckets` ]]
then
sed -i 's/net.ipv4.tcp_max_tw_buckets = .*/net.ipv4.tcp_max_tw_buckets = '$Tcp_max_tw_buckets'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_max_tw_buckets = $Tcp_max_tw_buckets" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_tw_recycle--------
# 打開快速 TIME-WAIT sockets 回收
Tcp_tw_recycle=1 #打開
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_tw_recycle` ]]
then
sed -i 's/net.ipv4.tcp_tw_recycle = .*/net.ipv4.tcp_tw_recycle = '$Tcp_tw_recycle'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_tw_recycle = $Tcp_tw_recycle" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_tw_reuse--------
# 表示是否允許重新應用處於TIME-WAIT狀態的socket用於新的TCP連接
Tcp_tw_reuse=1 #打開
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_tw_reuse` ]]
then
sed -i 's/net.ipv4.tcp_tw_reuse = .*/net.ipv4.tcp_tw_reuse = '$Tcp_tw_reuse'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_tw_reuse = $Tcp_tw_reuse" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_abort_on_overflow--------
# 當守護進程太忙而不能接受新的連接,就象對方發送reset消息
Tcp_abort_on_overflow=1 #打開
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_abort_on_overflow` ]]
then
sed -i 's/net.ipv4.tcp_abort_on_overflow = .*/net.ipv4.tcp_abort_on_overflow = '$Tcp_abort_on_overflow'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_abort_on_overflow = $Tcp_abort_on_overflow" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_syncookies--------
# 當出現syn等候隊列出現溢出時象對方發送syncookies
# 目的是爲了防止syn flood***
Tcp_syncookies=1 #打開
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_syncookies` ]]
then
sed -i 's/net.ipv4.tcp_syncookies = .*/net.ipv4.tcp_syncookies = '$Tcp_syncookies'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_syncookies = $Tcp_syncookies" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_max_syn_backlog--------
# 對於那些依然還未獲得客戶端確認的連接請求﹐需要保存在隊列中最大數目
Tcp_max_syn_backlog=256 #保持在隊列中最大數目
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_max_syn_backlog` ]]
then
sed -i 's/net.ipv4.tcp_max_syn_backlog = .*/net.ipv4.tcp_max_syn_backlog = '$Tcp_max_syn_backlog'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_max_syn_backlog = $Tcp_max_syn_backlog" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_window_scaling--------
# 該文件表示設置tcp/ip會話的滑動窗口大小是否可變
Tcp_windows_scaling=1 #打開
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_window_scaling` ]]
then
sed -i 's/net.ipv4.tcp_window_scaling = .*/net.ipv4.tcp_window_scaling = '$Tcp_windows_scaling'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_window_scaling = $Tcp_windows_scaling" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_timestamps--------
# Timestamps 用在其它一些東西中﹐可以防範那些僞造的 sequence 號碼
Tcp_timestamps=1 #打開
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_timestamps` ]]
then
sed -i 's/net.ipv4.tcp_timestamps = .*/net.ipv4.tcp_timestamps = '$Tcp_timestamps'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_timestamps = $Tcp_timestamps" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_sack--------
# 使用 Selective ACK﹐它可以用來查找特定的遺失的數據報
Tcp_sack=1 #打開
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_sack` ]]
then
sed -i 's/net.ipv4.tcp_sack = .*/net.ipv4.tcp_sack = '$Tcp_sack'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_sack = $Tcp_sack" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_fack--------
# 打開FACK擁塞避免和快速重傳功能
# 當啓用此功能時,net.ipv4.tcp_sack也要設爲1纔有效
Tcp_fack=1 #打開
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_fack` ]]
then
sed -i 's/net.ipv4.tcp_fack = .*/net.ipv4.tcp_fack = '$Tcp_fack'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_fack = $Tcp_fack" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_wmem--------
# 發送緩存設置,單位 B
# min:爲TCP socket預留用於發送緩衝的內存最小值。每個tcp socket都可以在建議以後都可以使用它
# default:爲TCP socket預留用於發送緩衝的內存數量
# 默認情況下該值會影響其它協議使用的net.core.wmem_default 值,一般要低於net.core.wmem_default的值
# max: 用於TCP socket發送緩衝的內存最大值
Tcp_Wmem_Min=`getconf PAGE_SIZE`
Core_Wmem_Default=`grep -v "#" /etc/sysctl.conf | grep net.core.wmem_default | awk '{print $NF}'`
if [[ -n $Core_Wmem_Default ]]
then
Tcp_Wmem_Default=$(($Core_Wmem_Default/5*3))
Tcp_Wmem_Max=$(($Tcp_Wmem_Default*256))
sed -i 's/net.ipv4.tcp_wmem = .*/net.ipv4.tcp_wmem = '$Tcp_Wmem_Min' '$Tcp_Wmem_Default' '$Tcp_Wmem_Max'/' /etc/sysctl.conf
else
Tcp_Wmem_Default=$(($Tcp_Wmem_Min*16))
Tcp_Wmem_Max=$(($Tcp_Wmem_Default*256))
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_wmem` ]]
then
sed -i 's/net.ipv4.tcp_wmem = .*/net.ipv4.tcp_wmem = '$Tcp_Wmem_Min' '$Tcp_Wmem_Default' '$Tcp_Wmem_Max'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_wmem = $Tcp_Wmem_Min $Tcp_Wmem_Default $Tcp_Wmem_Max" >> /etc/sysctl.conf
fi
fi
#--------net.ipv4.tcp_rmem--------
# 接收緩存設置,單位 B
# min: 爲TCP socket預留用於接收緩衝的內存數量
# 即使在內存出現緊張情況下tcp socket都至少會有這麼多數量的內存用於接收緩衝
# default: 爲TCP socket預留用於接收緩衝的內存數量
# 默認情況下該值影響其它協議使用的 net.core.wmem_default 值,一般要低於net.core.wmem_default的值
# max: 用於TCP socket接收緩衝的內存最大值
Gage_Size=`getconf PAGE_SIZE`
Tcp_Rmem_Min=$(($Gage_Size*2))
Core_Wmem_Default=`grep -v "#" /etc/sysctl.conf | grep net.core.wmem_default | awk '{print $NF}'`
if [[ -n $Core_Wmem_Default ]]
then
Tcp_Rmem_Default=$(($Core_Wmem_Default/5*4))
Tcp_Rmem_Max=$(($Tcp_Rmem_Default*256))
sed -i 's/net.ipv4.tcp_rmem = .*/net.ipv4.tcp_rmem = '$Tcp_Rmem_Min' '$Tcp_Rmem_Default' '$Tcp_Rmem_Max'/' /etc/sysctl.conf
else
Tcp_Rmem_Default=$(($Tcp_Rmem_Min*21))
Tcp_Rmem_Max=$(($Tcp_Rmem_Default*128))
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_rmem` ]]
then
sed -i 's/net.ipv4.tcp_rmem = .*/net.ipv4.tcp_rmem = '$Tcp_Rmem_Min' '$Tcp_Rmem_Default' '$Tcp_Rmem_Max'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_rmem = $Tcp_Rmem_Min $Tcp_Rmem_Default $Tcp_Rmem_Max" >> /etc/sysctl.conf
fi
fi
#--------net.ipv4.tcp_mem--------
# low:當TCP使用了低於該值的內存頁面數時,TCP不會考慮釋放內存
# 此值的理想大小:net.ipv4.tcp_wmem(default) * 最大併發連接數 / 頁大小
# pressure:當TCP使用了超過該值的內存頁面數量時,TCP試圖穩定其內存使用,進入pressure模式
# 當內存消耗低於low值時則退出pressure狀態
# 此值的理想大小:TCP可以使用的總緩衝區大小 * 最大併發連接數 / 頁大小
# high:允許所有tcp sockets用於排隊緩衝數據報的頁面量,如果超過這個值,TCP 連接將被拒絕
# 此值的理想大小:TCP可以使用的總緩衝區大小 * 2.5 * 最大併發連接數 / 頁大小
# 頁大小
Gage_Size=`getconf PAGE_SIZE`
# 最大併發連接數
Max_Connec=300
Tcp_Wmem_Default=`grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_wmem | awk '{print $4}'`
if [[ -z $Tcp_Wmem_Default ]]
then
Tcp_Wmem_Default=$(($Gage_Size * 16))
fi
Tcp_Mem_Low=$(($Tcp_Wmem_Default*$Max_Connec/$Gage_Size))
Tcp_Wmem=`grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_wmem | awk '{print $NF}'`
if [[ -z $Tcp_Wmem ]]
then
Tcp_Wmem=$(($Gage_Size*2048))
fi
Tcp_Rmem=`grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_rmem | awk '{print $NF}'`
if [[ -z $Tcp_Rmem ]]
then
Tcp_Rmem=$(($Gage_Size*2048))
fi
Tcp_Mem=$(($Tcp_Wmem+$Tcp_Rmem))
Tcp_Mem_Pressure=$(($Tcp_Mem*$Max_Connec/Gage_Size))
Tcp_Mem_Hign=$(($Tcp_Mem_Pressure*5/2))
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_mem` ]]
then
sed -i 's/net.ipv4.tcp_mem = .*/net.ipv4.tcp_mem = '$Tcp_Mem_Low' '$Tcp_Mem_Pressure' '$Tcp_Mem_Hign'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_mem = $Tcp_Mem_Low $Tcp_Mem_Pressure $Tcp_Mem_Hign" >> /etc/sysctl.conf
fi
#--------net.ipv4.tcp_low_latency--------
# 允許 TCP/IP 棧適應在高吞吐量情況下低延時的情況
# 這個選項一般情形是的禁用。(但在構建Beowulf 集羣的時候,打開它很有幫助)
Tcp_low_latency=0 #禁止
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_low_latency` ]]
then
sed -i 's/net.ipv4.tcp_low_latency = .*/net.ipv4.tcp_low_latency = '$Tcp_low_latency'/' /etc/sysctl.conf
else
echo "net.ipv4.tcp_low_latency = $Tcp_low_latency" >> /etc/sysctl.conf
fi
#--------net.ipv4.ip_forward--------
# NAT必須開啓IP轉發支持
Ip_forward=0 #禁止
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.ip_forward` ]]
then
sed -i 's/net.ipv4.ip_forward = .*/net.ipv4.ip_forward = '$Ip_forward'/' /etc/sysctl.conf
else
echo "net.ipv4.ip_forward = $Ip_forward" >> /etc/sysctl.conf
fi
#--------net.ipv4.ip_local_port_range--------
# 表示用於向外連接的端口範圍,默認比較小,這個範圍同樣會間接用於NAT表規模
rang_first=1024 #開始端口
rang_last=65000 #結束端口
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.ip_local_port_range` ]]
then
sed -i 's/net.ipv4.ip_local_port_range = .*/net.ipv4.ip_local_port_range = '$rang_first' '$rang_last'/' /etc/sysctl.conf
else
echo "net.ipv4.ip_local_port_range = $rang_first $rang_last" >> /etc/sysctl.conf
fi
echo -e "\n" >> $Log_file
echo "Tuning the kernel TCP parameters is Ok" >> $Log_file
echo -e "\n"
echo "Tuning the kernel TCP parameters is Ok"
# -------------------------------- Tuning the kernel core parameters --------------------------------
# --------kernel.shmall--------
# 得到Linux內存頁大小,單位爲字節 B
Page_Size=`getconf PAGE_SIZE`
# 得到物理內存的大小,單位爲千字節 KB
Mem_Total=`grep MemTotal /proc/meminfo| awk '{print $2}'`
# 共享內存頁數
shmall=$(($Mem_Total*1024/$Page_Size))
if [[ -n `grep -v "#" /etc/sysctl.conf | grep kernel.shmall` ]]
then
sed -i 's/kernel.shmall = .*/kernel.shmall = '$shmall'/' /etc/sysctl.conf
else
echo "kernel.shmall = $shmall" >> /etc/sysctl.conf
fi
# --------kernel.shmmax--------
# 得到物理內存的大小,單位爲字節 B
Mem_Total_B=$((`grep MemTotal /proc/meminfo| awk '{print $2}'`*1024))
if [[ -n `grep -v "#" /etc/sysctl.conf | grep kernel.shmmax` ]]
then
sed -i 's/kernel.shmmax = .*/kernel.shmmax = '$Mem_Total_B'/' /etc/sysctl.conf
else
echo "kernel.shmmax = $Mem_Total_B" >> /etc/sysctl.conf
fi
#--------fs.file-max--------
# 得到物理內存的大小,單位爲兆字節 MB
Mem_Total_M=$((`grep MemTotal /proc/meminfo| awk '{print $2}'`/1024))
# 每4M物理內存分配256個
File_Max=$((Mem_Total_M/4*256))
if [[ -n `grep -v "#" /etc/sysctl.conf | grep fs.file-max` ]]
then
sed -i 's/fs.file-max = .*/fs.file-max = '$File_Max'/' /etc/sysctl.conf
else
echo "fs.file-max = $File_Max" >> /etc/sysctl.conf
fi
#--------net.core.netdev_max_backlog--------
# 每個網絡接口接收數據包的速率比內核處理這些包的速率快時,允許送到隊列的數據包的最大數目
#設置最大數目
Max_Backlog=32768
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.core.netdev_max_backlog` ]]
then
sed -i 's/net.core.netdev_max_backlog = .*/net.core.netdev_max_backlog = '$Max_Backlog'/' /etc/sysctl.conf
else
echo "net.core.netdev_max_backlog = $Max_Backlog" >> /etc/sysctl.conf
fi
#--------net.core.somaxconn--------
# 用來限制監聽(LISTEN)隊列最大數據包的數量,超過這個數量就會導致鏈接超時或者觸發重傳機制
#設置最大數目
Max_Conn=16384
if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.core.somaxconn` ]]
then
sed -i 's/net.core.somaxconn = .*/net.core.somaxconn = '$Max_Conn'/' /etc/sysctl.conf
else
echo "net.core.somaxconn = $Max_Conn" >> /etc/sysctl.conf
fi
echo -e "\n" >> $Log_file
echo "Tuning the kernel core parameters is Ok" >> $Log_file
echo -e "\n"
echo "Tuning the kernel core parameters is Ok"
echo -e "\n"
echo "--------linux kernel parameters are as follows--------"
echo -e "\n"
sysctl -p
exit-------------------------------------------------------------------------