OS version:Red Hat Enterprise Linux Server release 6.4
Kernel version:2.6.32-358.el6.x86_64
-------------------------------------------------------------------------
# -------------------------------- Tuning the kernel TCP parameters -------------------------------- #--------net.ipv4.tcp_syn_retries-------- # 對於一個新建連接,內核要發送多少個SYN連接請求才決定放棄 SYN_Times=2 # SYN連接次數 if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_syn_retries` ]] then sed -i 's/net.ipv4.tcp_syn_retries = .*/net.ipv4.tcp_syn_retries = '$SYN_Times'/' /etc/sysctl.conf else echo "net.ipv4.tcp_syn_retries = $SYN_Times" >> /etc/sysctl.conf fi #--------net.ipv4.tcp_synack_retries-------- # 對於遠端的連接請求SYN,內核會發送SYN+ACK數據報,以確認收到上一個SYN連接請求包 # 這裏決定內核在放棄連接之前所送出的SYN+ACK數目 SYN_ACK_Nu=2 # 設置SYN+ACK數目 if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_synack_retries` ]] then sed -i 's/net.ipv4.tcp_synack_retries = .*/net.ipv4.tcp_synack_retries = '$SYN_ACK_Nu'/' /etc/sysctl.conf else echo "net.ipv4.tcp_synack_retries = $SYN_ACK_Nu" >> /etc/sysctl.conf fi #--------net.ipv4.tcp_keepalive_time-------- # TCP發送keepalive探測消息的間隔時間(秒),用於確認TCP連接是否有效 # 防止兩邊建立連接但不發送數據的*** Keepalive_time=600 #間隔時間 if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_keepalive_time` ]] then sed -i 's/net.ipv4.tcp_keepalive_time = .*/net.ipv4.tcp_keepalive_time = '$Keepalive_time'/' /etc/sysctl.conf else echo "net.ipv4.tcp_keepalive_time = $Keepalive_time" >> /etc/sysctl.conf fi #--------net.ipv4.tcp_keepalive_probes-------- # TCP發送keepalive探測消息用於確認TCP連接是否有效,單位:秒 Keepalive_probes=15 #間隔時間 if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_keepalive_probes` ]] then sed -i 's/net.ipv4.tcp_keepalive_probes = .*/net.ipv4.tcp_keepalive_probes = '$Keepalive_probes'/' /etc/sysctl.conf else echo "net.ipv4.tcp_keepalive_probes = $Keepalive_probes" >> /etc/sysctl.conf fi #--------net.ipv4.tcp_keepalive_intvl-------- # 探測消息未獲得響應時,重發該消息的間隔時間(秒) Keepalive_intvl=15 #間隔時間 if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_keepalive_intvl` ]] then sed -i 's/net.ipv4.tcp_keepalive_intvl = .*/net.ipv4.tcp_keepalive_intvl = '$Keepalive_intvl'/' /etc/sysctl.conf else echo "net.ipv4.tcp_keepalive_intvl = $Keepalive_intvl" >> /etc/sysctl.conf fi #--------net.ipv4.tcp_retries2-------- # 在丟棄激活(已建立通訊狀況)的TCP連接之前﹐需要進行多少次重試 Tcp_retries=3 #重試次數 if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_retries2` ]] then sed -i 's/net.ipv4.tcp_retries2 = .*/net.ipv4.tcp_retries2 = '$Tcp_retries'/' /etc/sysctl.conf else echo "net.ipv4.tcp_retries2 = $Tcp_retries" >> /etc/sysctl.conf fi #--------net.ipv4.tcp_orphan_retries-------- # 在近端丟棄TCP連接之前﹐要進行多少次重試 Tcp_orphan_retries=3 #重試次數 if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_orphan_retries` ]] then sed -i 's/net.ipv4.tcp_orphan_retries = .*/net.ipv4.tcp_orphan_retries = '$Tcp_orphan_retries'/' /etc/sysctl.conf else echo "net.ipv4.tcp_orphan_retries = $Tcp_orphan_retries" >> /etc/sysctl.conf fi #--------net.ipv4.tcp_max_orphans-------- # 系統所能處理不屬於任何進程的TCP sockets最大數量 # 假如超過這個數量﹐那麼不屬於任何進程的連接會被立即reset,並同時顯示警告信息 Tcp_Max_orphans=8388608 #最大數量 if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_max_orphans` ]] then sed -i 's/net.ipv4.tcp_max_orphans = .*/net.ipv4.tcp_max_orphans = '$Tcp_Max_orphans'/' /etc/sysctl.conf else echo "net.ipv4.tcp_max_orphans = $Tcp_Max_orphans" >> /etc/sysctl.conf fi #--------net.ipv4.tcp_fin_timeout-------- # 對於本端斷開的socket連接,TCP保持在FIN-WAIT-2狀態的時間,單位 秒 Tcp_fin_timeout=2 #保持時間 if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_fin_timeout` ]] then sed -i 's/net.ipv4.tcp_fin_timeout = .*/net.ipv4.tcp_fin_timeout = '$Tcp_fin_timeout'/' /etc/sysctl.conf else echo "net.ipv4.tcp_fin_timeout = $Tcp_fin_timeout" >> /etc/sysctl.conf fi #--------net.ipv4.tcp_max_tw_buckets-------- # 系統在同時所處理的最大 timewait sockets 數目 # 如果超過此數的話﹐time-wait socket 會被立即砍除並且顯示警告信息 Tcp_max_tw_buckets=3600 #最大 timewait sockets 數目 if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_max_tw_buckets` ]] then sed -i 's/net.ipv4.tcp_max_tw_buckets = .*/net.ipv4.tcp_max_tw_buckets = '$Tcp_max_tw_buckets'/' /etc/sysctl.conf else echo "net.ipv4.tcp_max_tw_buckets = $Tcp_max_tw_buckets" >> /etc/sysctl.conf fi #--------net.ipv4.tcp_tw_recycle-------- # 打開快速 TIME-WAIT sockets 回收 Tcp_tw_recycle=1 #打開 if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_tw_recycle` ]] then sed -i 's/net.ipv4.tcp_tw_recycle = .*/net.ipv4.tcp_tw_recycle = '$Tcp_tw_recycle'/' /etc/sysctl.conf else echo "net.ipv4.tcp_tw_recycle = $Tcp_tw_recycle" >> /etc/sysctl.conf fi #--------net.ipv4.tcp_tw_reuse-------- # 表示是否允許重新應用處於TIME-WAIT狀態的socket用於新的TCP連接 Tcp_tw_reuse=1 #打開 if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_tw_reuse` ]] then sed -i 's/net.ipv4.tcp_tw_reuse = .*/net.ipv4.tcp_tw_reuse = '$Tcp_tw_reuse'/' /etc/sysctl.conf else echo "net.ipv4.tcp_tw_reuse = $Tcp_tw_reuse" >> /etc/sysctl.conf fi #--------net.ipv4.tcp_abort_on_overflow-------- # 當守護進程太忙而不能接受新的連接,就象對方發送reset消息 Tcp_abort_on_overflow=1 #打開 if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_abort_on_overflow` ]] then sed -i 's/net.ipv4.tcp_abort_on_overflow = .*/net.ipv4.tcp_abort_on_overflow = '$Tcp_abort_on_overflow'/' /etc/sysctl.conf else echo "net.ipv4.tcp_abort_on_overflow = $Tcp_abort_on_overflow" >> /etc/sysctl.conf fi #--------net.ipv4.tcp_syncookies-------- # 當出現syn等候隊列出現溢出時象對方發送syncookies # 目的是爲了防止syn flood*** Tcp_syncookies=1 #打開 if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_syncookies` ]] then sed -i 's/net.ipv4.tcp_syncookies = .*/net.ipv4.tcp_syncookies = '$Tcp_syncookies'/' /etc/sysctl.conf else echo "net.ipv4.tcp_syncookies = $Tcp_syncookies" >> /etc/sysctl.conf fi #--------net.ipv4.tcp_max_syn_backlog-------- # 對於那些依然還未獲得客戶端確認的連接請求﹐需要保存在隊列中最大數目 Tcp_max_syn_backlog=256 #保持在隊列中最大數目 if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_max_syn_backlog` ]] then sed -i 's/net.ipv4.tcp_max_syn_backlog = .*/net.ipv4.tcp_max_syn_backlog = '$Tcp_max_syn_backlog'/' /etc/sysctl.conf else echo "net.ipv4.tcp_max_syn_backlog = $Tcp_max_syn_backlog" >> /etc/sysctl.conf fi #--------net.ipv4.tcp_window_scaling-------- # 該文件表示設置tcp/ip會話的滑動窗口大小是否可變 Tcp_windows_scaling=1 #打開 if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_window_scaling` ]] then sed -i 's/net.ipv4.tcp_window_scaling = .*/net.ipv4.tcp_window_scaling = '$Tcp_windows_scaling'/' /etc/sysctl.conf else echo "net.ipv4.tcp_window_scaling = $Tcp_windows_scaling" >> /etc/sysctl.conf fi #--------net.ipv4.tcp_timestamps-------- # Timestamps 用在其它一些東西中﹐可以防範那些僞造的 sequence 號碼 Tcp_timestamps=1 #打開 if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_timestamps` ]] then sed -i 's/net.ipv4.tcp_timestamps = .*/net.ipv4.tcp_timestamps = '$Tcp_timestamps'/' /etc/sysctl.conf else echo "net.ipv4.tcp_timestamps = $Tcp_timestamps" >> /etc/sysctl.conf fi #--------net.ipv4.tcp_sack-------- # 使用 Selective ACK﹐它可以用來查找特定的遺失的數據報 Tcp_sack=1 #打開 if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_sack` ]] then sed -i 's/net.ipv4.tcp_sack = .*/net.ipv4.tcp_sack = '$Tcp_sack'/' /etc/sysctl.conf else echo "net.ipv4.tcp_sack = $Tcp_sack" >> /etc/sysctl.conf fi #--------net.ipv4.tcp_fack-------- # 打開FACK擁塞避免和快速重傳功能 # 當啓用此功能時,net.ipv4.tcp_sack也要設爲1纔有效 Tcp_fack=1 #打開 if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_fack` ]] then sed -i 's/net.ipv4.tcp_fack = .*/net.ipv4.tcp_fack = '$Tcp_fack'/' /etc/sysctl.conf else echo "net.ipv4.tcp_fack = $Tcp_fack" >> /etc/sysctl.conf fi #--------net.ipv4.tcp_wmem-------- # 發送緩存設置,單位 B # min:爲TCP socket預留用於發送緩衝的內存最小值。每個tcp socket都可以在建議以後都可以使用它 # default:爲TCP socket預留用於發送緩衝的內存數量 # 默認情況下該值會影響其它協議使用的net.core.wmem_default 值,一般要低於net.core.wmem_default的值 # max: 用於TCP socket發送緩衝的內存最大值 Tcp_Wmem_Min=`getconf PAGE_SIZE` Core_Wmem_Default=`grep -v "#" /etc/sysctl.conf | grep net.core.wmem_default | awk '{print $NF}'` if [[ -n $Core_Wmem_Default ]] then Tcp_Wmem_Default=$(($Core_Wmem_Default/5*3)) Tcp_Wmem_Max=$(($Tcp_Wmem_Default*256)) sed -i 's/net.ipv4.tcp_wmem = .*/net.ipv4.tcp_wmem = '$Tcp_Wmem_Min' '$Tcp_Wmem_Default' '$Tcp_Wmem_Max'/' /etc/sysctl.conf else Tcp_Wmem_Default=$(($Tcp_Wmem_Min*16)) Tcp_Wmem_Max=$(($Tcp_Wmem_Default*256)) if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_wmem` ]] then sed -i 's/net.ipv4.tcp_wmem = .*/net.ipv4.tcp_wmem = '$Tcp_Wmem_Min' '$Tcp_Wmem_Default' '$Tcp_Wmem_Max'/' /etc/sysctl.conf else echo "net.ipv4.tcp_wmem = $Tcp_Wmem_Min $Tcp_Wmem_Default $Tcp_Wmem_Max" >> /etc/sysctl.conf fi fi #--------net.ipv4.tcp_rmem-------- # 接收緩存設置,單位 B # min: 爲TCP socket預留用於接收緩衝的內存數量 # 即使在內存出現緊張情況下tcp socket都至少會有這麼多數量的內存用於接收緩衝 # default: 爲TCP socket預留用於接收緩衝的內存數量 # 默認情況下該值影響其它協議使用的 net.core.wmem_default 值,一般要低於net.core.wmem_default的值 # max: 用於TCP socket接收緩衝的內存最大值 Gage_Size=`getconf PAGE_SIZE` Tcp_Rmem_Min=$(($Gage_Size*2)) Core_Wmem_Default=`grep -v "#" /etc/sysctl.conf | grep net.core.wmem_default | awk '{print $NF}'` if [[ -n $Core_Wmem_Default ]] then Tcp_Rmem_Default=$(($Core_Wmem_Default/5*4)) Tcp_Rmem_Max=$(($Tcp_Rmem_Default*256)) sed -i 's/net.ipv4.tcp_rmem = .*/net.ipv4.tcp_rmem = '$Tcp_Rmem_Min' '$Tcp_Rmem_Default' '$Tcp_Rmem_Max'/' /etc/sysctl.conf else Tcp_Rmem_Default=$(($Tcp_Rmem_Min*21)) Tcp_Rmem_Max=$(($Tcp_Rmem_Default*128)) if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_rmem` ]] then sed -i 's/net.ipv4.tcp_rmem = .*/net.ipv4.tcp_rmem = '$Tcp_Rmem_Min' '$Tcp_Rmem_Default' '$Tcp_Rmem_Max'/' /etc/sysctl.conf else echo "net.ipv4.tcp_rmem = $Tcp_Rmem_Min $Tcp_Rmem_Default $Tcp_Rmem_Max" >> /etc/sysctl.conf fi fi #--------net.ipv4.tcp_mem-------- # low:當TCP使用了低於該值的內存頁面數時,TCP不會考慮釋放內存 # 此值的理想大小:net.ipv4.tcp_wmem(default) * 最大併發連接數 / 頁大小 # pressure:當TCP使用了超過該值的內存頁面數量時,TCP試圖穩定其內存使用,進入pressure模式 # 當內存消耗低於low值時則退出pressure狀態 # 此值的理想大小:TCP可以使用的總緩衝區大小 * 最大併發連接數 / 頁大小 # high:允許所有tcp sockets用於排隊緩衝數據報的頁面量,如果超過這個值,TCP 連接將被拒絕 # 此值的理想大小:TCP可以使用的總緩衝區大小 * 2.5 * 最大併發連接數 / 頁大小 # 頁大小 Gage_Size=`getconf PAGE_SIZE` # 最大併發連接數 Max_Connec=300 Tcp_Wmem_Default=`grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_wmem | awk '{print $4}'` if [[ -z $Tcp_Wmem_Default ]] then Tcp_Wmem_Default=$(($Gage_Size * 16)) fi Tcp_Mem_Low=$(($Tcp_Wmem_Default*$Max_Connec/$Gage_Size)) Tcp_Wmem=`grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_wmem | awk '{print $NF}'` if [[ -z $Tcp_Wmem ]] then Tcp_Wmem=$(($Gage_Size*2048)) fi Tcp_Rmem=`grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_rmem | awk '{print $NF}'` if [[ -z $Tcp_Rmem ]] then Tcp_Rmem=$(($Gage_Size*2048)) fi Tcp_Mem=$(($Tcp_Wmem+$Tcp_Rmem)) Tcp_Mem_Pressure=$(($Tcp_Mem*$Max_Connec/Gage_Size)) Tcp_Mem_Hign=$(($Tcp_Mem_Pressure*5/2)) if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_mem` ]] then sed -i 's/net.ipv4.tcp_mem = .*/net.ipv4.tcp_mem = '$Tcp_Mem_Low' '$Tcp_Mem_Pressure' '$Tcp_Mem_Hign'/' /etc/sysctl.conf else echo "net.ipv4.tcp_mem = $Tcp_Mem_Low $Tcp_Mem_Pressure $Tcp_Mem_Hign" >> /etc/sysctl.conf fi #--------net.ipv4.tcp_low_latency-------- # 允許 TCP/IP 棧適應在高吞吐量情況下低延時的情況 # 這個選項一般情形是的禁用。(但在構建Beowulf 集羣的時候,打開它很有幫助) Tcp_low_latency=0 #禁止 if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_low_latency` ]] then sed -i 's/net.ipv4.tcp_low_latency = .*/net.ipv4.tcp_low_latency = '$Tcp_low_latency'/' /etc/sysctl.conf else echo "net.ipv4.tcp_low_latency = $Tcp_low_latency" >> /etc/sysctl.conf fi #--------net.ipv4.ip_forward-------- # NAT必須開啓IP轉發支持 Ip_forward=0 #禁止 if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.ip_forward` ]] then sed -i 's/net.ipv4.ip_forward = .*/net.ipv4.ip_forward = '$Ip_forward'/' /etc/sysctl.conf else echo "net.ipv4.ip_forward = $Ip_forward" >> /etc/sysctl.conf fi #--------net.ipv4.ip_local_port_range-------- # 表示用於向外連接的端口範圍,默認比較小,這個範圍同樣會間接用於NAT表規模 rang_first=1024 #開始端口 rang_last=65000 #結束端口 if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.ip_local_port_range` ]] then sed -i 's/net.ipv4.ip_local_port_range = .*/net.ipv4.ip_local_port_range = '$rang_first' '$rang_last'/' /etc/sysctl.conf else echo "net.ipv4.ip_local_port_range = $rang_first $rang_last" >> /etc/sysctl.conf fi echo -e "\n" >> $Log_file echo "Tuning the kernel TCP parameters is Ok" >> $Log_file echo -e "\n" echo "Tuning the kernel TCP parameters is Ok" # -------------------------------- Tuning the kernel core parameters -------------------------------- # --------kernel.shmall-------- # 得到Linux內存頁大小,單位爲字節 B Page_Size=`getconf PAGE_SIZE` # 得到物理內存的大小,單位爲千字節 KB Mem_Total=`grep MemTotal /proc/meminfo| awk '{print $2}'` # 共享內存頁數 shmall=$(($Mem_Total*1024/$Page_Size)) if [[ -n `grep -v "#" /etc/sysctl.conf | grep kernel.shmall` ]] then sed -i 's/kernel.shmall = .*/kernel.shmall = '$shmall'/' /etc/sysctl.conf else echo "kernel.shmall = $shmall" >> /etc/sysctl.conf fi # --------kernel.shmmax-------- # 得到物理內存的大小,單位爲字節 B Mem_Total_B=$((`grep MemTotal /proc/meminfo| awk '{print $2}'`*1024)) if [[ -n `grep -v "#" /etc/sysctl.conf | grep kernel.shmmax` ]] then sed -i 's/kernel.shmmax = .*/kernel.shmmax = '$Mem_Total_B'/' /etc/sysctl.conf else echo "kernel.shmmax = $Mem_Total_B" >> /etc/sysctl.conf fi #--------fs.file-max-------- # 得到物理內存的大小,單位爲兆字節 MB Mem_Total_M=$((`grep MemTotal /proc/meminfo| awk '{print $2}'`/1024)) # 每4M物理內存分配256個 File_Max=$((Mem_Total_M/4*256)) if [[ -n `grep -v "#" /etc/sysctl.conf | grep fs.file-max` ]] then sed -i 's/fs.file-max = .*/fs.file-max = '$File_Max'/' /etc/sysctl.conf else echo "fs.file-max = $File_Max" >> /etc/sysctl.conf fi #--------net.core.netdev_max_backlog-------- # 每個網絡接口接收數據包的速率比內核處理這些包的速率快時,允許送到隊列的數據包的最大數目 #設置最大數目 Max_Backlog=32768 if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.core.netdev_max_backlog` ]] then sed -i 's/net.core.netdev_max_backlog = .*/net.core.netdev_max_backlog = '$Max_Backlog'/' /etc/sysctl.conf else echo "net.core.netdev_max_backlog = $Max_Backlog" >> /etc/sysctl.conf fi #--------net.core.somaxconn-------- # 用來限制監聽(LISTEN)隊列最大數據包的數量,超過這個數量就會導致鏈接超時或者觸發重傳機制 #設置最大數目 Max_Conn=16384 if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.core.somaxconn` ]] then sed -i 's/net.core.somaxconn = .*/net.core.somaxconn = '$Max_Conn'/' /etc/sysctl.conf else echo "net.core.somaxconn = $Max_Conn" >> /etc/sysctl.conf fi echo -e "\n" >> $Log_file echo "Tuning the kernel core parameters is Ok" >> $Log_file echo -e "\n" echo "Tuning the kernel core parameters is Ok" echo -e "\n" echo "--------linux kernel parameters are as follows--------" echo -e "\n" sysctl -p exit
-------------------------------------------------------------------------