用户工具

站点工具


linux:sysctl

tcp

# 分类统计连接数,已连接数:netstat -an |grep 'ESTABLISHED' |grep 'tcp' |wc -l
netstat -an|awk '/^tcp/{++S[$NF]}END{for (a in S)print a,S[a]}'
CLOSED:没有连接活动或正在进行的;
LISTEN:服务器正在等待的进入呼叫;
SYN_RECV:一个连接请求已经到达,等待确认;
SYN_SENT:应用已经开始,打开一个连接;
ESTABLISHED:正常数据传输状态,也可以近似的理解为当前服务器的并发数;
FIN_WAIT1:应用已经完成;
FIN_WAIT2:另一边同意释放;
ITMED_WAIT:等待所有分组死掉;
CLOSING:两边同时尝试关闭;
TIME_WAIT:另一边已初始化一个释放;
LAST_ACK:等待所有分组死掉;

sysctl

  1. a #列出所有
  2. w name=value
  3. p #加载配置
  4. n仅显示值,-N仅显示名称

/etc/sysctl.conf,参数详解

net.ipv4.tcp_syncookies = 1 #当出现SYN等待队列溢出时,启用cookies来处理,可防范少量SYN攻击,默认关闭
net.ipv4.tcp_tw_reuse = 1 #开启tcp连接重用,默认关闭
net.ipv4.tcp_tw_recycle = 1 #开启TIME-WAIT快速回收,默认关闭
net.ipv4.tcp_fin_timeout = 30 #修改系统默认超时
#流量较大时开启
net.ipv4.tcp_keepalive_time = 1200  #tcp保持活性频率,默认两小时
net.ipv4.tcp_keepalive_intvl=30
net.ipv4.tcp_keepalive_probes=3
net.ipv4.ip_local_port_range = 10000 65000 #用于向外连接的端口范围
net.ipv4.tcp_max_syn_backlog = 8192 #SYN队列长度,默认1024
net.ipv4.tcp_max_tw_buckets = 5000 #同时保留TIME-WAIT连接的最大数量,默认18000
#其他tcp参数
net.ipv4.tcp_max_syn_backlog = 65536 #未收到客户端确认信息的连接数量,默认1024
net.core.netdev_max_backlog = 32768 #内核数据包队列数
net.core.somaxconn = 32768 #listen函数backlog数,默认128
#socket读写缓存,参考值873200
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.optmem_max=81920
#tcp读写缓存,[0]无压力,[1]内存压力,[2]拒绝分配socket
net.ipv4.tcp_wmem = 8192 436600 873200
net.ipv4.tcp_rmem  = 32768 436600 873200
net.ipv4.tcp_mem = 94500000 91500000 92700000 #参考值786432 1048576 1572864
net.ipv4.tcp_timestsmps = 0 #时间戳可以避免序列号的卷绕
net.ipv4.tcp_synack_retries = 2 #内核放弃连接之前发送ACK包的数量,二次握手
net.ipv4.tcp_syn_retries = 2 #内核放弃连接之前发送SYN包的数量

4G内存配置

net.core.rmem_default = 256960
net.core.rmem_max = 513920
net.core.wmem_default = 256960
net.core.wmem_max = 513920
net.core.netdev_max_backlog = 2000
net.core.somaxconn = 2048
net.core.optmem_max = 81920
net.ipv4.tcp_mem = 131072  262144  524288
net.ipv4.tcp_rmem = 8760  256960  4088000
net.ipv4.tcp_wmem = 8760  256960  4088000
net.ipv4.tcp_keepalive_time = 1800
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_sack = 1
net.ipv4.tcp_fack = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.ip_local_port_range = 1024  65000
net.ipv4.tcp_max_syn_backlog = 2048
linux/sysctl.txt · 最后更改: 2021/02/04 16:24 由 admin