Linux kernel parameter tuning is an important means to improve system performance. By adjusting the /etc/sysctl.conf file, you can optimize system behavior.
Network parameter tuning:
- TCP connection parameters:
- net.ipv4.tcp_tw_reuse=1: allow TIME-WAIT sockets to be reused for new TCP connections
- net.ipv4.tcp_tw_recycle=0: disable TCP connection fast recycling (may cause NAT issues)
- net.ipv4.tcp_fin_timeout=30: reduce timeout for FIN-WAIT-2 state
- net.ipv4.tcp_keepalive_time=600: TCP keepalive probe time
- net.ipv4.tcp_keepalive_probes=3: TCP keepalive probe count
- net.ipv4.tcp_keepalive_intvl=15: TCP keepalive probe interval
- TCP buffer parameters:
- net.ipv4.tcp_rmem="4096 87380 16777216": TCP receive buffer size
- net.ipv4.tcp_wmem="4096 65536 16777216": TCP send buffer size
- net.core.rmem_max=16777216: maximum receive buffer
- net.core.wmem_max=16777216: maximum send buffer
- TCP connection queue:
- net.core.somaxconn=65535: maximum listen queue length
- net.ipv4.tcp_max_syn_backlog=8192: maximum SYN queue length
- net.ipv4.tcp_syncookies=1: enable SYN cookies to prevent SYN attacks
- Other network parameters:
- net.ipv4.ip_local_port_range="1024 65535": local port range
- net.ipv4.tcp_max_tw_buckets=5000: TIME-WAIT bucket count
- net.ipv4.tcp_fastopen=3: enable TCP Fast Open
Memory parameter tuning:
- Virtual memory:
- vm.swappiness=10: reduce tendency to use swap (0-100)
- vm.vfs_cache_pressure=100: adjust kernel tendency to reclaim memory
- vm.dirty_ratio=10: ratio of dirty pages to memory
- vm.dirty_background_ratio=5: ratio for background dirty page writing
- vm.dirty_expire_centisecs=3000: dirty page expiration time
- Memory allocation:
- vm.overcommit_memory=1: allow overcommitting memory
- vm.overcommit_ratio=50: overcommit ratio
- Huge Pages:
- vm.nr_hugepages=0: number of huge pages
- vm.hugetlb_shm_group=0: group ID allowed to use huge pages
Filesystem parameter tuning:
- File handles:
- fs.file-max=65535: maximum number of open files in system
- fs.inotify.max_user_watches=524288: number of inotify watches
- Filesystem:
- fs.aio-max-nr=1048576: maximum number of async I/O
- fs.nr_open=1048576: maximum number of open files per process
Process and thread parameter tuning:
- Process limits:
- kernel.pid_max=4194303: maximum process ID
- kernel.threads-max=4194303: maximum number of threads
- Semaphores:
- kernel.sem="250 32000 100 128": semaphore parameters
- kernel.shmmax=68719476736: maximum shared memory segment size
- kernel.shmall=4294967296: number of shared memory pages
Security parameter tuning:
- Network security:
- net.ipv4.conf.all.rp_filter=1: enable reverse path filtering
- net.ipv4.conf.default.rp_filter=1: enable reverse path filtering by default
- net.ipv4.icmp_echo_ignore_all=0: allow ICMP echo requests
- net.ipv4.icmp_echo_ignore_broadcasts=1: ignore broadcast ICMP
- net.ipv4.conf.all.accept_source_route=0: reject source routing
- net.ipv4.conf.default.accept_source_route=0: reject source routing by default
- Kernel security:
- kernel.dmesg_restrict=1: restrict dmesg access
- kernel.kptr_restrict=1: restrict kernel pointer access
- kernel.perf_event_paranoid=2: restrict performance event access
Performance monitoring parameters:
- System monitoring:
- kernel.sysrq=0: disable SysRq key
- kernel.randomize_va_space=2: address space randomization
- Log parameters:
- kernel.printk="4 4 1 7": console log level
Parameter application methods:
- Temporary modification: sysctl -w parameter=value
- Permanent modification: edit /etc/sysctl.conf file
- Apply configuration: sysctl -p or sysctl --system
- View current value: sysctl parameter
- View all parameters: sysctl -a
Tuning recommendations:
- Adjust parameters based on actual application scenarios
- Backup original configuration before modification
- Adjust gradually and observe effects
- Use performance monitoring tools to verify tuning effects
- Refer to official documentation and best practices
- Verify in test environment before tuning in production
Common application scenarios:
- Web servers: increase connection queue, adjust TCP parameters
- Database servers: optimize memory parameters, increase file handles
- High concurrency services: increase port range, optimize TCP buffers
- Virtualization environments: adjust memory parameters, enable Huge Pages