- 修改最大打开文件数量
ulimit -n 100000
- 修改创建文件的最大值
#/etc/security/limits.conf
* soft nofile 262140
* hard nofile 262140
- 修改tcp相关设置
#/etc/sysctl.conf
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 5120 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
fs.file-max = 65536
vm.overcommit_memory = 1
减少首次建立连接时,断开连接的攻击:
tcp_syncookies
tcp_synack_retries 可以用他来减少重试次数;
tcp_max_syn_backlog,可以增大SYN连接数;
tcp_abort_on_overflow 处理不过来干脆就直接拒绝连接
TCP链接关闭的时候,需要等两个TIME_WAIT的时间,才能正式关闭TCP.(TCP链接关闭从发fin)
tcp_tw_reuse
tcp_timestamps=1 默认开启
查看端口范围:
sysctl -a | grep port
查看TCP请求的各状态量
netstat -nt | awk '/^tcp/ {++state[$NF]} END {for(key in state) print key,"t",state[key]}'
tcp_tw_recycle 在NAT网络中不建议开启