zoukankan      html  css  js  c++  java

  • centos7内核优化

    #sysctl -p

    参数:

    net.ipv6.conf.all.disable_ipv6 = 1
    net.ipv6.conf.default.disable_ipv6 = 1
    net.ipv4.icmp_echo_ignore_broadcasts = 1
    net.ipv4.icmp_ignore_bogus_error_responses = 1
    net.ipv4.ip_forward = 0
    net.ipv4.conf.all.send_redirects = 0
    net.ipv4.conf.default.send_redirects = 0
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.default.rp_filter = 1
    net.ipv4.conf.all.accept_source_route = 0
    net.ipv4.conf.default.accept_source_route = 0
    kernel.sysrq = 0
    kernel.core_uses_pid = 1
    net.ipv4.tcp_syncookies = 1
    kernel.msgmnb = 65536
    kernel.msgmax = 65536
    kernel.shmmax = 68719476736
    kernel.shmall = 4294967296
    net.ipv4.tcp_max_tw_buckets = 6000
    net.ipv4.tcp_sack = 1
    net.ipv4.tcp_window_scaling = 1
    net.ipv4.tcp_rmem = 4096 87380 4194304
    net.ipv4.tcp_wmem = 4096 16384 4194304
    net.core.wmem_default = 8388608
    net.core.rmem_default = 8388608
    net.core.rmem_max = 16777216
    net.core.wmem_max = 16777216
    net.core.netdev_max_backlog = 262144
    net.ipv4.tcp_max_orphans = 3276800
    net.ipv4.tcp_max_syn_backlog = 262144
    net.ipv4.tcp_timestamps = 0
    net.ipv4.tcp_synack_retries = 1
    net.ipv4.tcp_syn_retries = 1
    net.ipv4.tcp_tw_recycle = 1
    net.ipv4.tcp_tw_reuse = 1
    net.ipv4.tcp_mem = 94500000 915000000 927000000
    net.ipv4.tcp_fin_timeout = 1
    net.ipv4.tcp_keepalive_time = 30
    net.ipv4.ip_local_port_range = 1024 65000
    fs.file-max = 265535
    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.default.accept_redirects = 0
    net.ipv4.conf.all.secure_redirects = 0
    net.ipv4.conf.default.secure_redirects = 0
    vm.swappiness = 10

    vim /etc/sysctl.conf

    # sysctl settings are defined through files in
    # /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
    #
    # Vendors settings live in /usr/lib/sysctl.d/.
    # To override a whole file, create a new file with the same in
    # /etc/sysctl.d/ and put new settings there. To override
    # only specific settings, add a file with a lexically later
    # name in /etc/sysctl.d/ and put new settings there.
    #
    # For more information, see sysctl.conf(5) and sysctl.d(5).
    #
    #系统优化参数
    #
    ##关闭ipv6
    #
    net.ipv6.conf.all.disable_ipv6 = 1
    #
    net.ipv6.conf.default.disable_ipv6 = 1
    #
    ## 避免放大攻击
    #
    net.ipv4.icmp_echo_ignore_broadcasts = 1
    #
    ## 开启恶意icmp错误消息保护
    #
    net.ipv4.icmp_ignore_bogus_error_responses = 1
    #
    ##关闭路由转发
    #
    net.ipv4.ip_forward = 0
    #
    net.ipv4.conf.all.send_redirects = 0
    #
    net.ipv4.conf.default.send_redirects = 0
    #
    ##开启反向路径过滤
    #
    net.ipv4.conf.all.rp_filter = 1
    #
    net.ipv4.conf.default.rp_filter = 1
    #
    ##处理无源路由的包
    #
    net.ipv4.conf.all.accept_source_route = 0
    #
    net.ipv4.conf.default.accept_source_route = 0
    #
    ##关闭sysrq功能
    #
    kernel.sysrq = 0
    #
    ##core文件名中添加pid作为扩展名
    #
    kernel.core_uses_pid = 1
    #
    ## 开启SYN洪水攻击保护
    #
    net.ipv4.tcp_syncookies = 1
    #
    ##修改消息队列长度
    #
    kernel.msgmnb = 65536
    #
    kernel.msgmax = 65536
    #
    ##设置最大内存共享段大小bytes
    #
    kernel.shmmax = 68719476736
    #
    kernel.shmall = 4294967296
    #
    ##timewait的数量,默认180000
    #
    net.ipv4.tcp_max_tw_buckets = 6000
    #
    net.ipv4.tcp_sack = 1
    #
    net.ipv4.tcp_window_scaling = 1
    #
    net.ipv4.tcp_rmem = 4096 87380 4194304
    #
    net.ipv4.tcp_wmem = 4096 16384 4194304
    #
    net.core.wmem_default = 8388608
    #
    net.core.rmem_default = 8388608
    #
    net.core.rmem_max = 16777216
    #
    net.core.wmem_max = 16777216
    #
    ##每个网络接口接收数据包的速率比内核处理这些包的速率快时,允许送到队列的数据包的最大数目
    #
    net.core.netdev_max_backlog = 262144
    #
    ##限制仅仅是为了防止简单的DoS 攻击
    #
    net.ipv4.tcp_max_orphans = 3276800
    #
    ##未收到客户端确认信息的连接请求的最大值
    #
    net.ipv4.tcp_max_syn_backlog = 262144
    #
    net.ipv4.tcp_timestamps = 0
    #
    ##内核放弃建立连接之前发送SYNACK 包的数量
    #
    net.ipv4.tcp_synack_retries = 1
    #
    ##内核放弃建立连接之前发送SYN 包的数量
    #
    net.ipv4.tcp_syn_retries = 1
    #
    ##启用timewait 快速回收
    #
    #net.ipv4.tcp_tw_recycle = 1
    #

    ##tcp_tw_recycle 的机制是维护时间戳,发现时间戳后退的包直接丢掉,会导致服务器可能会丢失 NAT 模式下运行的客户端连接

    ##开启重用。允许将TIME-WAIT sockets 重新用于新的TCP 连接
    #
    net.ipv4.tcp_tw_reuse = 1
    #
    net.ipv4.tcp_mem = 94500000 915000000 927000000
    #
    net.ipv4.tcp_fin_timeout = 1
    #
    ##当keepalive 起用的时候,TCP 发送keepalive 消息的频度。缺省是2 小时
    #
    net.ipv4.tcp_keepalive_time = 30
    #
    ##允许系统打开的端口范围
    #
    net.ipv4.ip_local_port_range = 1024 65000
    #
    ##修改防火墙表大小,默认65536
    #
    #ulimit -n 265535
    #可在/etc/profile中设置
    fs.file-max = 265535
    #系统级别的能够打开的文件句柄的数量,ulimit 是进程级别的

    #net.netfilter.nf_conntrack_max=655350
    #
    ##net.netfilter.nf_conntrack_tcp_timeout_established=1200
    #
    # # 确保无人能修改路由表
    #
    net.ipv4.conf.all.accept_redirects = 0
    #
    net.ipv4.conf.default.accept_redirects = 0
    #
    net.ipv4.conf.all.secure_redirects = 0
    #
    net.ipv4.conf.default.secure_redirects = 0
    #
    #net.nf_conntrack_max = 6553600
    vm.swappiness = 10 

    注:

    kernel.shmmax = 68719476736(页)

    Shmmax 是核心参数中最重要的参数之一,用于定义单个共享内存段的最大值,shmmax 设置应该足够大,能在一个共享内存段下容纳下整个的SGA ,设置的过低可能会导致需要创建多个共享内存段,默认设置已经足够大
    kernel.shmall = 4294967296(页)

    控制共享内存页数,Linux 共享内存页大小为4KB, 共享内存段的大小都是共享内存页大小的整数倍。假设共享内存段的最大大小是16G,那么需要共享内存页数是 16GB/4KB=16777216KB/4KB=4194304页才符合。默认设置已经足够大

    kernel.shmall

    #共享内存段的最大数量,shmmni 缺省值 4096 ,一般肯定是够用了

    vm.swappiness 值的范围为0~100,假设内存为16G,那么vm.swappiness设置为60,那么可用内存16*0.4=6.4的时候开始物理内存与虚拟内存的交换,势必会影响性能
  • 相关阅读:
    tensorrt 中的一些基本概念 Logger, Context, Engine, Builder, Network, Parser 知识梳理
    JavaWeb之互联网通信流程
    JSON
    JS之BOM编程History和location对象
    JS之将当前窗口设置为顶级窗口
    JS之BOM编程--弹出消息框和确认框
    JS之BOM编程window的open和close
    JS之内置支持类Array
    多次使用setInterval方法导致clearInterval不能成功关闭
    JS之周期函数setInterval
  • 原文地址:https://www.cnblogs.com/mydba-j/p/9628619.html
Copyright © 2011-2022 走看看