内核调优

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063

相信做运维的同仁，进行运维环境初建时，必须要考虑到操作系统内核参数的优化问题，本人经历数次的运维环境重建后，决定要自行收集一份比较完善的系统内核参数优化说明文件出来，于是就有了下文，本文当前值是官方默认参数，建议参数直接添加于sysctl -a输出的结果每一行的后面，希望对运维的同仁做系统内核参数调优时有所帮助。废话不多讲，直接上干货！   #3.10.0-862.el7.x86_64 #CentOS Linux release 7.5.1804   abi.vsyscall32 = 1 crypto.fips_enabled = 0 debug.exception-trace = 1 debug.kprobes-optimization = 1 debug.panic_on_rcu_stall = 0 dev.cdrom.autoclose = 1 dev.cdrom.autoeject = 0 dev.cdrom.check_media = 0 dev.cdrom.debug = 0 dev.cdrom.info = CD-ROM information, Id: cdrom.c 3.20 2003/12/17 dev.cdrom.info = dev.cdrom.info = drive name: sr0 dev.cdrom.info = drive speed: 1 dev.cdrom.info = drive # of slots: 1 dev.cdrom.info = Can close tray: 1 dev.cdrom.info = Can open tray: 1 dev.cdrom.info = Can lock tray: 1 dev.cdrom.info = Can change speed: 1 dev.cdrom.info = Can select disk: 0 dev.cdrom.info = Can read multisession: 1 dev.cdrom.info = Can read MCN: 1 dev.cdrom.info = Reports media changed: 1 dev.cdrom.info = Can play audio: 1 dev.cdrom.info = Can write CD-R: 1 dev.cdrom.info = Can write CD-RW: 1 dev.cdrom.info = Can read DVD: 1 dev.cdrom.info = Can write DVD-R: 1 dev.cdrom.info = Can write DVD-RAM: 1 dev.cdrom.info = Can read MRW: 1 dev.cdrom.info = Can write MRW: 1 dev.cdrom.info = Can write RAM: 1 dev.cdrom.info = dev.cdrom.info = dev.cdrom.lock = 1 dev.hpet.max-user-freq = 64 dev.mac_hid.mouse_button2_keycode = 97 dev.mac_hid.mouse_button3_keycode = 100 dev.mac_hid.mouse_button_emulation = 0 dev.parport.default.spintime = 500 dev.parport.default.timeslice = 200 dev.raid.speed_limit_max = 200000 #RAID最大读取速率，如果RAID性能较高，可以修改此上限来提升IO性能 dev.raid.speed_limit_min = 1000 #RAID最小读取速率 dev.scsi.logging_level = 0 #是否开启scsi磁盘的日志功能，一般情况不建议开启 fs.aio-max-nr = 65536 fs.aio-nr = 0 fs.binfmt_misc.status = enabled fs.dentry-state = 23528 10917 45 0 0 0 fs.dir-notify-enable = 1 fs.epoll.max_user_watches = 411340 fs.file-max = 197872 fs.file-nr = 1120 0 197872 fs.inode-nr = 20574 298 fs.inode-state = 20574 298 0 0 0 0 0 fs.inotify.max_queued_events = 16384 fs.inotify.max_user_instances = 128 fs.inotify.max_user_watches = 8192 fs.lease-break-time = 45 fs.leases-enable = 1 fs.may_detach_mounts = 0 fs.mount-max = 100000 fs.mqueue.msg_default = 10 fs.mqueue.msg_max = 10 fs.mqueue.msgsize_default = 8192 fs.mqueue.msgsize_max = 8192 fs.mqueue.queues_max = 256 fs.nr_open = 1048576 fs.overflowgid = 65534 fs.overflowuid = 65534 fs.pipe-max-size = 1048576 fs.pipe-user-pages-hard = 0 fs.pipe-user-pages-soft = 16384 fs.protected_hardlinks = 1 fs.protected_symlinks = 1 fs.quota.allocated_dquots = 0 fs.quota.cache_hits = 0 fs.quota.drops = 0 fs.quota.free_dquots = 0 fs.quota.lookups = 0 fs.quota.reads = 0 fs.quota.syncs = 0 fs.quota.warnings = 1 fs.quota.writes = 0 fs.suid_dumpable = 0 kernel.acct = 4 2 30 kernel.acpi_video_flags = 0 kernel.auto_msgmni = 1 kernel.bootloader_type = 114 kernel.bootloader_version = 2 kernel.cad_pid = 1 kernel.cap_last_cap = 36 kernel.compat-log = 1 kernel.core_pattern = core kernel.core_pipe_limit = 0 kernel.core_uses_pid = 1 kernel.ctrl-alt-del = 0 kernel.dmesg_restrict = 0 kernel.domainname = (none) kernel.ftrace_dump_on_oops = 0 kernel.ftrace_enabled = 1 kernel.hardlockup_all_cpu_backtrace = 0 kernel.hardlockup_panic = 1 kernel.hostname = example_server.com #由此可以看出，主机名是属于内核的 kernel.hotplug = kernel.hung_task_check_count = 4194304 kernel.hung_task_panic = 0 kernel.hung_task_timeout_secs = 120 kernel.hung_task_warnings = 10 kernel.io_delay_type = 0 kernel.kexec_load_disabled = 0 kernel.keys.gc_delay = 300 kernel.keys.maxbytes = 20000 kernel.keys.maxkeys = 200 kernel.keys.persistent_keyring_expiry = 259200 kernel.keys.root_maxbytes = 25000000 kernel.keys.root_maxkeys = 1000000 kernel.kptr_restrict = 0 kernel.max_lock_depth = 1024 kernel.modprobe = /sbin/modprobe kernel.modules_disabled = 0 kernel.msg_next_id = -1 kernel.msgmax = 8192 kernel.msgmnb = 16384 kernel.msgmni = 3958 kernel.ngroups_max = 65536 kernel.nmi_watchdog = 1 kernel.ns_last_pid = 1651 kernel.numa_balancing = 0 kernel.numa_balancing_scan_delay_ms = 1000 kernel.numa_balancing_scan_period_max_ms = 60000 kernel.numa_balancing_scan_period_min_ms = 1000 kernel.numa_balancing_scan_size_mb = 256 kernel.numa_balancing_settle_count = 4 kernel.osrelease = 3.10.0-862.el7.x86_64 kernel.ostype = Linux kernel.overflowgid = 65534 kernel.overflowuid = 65534 kernel.panic = 0 kernel.panic_on_io_nmi = 0 kernel.panic_on_oops = 1 kernel.panic_on_stackoverflow = 0 kernel.panic_on_unrecovered_nmi = 0 kernel.panic_on_warn = 0 kernel.perf_cpu_time_max_percent = 25 kernel.perf_event_max_sample_rate = 100000 kernel.perf_event_mlock_kb = 516 kernel.perf_event_paranoid = 2 kernel.pid_max = 131072 kernel.poweroff_cmd = /sbin/poweroff kernel.print-fatal-signals = 0 kernel.printk = 4 4 1 7 kernel.printk_delay = 0 kernel.printk_ratelimit = 5 kernel.printk_ratelimit_burst = 10 kernel.pty.max = 4096 kernel.pty.nr = 1 kernel.pty.reserve = 1024 kernel.random.boot_id = b91ea354-c5d0-4c48-abcd-18da3dcd6741 kernel.random.entropy_avail = 978 kernel.random.poolsize = 4096 kernel.random.read_wakeup_threshold = 64 kernel.random.urandom_min_reseed_secs = 60 kernel.random.uuid = 923d2748-02d8-47b8-968d-9c2b7c420bec kernel.random.write_wakeup_threshold = 896 kernel.randomize_va_space = 2 kernel.real-root-dev = 0 kernel.sched_autogroup_enabled = 0 kernel.sched_cfs_bandwidth_slice_us = 5000 kernel.sched_child_runs_first = 0 kernel.sched_domain.cpu0.domain0.busy_factor = 32 kernel.sched_domain.cpu0.domain0.busy_idx = 2 kernel.sched_domain.cpu0.domain0.cache_nice_tries = 1 kernel.sched_domain.cpu0.domain0.flags = 559 kernel.sched_domain.cpu0.domain0.forkexec_idx = 0 kernel.sched_domain.cpu0.domain0.idle_idx = 0 kernel.sched_domain.cpu0.domain0.imbalance_pct = 117 kernel.sched_domain.cpu0.domain0.max_interval = 4 kernel.sched_domain.cpu0.domain0.max_newidle_lb_cost = 17063 kernel.sched_domain.cpu0.domain0.min_interval = 2 kernel.sched_domain.cpu0.domain0.name = MC kernel.sched_domain.cpu0.domain0.newidle_idx = 0 kernel.sched_domain.cpu0.domain0.wake_idx = 0 kernel.sched_domain.cpu1.domain0.busy_factor = 32 kernel.sched_domain.cpu1.domain0.busy_idx = 2 kernel.sched_domain.cpu1.domain0.cache_nice_tries = 1 kernel.sched_domain.cpu1.domain0.flags = 559 kernel.sched_domain.cpu1.domain0.forkexec_idx = 0 kernel.sched_domain.cpu1.domain0.idle_idx = 0 kernel.sched_domain.cpu1.domain0.imbalance_pct = 117 kernel.sched_domain.cpu1.domain0.max_interval = 4 kernel.sched_domain.cpu1.domain0.max_newidle_lb_cost = 1898 kernel.sched_domain.cpu1.domain0.min_interval = 2 kernel.sched_domain.cpu1.domain0.name = MC kernel.sched_domain.cpu1.domain0.newidle_idx = 0 kernel.sched_domain.cpu1.domain0.wake_idx = 0 kernel.sched_latency_ns = 12000000 kernel.sched_migration_cost_ns = 500000 kernel.sched_min_granularity_ns = 10000000 kernel.sched_nr_migrate = 32 kernel.sched_rr_timeslice_ms = 100 kernel.sched_rt_period_us = 1000000 kernel.sched_rt_runtime_us = 950000 kernel.sched_schedstats = 0 kernel.sched_shares_window_ns = 10000000 kernel.sched_time_avg_ms = 1000 kernel.sched_tunable_scaling = 1 kernel.sched_wakeup_granularity_ns = 15000000 kernel.sem = 250 32000 32 128 kernel.sem_next_id = -1 kernel.shm_next_id = -1 kernel.shm_rmid_forced = 0 kernel.shmall = 18446744073692774399 kernel.shmmax = 18446744073692774399 kernel.shmmni = 4096 kernel.softlockup_all_cpu_backtrace = 0 kernel.softlockup_panic = 0 kernel.stack_tracer_enabled = 0 kernel.sysctl_writes_strict = 1 kernel.sysrq = 16 kernel.tainted = 0 kernel.threads-max = 15691 kernel.timer_migration = 1 kernel.traceoff_on_warning = 0 kernel.unknown_nmi_panic = 0 kernel.usermodehelper.bset = 4294967295 31 kernel.usermodehelper.inheritable = 4294967295 31 kernel.version = #1 SMP Fri Apr 20 16:44:24 UTC 2018 kernel.watchdog = 1 kernel.watchdog_cpumask = 0-127 kernel.watchdog_thresh = 10 kernel.yama.ptrace_scope = 0 net.core.bpf_jit_enable = 0 net.core.busy_poll = 0 net.core.busy_read = 0 net.core.default_qdisc = pfifo_fast net.core.dev_weight = 64 net.core.dev_weight_rx_bias = 1 net.core.dev_weight_tx_bias = 1 net.core.message_burst = 10 net.core.message_cost = 5 net.core.netdev_budget = 300 net.core.netdev_max_backlog = 1000 #网络设备监听队列的最大长度（此值决定了全局并发能力，但不可大过65535，建议值10000） net.core.netdev_rss_key = 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 net.core.netdev_tstamp_prequeue = 1 #网络设备预置队列序号，意味着从指定值开始顺延序列化 net.core.optmem_max = 20480 #每个套接字所允许的最大缓冲区的大小 net.core.rmem_default = 212992 #网络协议栈默认接收内存 net.core.rmem_max = 212992 #网络协议栈最大接收内存 net.core.rps_sock_flow_entries = 0 net.core.somaxconn = 128 #定义了系统中每一个端口最大的监听队列长度，这是个全局的参数 建议值1280 net.core.warnings = 1 net.core.wmem_default = 212992 #网络协议栈默认发送内存 net.core.wmem_max = 212992 #网络协议栈最大发送内存 net.core.xfrm_acq_expires = 30 net.core.xfrm_aevent_etime = 10 net.core.xfrm_aevent_rseqth = 2 net.core.xfrm_larval_drop = 1 net.ipv4.cipso_cache_bucket_size = 10 net.ipv4.cipso_cache_enable = 1 net.ipv4.cipso_rbm_optfmt = 0 net.ipv4.cipso_rbm_strictvalid = 1 net.ipv4.conf.all.accept_local = 0 #是否允许所有接口接收从本机IP地址上发送给本机的数据包 net.ipv4.conf.all.accept_redirects = 1 #是否接收重写过的数据包（用作路由器时默认值为0） net.ipv4.conf.all.accept_source_route = 0 #是否接收无源路由的数据包 net.ipv4.conf.all.arp_accept = 0 #默认对不在ARP表中的IP地址发出的APR包的处理方式:0不在ARP表中创建对应IP地址的表项;1在ARP表中创建对应IP地址的表项 net.ipv4.conf.all.arp_announce = 0 #对网络接口上，本地IP地址的发出的，ARP回应，作出相应级别的限制: 确定不同程度的限制,宣布对来自本地源IP地址发出Arp请求的接口 #0： 在任意网络接口（eth0,eth1，lo）上的任何本地地址 #1：尽量避免不在该网络接口子网段的本地地址做出arp回应. 当发起ARP请求的源IP地址是被设置应该经由路由达到此网络接口的时候很有用.此时会检查来访IP是否为所有接口上的子网段内ip之一.如果改来访IP不属于各个网络接口上的子网段内,那么将采用级别2的方式来进行处理. #2：对查询目标使用最适当的本地地址.在此模式下将忽略这个IP数据包的源地址并尝试选择与能与该地址通信的本地地址.首要是选择所有的网络接口的子网中外出访问子网中包含该目标IP地址的本地地址. 如果没有合适的地址被发现,将选择当前的发送网络接口或其他的有可能接受到该ARP回应的网络接口来进行发送. net.ipv4.conf.all.arp_filter = 0 # 0：内核设置每个网络接口各自应答其地址上的arp询问。这项看似会错误的设置却经常能非常有效，因为它增加了成功通讯的机会。在Linux主机上，每个IP地址是网络接口独立的，而非一个复合的接口。只有在一些特殊的设置的时候，比如负载均衡的时候会带来麻烦 #1：允许多个网络介质位于同一子网段内，每个网络界面依据是否内核指派路由该数据包经过此接口来确认是否回答ARP查询(这个实现是由来源地址确定路由的时候决定的),换句话说，允许控制使用某一块网卡（通常是第一块）回应arp询问 net.ipv4.conf.all.arp_ignore = 0 #定义对目标地址为本地IP的ARP询问不同的应答模式（LVS负载均衡时此值需要修改为2） #0：回应任何网络接口上对任何本地IP地址的arp查询请求 #1：只回答目标IP地址是来访网络接口本地地址的ARP查询请求 #2：只回答目标IP地址是来访网络接口本地地址的ARP查询请求,且来访IP必须在该网络接口的子网段内 #3：不回应该网络界面的arp请求，而只对设置的唯一和连接地址做出回应 #8：不回应所有（本地地址）的arp查询 net.ipv4.conf.all.arp_notify = 0 #是否开启arp通知链操作：0不做任何操作，1当设备或硬件地址改变时自动产生一个arp请求 net.ipv4.conf.all.bootp_relay = 0 #是否接收源地址为0.a.b.c，目的地址不是本机的数据包，是为了支持bootp服务 net.ipv4.conf.all.disable_policy = 0 #是否禁止internet协议安全性验证 net.ipv4.conf.all.disable_xfrm = 0 #是否禁止internet协议安全性加密 net.ipv4.conf.all.force_igmp_version = 0 net.ipv4.conf.all.forwarding = 0 net.ipv4.conf.all.log_martians = 0 #是否开启并记录欺骗，源路由和重定向数据包:记录带有不允许的地址的数据报到内核日志中（如果是路由器建议值为1） net.ipv4.conf.all.mc_forwarding = 0 #是否进行多播路由（只有内核编译有CONFIG_MROUTE并且有路由服务程序在运行该参数才有效） net.ipv4.conf.all.medium_id = 0 #用来区分不同媒介.两个网络设备可以使用不同的值,使他们只有其中之一接收到广播包.通常,这个参数被用来配合proxy_arp实现roxy_arp的特性即是允许arp报文在两个不同的网络介质中转发. #0：表示各个网络介质接受他们自己介质上的媒介 #-1：表示该媒介未知 net.ipv4.conf.all.promote_secondaries = 1 #主备IP地址切换控制机制（建议值1）0当接口的主IP地址被移除时，删除所有次IP地址；1当接口的主IP地址被移除时，将次IP地址提升为主IP地址 net.ipv4.conf.all.proxy_arp = 0 #是否启用arp代理功能 net.ipv4.conf.all.proxy_arp_pvlan = 0 #回应代理ARP的数据包从接收到此代理ARP请求的网络接口出去 net.ipv4.conf.all.route_localnet = 0 #是否允许外部访问localhost net.ipv4.conf.all.rp_filter = 1 #是否开启反向路径过滤 net.ipv4.conf.all.secure_redirects = 1 #是否支持安全重定向数据包 net.ipv4.conf.all.send_redirects = 1 #是否发送重定向数据包 net.ipv4.conf.all.shared_media = 1 #发送或接收RFC1620 共享媒体重定向 会覆盖ip_secure_redirects的值 net.ipv4.conf.all.src_valid_mark = 0 #是否为所有接口上源地址有效的数据包打标记 net.ipv4.conf.all.tag = 0 net.ipv4.conf.default.accept_local = 0 #默认是否允许接收从本机IP地址上发送给本机的数据包 net.ipv4.conf.default.accept_redirects = 1 #默认是否接收重写过的数据包（建议值1） net.ipv4.conf.default.accept_source_route = 0 #默认是否接收无源路由的数据包 net.ipv4.conf.default.arp_accept = 0 net.ipv4.conf.default.arp_announce = 0 net.ipv4.conf.default.arp_filter = 0 net.ipv4.conf.default.arp_ignore = 0 #LVS负载均衡需要修改此值为1 net.ipv4.conf.default.arp_notify = 0 net.ipv4.conf.default.bootp_relay = 0 net.ipv4.conf.default.disable_policy = 0 net.ipv4.conf.default.disable_xfrm = 0 net.ipv4.conf.default.force_igmp_version = 0 net.ipv4.conf.default.forwarding = 0 net.ipv4.conf.default.log_martians = 0 #默认是否开启并记录欺骗，源路由和重定向数据包（如果是路由器建议值为1） net.ipv4.conf.default.mc_forwarding = 0 net.ipv4.conf.default.medium_id = 0 net.ipv4.conf.default.promote_secondaries = 1 net.ipv4.conf.default.proxy_arp = 0 net.ipv4.conf.default.proxy_arp_pvlan = 0 net.ipv4.conf.default.route_localnet = 0 net.ipv4.conf.default.rp_filter = 1 #默认是否开启反向路径过滤 net.ipv4.conf.default.secure_redirects = 1 #默认是否支持安全重定向数据包 net.ipv4.conf.default.send_redirects = 1 #默认是否发送重定向数据包 net.ipv4.conf.default.shared_media = 1 net.ipv4.conf.default.src_valid_mark = 0 #默认是否为源地址有效的数据包打标记 net.ipv4.conf.default.tag = 0 net.ipv4.conf.eth0.accept_local = 0 net.ipv4.conf.eth0.accept_redirects = 1 net.ipv4.conf.eth0.accept_source_route = 0 net.ipv4.conf.eth0.arp_accept = 0 net.ipv4.conf.eth0.arp_announce = 0 net.ipv4.conf.eth0.arp_filter = 0 net.ipv4.conf.eth0.arp_ignore = 0 net.ipv4.conf.eth0.arp_notify = 0 net.ipv4.conf.eth0.bootp_relay = 0 net.ipv4.conf.eth0.disable_policy = 0 net.ipv4.conf.eth0.disable_xfrm = 0 net.ipv4.conf.eth0.force_igmp_version = 0 net.ipv4.conf.eth0.forwarding = 0 net.ipv4.conf.eth0.log_martians = 0 net.ipv4.conf.eth0.mc_forwarding = 0 net.ipv4.conf.eth0.medium_id = 0 net.ipv4.conf.eth0.promote_secondaries = 1 net.ipv4.conf.eth0.proxy_arp = 0 net.ipv4.conf.eth0.proxy_arp_pvlan = 0 net.ipv4.conf.eth0.route_localnet = 0 net.ipv4.conf.eth0.rp_filter = 1 net.ipv4.conf.eth0.secure_redirects = 1 net.ipv4.conf.eth0.send_redirects = 1 net.ipv4.conf.eth0.shared_media = 1 net.ipv4.conf.eth0.src_valid_mark = 0 net.ipv4.conf.eth0.tag = 0 net.ipv4.conf.lo.accept_local = 0 net.ipv4.conf.lo.accept_redirects = 1 net.ipv4.conf.lo.accept_source_route = 1 net.ipv4.conf.lo.arp_accept = 0 net.ipv4.conf.lo.arp_announce = 0 net.ipv4.conf.lo.arp_filter = 0 net.ipv4.conf.lo.arp_ignore = 0 net.ipv4.conf.lo.arp_notify = 0 net.ipv4.conf.lo.bootp_relay = 0 net.ipv4.conf.lo.disable_policy = 1 net.ipv4.conf.lo.disable_xfrm = 1 net.ipv4.conf.lo.force_igmp_version = 0 net.ipv4.conf.lo.forwarding = 0 net.ipv4.conf.lo.log_martians = 0 net.ipv4.conf.lo.mc_forwarding = 0 net.ipv4.conf.lo.medium_id = 0 net.ipv4.conf.lo.promote_secondaries = 0 net.ipv4.conf.lo.proxy_arp = 0 net.ipv4.conf.lo.proxy_arp_pvlan = 0 net.ipv4.conf.lo.route_localnet = 0 net.ipv4.conf.lo.rp_filter = 0 net.ipv4.conf.lo.secure_redirects = 1 net.ipv4.conf.lo.send_redirects = 1 net.ipv4.conf.lo.shared_media = 1 net.ipv4.conf.lo.src_valid_mark = 0 net.ipv4.conf.lo.tag = 0 net.ipv4.fwmark_reflect = 0 net.ipv4.icmp_echo_ignore_all = 0 net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.icmp_errors_use_inbound_ifaddr = 0 net.ipv4.icmp_ignore_bogus_error_responses = 1 net.ipv4.icmp_msgs_burst = 50 net.ipv4.icmp_msgs_per_sec = 1000 net.ipv4.icmp_ratelimit = 1000 net.ipv4.icmp_ratemask = 6168 net.ipv4.igmp_max_memberships = 20 net.ipv4.igmp_max_msf = 10 net.ipv4.igmp_qrv = 2 net.ipv4.inet_peer_maxttl = 600 net.ipv4.inet_peer_minttl = 120 net.ipv4.inet_peer_threshold = 65664 net.ipv4.ip_default_ttl = 64 #定义数据报的生存周期:最多经过多少路由器后数据将被丢弃 net.ipv4.ip_dynaddr = 0 net.ipv4.ip_early_demux = 1 net.ipv4.ip_forward = 0 #是否启用IP转发（如果做路由需要开启此项） net.ipv4.ip_forward_use_pmtu = 0 #是否支持巨型帧转发（使用LVS做负载均衡器时建议此值为1） net.ipv4.ip_local_port_range = 32768 60999 #服务器端可用端口范围（建议值 1024 65535） net.ipv4.ip_local_reserved_ports = #系统预留端口列表：可以防止并发时占用服务端口 net.ipv4.ip_no_pmtu_disc = 0 #是否关闭路径MTU探测功能 net.ipv4.ip_nonlocal_bind = 0 net.ipv4.ipfrag_high_thresh = 4194304 net.ipv4.ipfrag_low_thresh = 3145728 net.ipv4.ipfrag_max_dist = 64 net.ipv4.ipfrag_secret_interval = 600 net.ipv4.ipfrag_time = 30 net.ipv4.neigh.default.anycast_delay = 100 net.ipv4.neigh.default.app_solicit = 0 net.ipv4.neigh.default.base_reachable_time_ms = 30000 net.ipv4.neigh.default.delay_first_probe_time = 5 net.ipv4.neigh.default.gc_interval = 30 net.ipv4.neigh.default.gc_stale_time = 60 net.ipv4.neigh.default.gc_thresh1 = 128 net.ipv4.neigh.default.gc_thresh2 = 512 net.ipv4.neigh.default.gc_thresh3 = 1024 net.ipv4.neigh.default.locktime = 100 net.ipv4.neigh.default.mcast_solicit = 3 net.ipv4.neigh.default.proxy_delay = 80 net.ipv4.neigh.default.proxy_qlen = 64 net.ipv4.neigh.default.retrans_time_ms = 1000 net.ipv4.neigh.default.ucast_solicit = 3 net.ipv4.neigh.default.unres_qlen = 31 net.ipv4.neigh.default.unres_qlen_bytes = 65536 net.ipv4.neigh.eth0.anycast_delay = 100 net.ipv4.neigh.eth0.app_solicit = 0 net.ipv4.neigh.eth0.base_reachable_time_ms = 30000 net.ipv4.neigh.eth0.delay_first_probe_time = 5 net.ipv4.neigh.eth0.gc_stale_time = 60 net.ipv4.neigh.eth0.locktime = 100 net.ipv4.neigh.eth0.mcast_solicit = 3 net.ipv4.neigh.eth0.proxy_delay = 80 net.ipv4.neigh.eth0.proxy_qlen = 64 net.ipv4.neigh.eth0.retrans_time_ms = 1000 net.ipv4.neigh.eth0.ucast_solicit = 3 net.ipv4.neigh.eth0.unres_qlen = 31 net.ipv4.neigh.eth0.unres_qlen_bytes = 65536 net.ipv4.neigh.lo.anycast_delay = 100 net.ipv4.neigh.lo.app_solicit = 0 net.ipv4.neigh.lo.base_reachable_time_ms = 30000 net.ipv4.neigh.lo.delay_first_probe_time = 5 net.ipv4.neigh.lo.gc_stale_time = 60 net.ipv4.neigh.lo.locktime = 100 net.ipv4.neigh.lo.mcast_solicit = 3 net.ipv4.neigh.lo.proxy_delay = 80 net.ipv4.neigh.lo.proxy_qlen = 64 net.ipv4.neigh.lo.retrans_time_ms = 1000 net.ipv4.neigh.lo.ucast_solicit = 3 net.ipv4.neigh.lo.unres_qlen = 31 net.ipv4.neigh.lo.unres_qlen_bytes = 65536 net.ipv4.ping_group_range = 1 0 net.ipv4.route.error_burst = 5000 net.ipv4.route.error_cost = 1000 net.ipv4.route.gc_elasticity = 8 net.ipv4.route.gc_interval = 60 net.ipv4.route.gc_min_interval = 0 net.ipv4.route.gc_min_interval_ms = 500 net.ipv4.route.gc_thresh = -1 net.ipv4.route.gc_timeout = 300 net.ipv4.route.max_size = 2147483647 net.ipv4.route.min_adv_mss = 256 net.ipv4.route.min_pmtu = 552 net.ipv4.route.mtu_expires = 600 net.ipv4.route.redirect_load = 20 net.ipv4.route.redirect_number = 9 net.ipv4.route.redirect_silence = 20480 net.ipv4.tcp_abort_on_overflow = 0 net.ipv4.tcp_adv_win_scale = 1 net.ipv4.tcp_allowed_congestion_control = cubic reno #IPV4 TCP允许的拥塞控制算法 net.ipv4.tcp_app_win = 31 net.ipv4.tcp_autocorking = 1 net.ipv4.tcp_available_congestion_control = cubic reno #内核中可用的TCP拥塞控制算法 net.ipv4.tcp_base_mss = 512 net.ipv4.tcp_challenge_ack_limit = 1000 net.ipv4.tcp_congestion_control = cubic #当前正在使用的TCP拥塞控制算法 net.ipv4.tcp_dsack = 1 #是否允许TCP发送“两个完全相同”的SACK net.ipv4.tcp_early_retrans = 3 net.ipv4.tcp_ecn = 2 net.ipv4.tcp_fack = 1 #启用转发应答（Forward Acknowledgment 建议值1），可以进行有选择应答（SACK）从而减少拥塞情况的发生 net.ipv4.tcp_fastopen = 0 net.ipv4.tcp_fastopen_key = 00000000-00000000-00000000-00000000 net.ipv4.tcp_fin_timeout = 60 #server端主动发起断开连接后保持在FIN-WAIT-2状态的时间（建议30s） net.ipv4.tcp_frto = 2 net.ipv4.tcp_invalid_ratelimit = 500 #无效数据包发送速率时间限制（单位：毫秒） net.ipv4.tcp_keepalive_intvl = 75 #探测消息未获得响应时，重发该消息的间隔时间（单位：秒 建议值 30） net.ipv4.tcp_keepalive_probes = 9 #在认定TCP连接失效之前，最多发送多少个keepalive探测消息（建议值3） net.ipv4.tcp_keepalive_time = 7200 #TCP发送keepalive探测消息的间隔时间（秒），用于确认TCP连接是否有效（建议值1800） net.ipv4.tcp_limit_output_bytes = 262144 #单个套接字限制最大输出字节数（建议保持默认256KB） net.ipv4.tcp_low_latency = 0 #是否允许TCP/IP栈适应在高吞吐量情况下低延时的情况（此选项建议为0） net.ipv4.tcp_max_orphans = 8192 #允许保留的僵尸套接字的最大值（此值设置过大会给CC×××带来便利） net.ipv4.tcp_max_ssthresh = 0 net.ipv4.tcp_max_syn_backlog = 128 #SYN队列的长度,增大其值可以增大服务器接收并发的能力 （建议值1280） net.ipv4.tcp_max_tw_buckets = 8192 #针对TIME-WAIT数量配置其上限（此值配置太大很容易给CC×××提供便利） net.ipv4.tcp_mem = 45918 61225 91836 #TCP协议栈缓冲区的最小值、压力值、最大值;高于最大值,TCP拒绝分配socket net.ipv4.tcp_min_tso_segs = 2 net.ipv4.tcp_moderate_rcvbuf = 1 #是否开启TCP缓冲内存自动调整功能 net.ipv4.tcp_mtu_probing = 0 #是否开启tcp层路径mtu发现 net.ipv4.tcp_no_metrics_save = 0 #是否将LAST_ACK状态保存各种连接信息到路由缓存中：方便下次连接时快速恢复现场 net.ipv4.tcp_notsent_lowat = -1 net.ipv4.tcp_orphan_retries = 0 #僵尸套接字的重试次数 net.ipv4.tcp_reordering = 3 net.ipv4.tcp_retrans_collapse = 1 net.ipv4.tcp_retries1 = 3 #放弃回应一个TCP连接请求前进行重试的次数 net.ipv4.tcp_retries2 = 15 #放弃一个已经建立的TCP连接前进行重试的次数 net.ipv4.tcp_rfc1337 = 0 net.ipv4.tcp_rmem = 4096 87380 6291456 #TCP套接字接收缓冲区的最小值、压力值、最大值;高于最大值,TCP拒绝分配socket net.ipv4.tcp_sack = 1 #是否启用有选择的应答（Selective Acknowledgment 建议值1），使TCP只重新发送交互过程中丢失的包，不用发送后续所有的包，而且提供相应机制使接收方能告诉发送方哪些数据丢失，哪些数据重发了，哪些数据已经提前收到了。如此大大提高了客户端与服务器端数据交互的效率 net.ipv4.tcp_slow_start_after_idle = 1 #拥塞窗口在经过一段时间空闲后是否需要重新初始化（建议值1） net.ipv4.tcp_stdurg = 0 net.ipv4.tcp_syn_retries = 6 #server主动连接client时发送syn的重试次数（没有特殊需求，建议保持此值） net.ipv4.tcp_synack_retries = 5 #server应答client的synack的重试次数 net.ipv4.tcp_syncookies = 1 #是否打开SYN Cookie功能（启用此功能可以防止部分SYN×××） net.ipv4.tcp_thin_dupack = 0 net.ipv4.tcp_thin_linear_timeouts = 0 net.ipv4.tcp_timestamps = 1 #是否启用TCP时间戳（会在TCP包头增加12个字节），增加了报文大小，但实现了更好的TCP性能 net.ipv4.tcp_tso_win_divisor = 3 net.ipv4.tcp_tw_recycle = 0 #是否快速回收TIME-WAIT套接字，不建议快速回收，但可以reuse,否则NAT环境会有问题 net.ipv4.tcp_tw_reuse = 0 #是否将处于TIME-WAIT状态的socket（TIME-WAIT的端口）重新用于TCP连接 net.ipv4.tcp_window_scaling = 1 #要支持超过64KB的TCP窗口，必须启用该值,TCP连接双方都启用时才生效 net.ipv4.tcp_wmem = 4096 16384 4194304 #TCP套接字发送缓冲区的最小值、压力值、最大值;高于最大值,TCP拒绝分配socket net.ipv4.tcp_workaround_signed_windows = 0 net.ipv4.udp_mem = 47073 62766 94146 net.ipv4.udp_rmem_min = 4096 net.ipv4.udp_wmem_min = 4096 net.ipv4.xfrm4_gc_thresh = 32768 net.ipv6.anycast_src_echo_reply = 0 net.ipv6.bindv6only = 0 net.ipv6.conf.all.accept_dad = 0 net.ipv6.conf.all.accept_ra = 1 net.ipv6.conf.all.accept_ra_defrtr = 1 net.ipv6.conf.all.accept_ra_pinfo = 1 net.ipv6.conf.all.accept_ra_rt_info_max_plen = 0 net.ipv6.conf.all.accept_ra_rtr_pref = 1 net.ipv6.conf.all.accept_redirects = 1 net.ipv6.conf.all.accept_source_route = 0 net.ipv6.conf.all.autoconf = 1 net.ipv6.conf.all.dad_transmits = 1 net.ipv6.conf.all.disable_ipv6 = 0 #是否在所有的网络接口上禁用IPv6（XenServer虚机禁用无效） net.ipv6.conf.all.force_mld_version = 0 net.ipv6.conf.all.force_tllao = 0 net.ipv6.conf.all.forwarding = 0 net.ipv6.conf.all.hop_limit = 64 net.ipv6.conf.all.max_addresses = 16 net.ipv6.conf.all.max_desync_factor = 600 net.ipv6.conf.all.mc_forwarding = 0 net.ipv6.conf.all.mldv1_unsolicited_report_interval = 10000 net.ipv6.conf.all.mldv2_unsolicited_report_interval = 1000 net.ipv6.conf.all.mtu = 1280 net.ipv6.conf.all.ndisc_notify = 0 net.ipv6.conf.all.optimistic_dad = 0 net.ipv6.conf.all.proxy_ndp = 0 net.ipv6.conf.all.regen_max_retry = 3 net.ipv6.conf.all.router_probe_interval = 60 net.ipv6.conf.all.router_solicitation_delay = 1 net.ipv6.conf.all.router_solicitation_interval = 4 net.ipv6.conf.all.router_solicitations = 3 net.ipv6.conf.all.temp_prefered_lft = 86400 net.ipv6.conf.all.temp_valid_lft = 604800 net.ipv6.conf.all.use_optimistic = 0 net.ipv6.conf.all.use_tempaddr = 0 net.ipv6.conf.default.accept_dad = 1 net.ipv6.conf.default.accept_ra = 1 net.ipv6.conf.default.accept_ra_defrtr = 1 net.ipv6.conf.default.accept_ra_pinfo = 1 net.ipv6.conf.default.accept_ra_rt_info_max_plen = 0 net.ipv6.conf.default.accept_ra_rtr_pref = 1 net.ipv6.conf.default.accept_redirects = 1 net.ipv6.conf.default.accept_source_route = 0 net.ipv6.conf.default.autoconf = 1 net.ipv6.conf.default.dad_transmits = 1 net.ipv6.conf.default.disable_ipv6 = 0 #默认是否禁用IPv6（用不到IPv6时建议禁用-设定此值为1 （XenServer虚机禁用无效）） net.ipv6.conf.default.force_mld_version = 0 net.ipv6.conf.default.force_tllao = 0 net.ipv6.conf.default.forwarding = 0 net.ipv6.conf.default.hop_limit = 64 net.ipv6.conf.default.max_addresses = 16 net.ipv6.conf.default.max_desync_factor = 600 net.ipv6.conf.default.mc_forwarding = 0 net.ipv6.conf.default.mldv1_unsolicited_report_interval = 10000 net.ipv6.conf.default.mldv2_unsolicited_report_interval = 1000 net.ipv6.conf.default.mtu = 1280 net.ipv6.conf.default.ndisc_notify = 0 net.ipv6.conf.default.optimistic_dad = 0 net.ipv6.conf.default.proxy_ndp = 0 net.ipv6.conf.default.regen_max_retry = 3 net.ipv6.conf.default.router_probe_interval = 60 net.ipv6.conf.default.router_solicitation_delay = 1 net.ipv6.conf.default.router_solicitation_interval = 4 net.ipv6.conf.default.router_solicitations = 3 net.ipv6.conf.default.temp_prefered_lft = 86400 net.ipv6.conf.default.temp_valid_lft = 604800 net.ipv6.conf.default.use_optimistic = 0 net.ipv6.conf.default.use_tempaddr = 0 net.ipv6.conf.eth0.accept_dad = 1 net.ipv6.conf.eth0.accept_ra = 1 net.ipv6.conf.eth0.accept_ra_defrtr = 1 net.ipv6.conf.eth0.accept_ra_pinfo = 1 net.ipv6.conf.eth0.accept_ra_rt_info_max_plen = 0 net.ipv6.conf.eth0.accept_ra_rtr_pref = 1 net.ipv6.conf.eth0.accept_redirects = 1 net.ipv6.conf.eth0.accept_source_route = 0 net.ipv6.conf.eth0.autoconf = 1 net.ipv6.conf.eth0.dad_transmits = 1 net.ipv6.conf.eth0.disable_ipv6 = 0 net.ipv6.conf.eth0.force_mld_version = 0 net.ipv6.conf.eth0.force_tllao = 0 net.ipv6.conf.eth0.forwarding = 0 net.ipv6.conf.eth0.hop_limit = 64 net.ipv6.conf.eth0.max_addresses = 16 net.ipv6.conf.eth0.max_desync_factor = 600 net.ipv6.conf.eth0.mc_forwarding = 0 net.ipv6.conf.eth0.mldv1_unsolicited_report_interval = 10000 net.ipv6.conf.eth0.mldv2_unsolicited_report_interval = 1000 net.ipv6.conf.eth0.mtu = 1500 net.ipv6.conf.eth0.ndisc_notify = 0 net.ipv6.conf.eth0.optimistic_dad = 0 net.ipv6.conf.eth0.proxy_ndp = 0 net.ipv6.conf.eth0.regen_max_retry = 3 net.ipv6.conf.eth0.router_probe_interval = 60 net.ipv6.conf.eth0.router_solicitation_delay = 1 net.ipv6.conf.eth0.router_solicitation_interval = 4 net.ipv6.conf.eth0.router_solicitations = 3 net.ipv6.conf.eth0.temp_prefered_lft = 86400 net.ipv6.conf.eth0.temp_valid_lft = 604800 net.ipv6.conf.eth0.use_optimistic = 0 net.ipv6.conf.eth0.use_tempaddr = 0 net.ipv6.conf.lo.accept_dad = -1 net.ipv6.conf.lo.accept_ra = 1 net.ipv6.conf.lo.accept_ra_defrtr = 1 net.ipv6.conf.lo.accept_ra_pinfo = 1 net.ipv6.conf.lo.accept_ra_rt_info_max_plen = 0 net.ipv6.conf.lo.accept_ra_rtr_pref = 1 net.ipv6.conf.lo.accept_redirects = 1 net.ipv6.conf.lo.accept_source_route = 0 net.ipv6.conf.lo.autoconf = 1 net.ipv6.conf.lo.dad_transmits = 1 net.ipv6.conf.lo.disable_ipv6 = 0 #是否在lo接口上禁用IPv6 （XenServer虚机禁用无效） net.ipv6.conf.lo.force_mld_version = 0 net.ipv6.conf.lo.force_tllao = 0 net.ipv6.conf.lo.forwarding = 0 net.ipv6.conf.lo.hop_limit = 64 net.ipv6.conf.lo.max_addresses = 16 net.ipv6.conf.lo.max_desync_factor = 600 net.ipv6.conf.lo.mc_forwarding = 0 net.ipv6.conf.lo.mldv1_unsolicited_report_interval = 10000 net.ipv6.conf.lo.mldv2_unsolicited_report_interval = 1000 net.ipv6.conf.lo.mtu = 65536 net.ipv6.conf.lo.ndisc_notify = 0 net.ipv6.conf.lo.optimistic_dad = 0 net.ipv6.conf.lo.proxy_ndp = 0 net.ipv6.conf.lo.regen_max_retry = 3 net.ipv6.conf.lo.router_probe_interval = 60 net.ipv6.conf.lo.router_solicitation_delay = 1 net.ipv6.conf.lo.router_solicitation_interval = 4 net.ipv6.conf.lo.router_solicitations = 3 net.ipv6.conf.lo.temp_prefered_lft = 86400 net.ipv6.conf.lo.temp_valid_lft = 604800 net.ipv6.conf.lo.use_optimistic = 0 net.ipv6.conf.lo.use_tempaddr = -1 net.ipv6.fwmark_reflect = 0 net.ipv6.icmp.ratelimit = 1000 net.ipv6.idgen_delay = 1 net.ipv6.idgen_retries = 3 net.ipv6.ip6frag_high_thresh = 4194304 net.ipv6.ip6frag_low_thresh = 3145728 net.ipv6.ip6frag_secret_interval = 600 net.ipv6.ip6frag_time = 60 net.ipv6.ip_nonlocal_bind = 0 net.ipv6.mld_max_msf = 64 net.ipv6.mld_qrv = 2 net.ipv6.neigh.default.anycast_delay = 100 net.ipv6.neigh.default.app_solicit = 0 net.ipv6.neigh.default.base_reachable_time_ms = 30000 net.ipv6.neigh.default.delay_first_probe_time = 5 net.ipv6.neigh.default.gc_interval = 30 net.ipv6.neigh.default.gc_stale_time = 60 net.ipv6.neigh.default.gc_thresh1 = 128 net.ipv6.neigh.default.gc_thresh2 = 512 net.ipv6.neigh.default.gc_thresh3 = 1024 net.ipv6.neigh.default.locktime = 0 net.ipv6.neigh.default.mcast_solicit = 3 net.ipv6.neigh.default.proxy_delay = 80 net.ipv6.neigh.default.proxy_qlen = 64 net.ipv6.neigh.default.retrans_time_ms = 1000 net.ipv6.neigh.default.ucast_solicit = 3 net.ipv6.neigh.default.unres_qlen = 31 net.ipv6.neigh.default.unres_qlen_bytes = 65536 net.ipv6.neigh.eth0.anycast_delay = 100 net.ipv6.neigh.eth0.app_solicit = 0 net.ipv6.neigh.eth0.base_reachable_time_ms = 30000 net.ipv6.neigh.eth0.delay_first_probe_time = 5 net.ipv6.neigh.eth0.gc_stale_time = 60 net.ipv6.neigh.eth0.locktime = 0 net.ipv6.neigh.eth0.mcast_solicit = 3 net.ipv6.neigh.eth0.proxy_delay = 80 net.ipv6.neigh.eth0.proxy_qlen = 64 net.ipv6.neigh.eth0.retrans_time_ms = 1000 net.ipv6.neigh.eth0.ucast_solicit = 3 net.ipv6.neigh.eth0.unres_qlen = 31 net.ipv6.neigh.eth0.unres_qlen_bytes = 65536 net.ipv6.neigh.lo.anycast_delay = 100 net.ipv6.neigh.lo.app_solicit = 0 net.ipv6.neigh.lo.base_reachable_time_ms = 30000 net.ipv6.neigh.lo.delay_first_probe_time = 5 net.ipv6.neigh.lo.gc_stale_time = 60 net.ipv6.neigh.lo.locktime = 0 net.ipv6.neigh.lo.mcast_solicit = 3 net.ipv6.neigh.lo.proxy_delay = 80 net.ipv6.neigh.lo.proxy_qlen = 64 net.ipv6.neigh.lo.retrans_time_ms = 1000 net.ipv6.neigh.lo.ucast_solicit = 3 net.ipv6.neigh.lo.unres_qlen = 31 net.ipv6.neigh.lo.unres_qlen_bytes = 65536 net.ipv6.route.gc_elasticity = 9 net.ipv6.route.gc_interval = 30 net.ipv6.route.gc_min_interval = 0 net.ipv6.route.gc_min_interval_ms = 500 net.ipv6.route.gc_thresh = 1024 net.ipv6.route.gc_timeout = 60 net.ipv6.route.max_size = 16384 net.ipv6.route.min_adv_mss = 1220 net.ipv6.route.mtu_expires = 600 net.ipv6.xfrm6_gc_thresh = 32768 net.netfilter.nf_conntrack_acct = 0 net.netfilter.nf_conntrack_buckets = 16384 net.netfilter.nf_conntrack_checksum = 1 net.netfilter.nf_conntrack_count = 1 net.netfilter.nf_conntrack_dccp_loose = 1 net.netfilter.nf_conntrack_dccp_timeout_closereq = 64 net.netfilter.nf_conntrack_dccp_timeout_closing = 64 net.netfilter.nf_conntrack_dccp_timeout_open = 43200 net.netfilter.nf_conntrack_dccp_timeout_partopen = 480 net.netfilter.nf_conntrack_dccp_timeout_request = 240 net.netfilter.nf_conntrack_dccp_timeout_respond = 480 net.netfilter.nf_conntrack_dccp_timeout_timewait = 240 net.netfilter.nf_conntrack_events = 1 net.netfilter.nf_conntrack_events_retry_timeout = 15 net.netfilter.nf_conntrack_expect_max = 256 net.netfilter.nf_conntrack_frag6_high_thresh = 4194304 net.netfilter.nf_conntrack_frag6_low_thresh = 3145728 net.netfilter.nf_conntrack_frag6_timeout = 60 net.netfilter.nf_conntrack_generic_timeout = 600 net.netfilter.nf_conntrack_helper = 1 net.netfilter.nf_conntrack_icmp_timeout = 30 net.netfilter.nf_conntrack_icmpv6_timeout = 30 net.netfilter.nf_conntrack_log_invalid = 0 net.netfilter.nf_conntrack_max = 65536 net.netfilter.nf_conntrack_sctp_timeout_closed = 10 net.netfilter.nf_conntrack_sctp_timeout_cookie_echoed = 3 net.netfilter.nf_conntrack_sctp_timeout_cookie_wait = 3 net.netfilter.nf_conntrack_sctp_timeout_established = 432000 net.netfilter.nf_conntrack_sctp_timeout_heartbeat_acked = 210 net.netfilter.nf_conntrack_sctp_timeout_heartbeat_sent = 30 net.netfilter.nf_conntrack_sctp_timeout_shutdown_ack_sent = 3 net.netfilter.nf_conntrack_sctp_timeout_shutdown_recd = 0 net.netfilter.nf_conntrack_sctp_timeout_shutdown_sent = 0 net.netfilter.nf_conntrack_tcp_be_liberal = 0 net.netfilter.nf_conntrack_tcp_loose = 1 net.netfilter.nf_conntrack_tcp_max_retrans = 3 net.netfilter.nf_conntrack_tcp_timeout_close = 10 net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60 net.netfilter.nf_conntrack_tcp_timeout_established = 432000 net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120 net.netfilter.nf_conntrack_tcp_timeout_last_ack = 30 net.netfilter.nf_conntrack_tcp_timeout_max_retrans = 300 net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 60 net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 120 net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120 net.netfilter.nf_conntrack_tcp_timeout_unacknowledged = 300 net.netfilter.nf_conntrack_timestamp = 0 net.netfilter.nf_conntrack_udp_timeout = 30 net.netfilter.nf_conntrack_udp_timeout_stream = 180 net.netfilter.nf_log.0 = NONE net.netfilter.nf_log.1 = NONE net.netfilter.nf_log.10 = NONE net.netfilter.nf_log.11 = NONE net.netfilter.nf_log.12 = NONE net.netfilter.nf_log.2 = NONE net.netfilter.nf_log.3 = NONE net.netfilter.nf_log.4 = NONE net.netfilter.nf_log.5 = NONE net.netfilter.nf_log.6 = NONE net.netfilter.nf_log.7 = NONE net.netfilter.nf_log.8 = NONE net.netfilter.nf_log.9 = NONE net.netfilter.nf_log_all_netns = 0 net.nf_conntrack_max = 65536 net.unix.max_dgram_qlen = 512 user.max_ipc_namespaces = 7845 user.max_mnt_namespaces = 7845 user.max_net_namespaces = 7845 user.max_pid_namespaces = 7845 user.max_user_namespaces = 0 user.max_uts_namespaces = 7845 vm.admin_reserve_kbytes = 8192 #始终会预留给管理员的内存 vm.block_dump = 0 vm.dirty_background_bytes = 0 vm.dirty_background_ratio = 10 #当系统脏页的比例或者所占内存数量超过 dirty_background_ratio(百分数)阈值时，启动相关内核线程(pdflush/flush/kdmflush)开始将脏页写入磁盘 vm.dirty_bytes = 0 vm.dirty_expire_centisecs = 3000 #声明Linux内核写缓冲区里面的数据多"旧"了之后，pdflush/flush/kdmflush进程就开始考虑写到磁盘中去 vm.dirty_ratio = 30 #当系统pagecache的脏页达到系统内存 dirty_ratio(百分数)阈值时，系统就会阻塞新的写请求,直到脏页被回写到磁盘 vm.dirty_writeback_centisecs = 500 #内核线程(pdflush/flush/kdmflush)多久唤醒一次来检查是否需要将cache中的数据写入磁盘，单位1/100秒 vm.drop_caches = 0 #释放cache，该参数每修改一次，触发一次释放操作（手动释放caches时就需要改变此值） vm.extfrag_threshold = 500 vm.hugepages_treat_as_movable = 0 vm.hugetlb_shm_group = 0 vm.laptop_mode = 0 vm.legacy_va_layout = 0 vm.lowmem_reserve_ratio = 256 256 32 vm.max_map_count = 65530 vm.memory_failure_early_kill = 0 vm.memory_failure_recovery = 1 vm.min_free_kbytes = 45056 #系统内核保留内存的最低值 vm.min_slab_ratio = 5 vm.min_unmapped_ratio = 1 vm.mmap_min_addr = 4096 vm.mmap_rnd_bits = 28 vm.mmap_rnd_compat_bits = 8 vm.nr_hugepages = 0 #控制内存是否可以使用大页面 vm.nr_hugepages_mempolicy = 0 vm.nr_overcommit_hugepages = 0 vm.nr_pdflush_threads = 0 vm.numa_zonelist_order = default vm.oom_dump_tasks = 1 #OOM信息打印（建议值1 能够在发生OOM后查看当时情景） vm.oom_kill_allocating_task = 0 #控制是否杀死触发OOM的进程（建议值0 OOM发生时内核自动kill内存占用最多的进程） vm.overcommit_kbytes = 0 vm.overcommit_memory = 0 #控制是否允许超额申请内存 vm.overcommit_ratio = 50 #允许超额申请物理内容+此百分比的swap内存（只有当vm.overcommit_memory=2时此值才会生效） vm.page-cluster = 3 #控制内核一次从SWAP中连续读取2的多少次幂内存页 vm.panic_on_oom = 0 #控制内核在OOM时是否panic（恐慌） vm.percpu_pagelist_fraction = 0 vm.stat_interval = 1 #VM统计信息更新的时间间隔，默认值1s vm.swappiness = 30 #控制物理内存剩余%多少时使用SWAP（建议值0，但0并非禁用SWAP，只是充分利用物理内存） vm.user_reserve_kbytes = 60940 #始终会预留给用户空间的内存 vm.vfs_cache_pressure = 100 vm.zone_reclaim_mode = 0       顺便附上以功能模块归类后的参数调优列表       RAID性能参数调优   dev.raid.speed_limit_min = 1000 #RAID最小读取速率 dev.raid.speed_limit_max = 200000 #RAID最大读取速率，如果RAID性能较高，可以修改此上限来提升IO性能 dev.scsi.logging_level = 0 #是否开启scsi磁盘的日志功能，一般情况不建议开启     网络协议栈调整：单位是字节   net.core.optmem_max = 20480 #每个套接字所允许的最大缓冲区的大小 net.core.rmem_default = 212992 #网络协议栈默认接收内存 net.core.rmem_max = 212992 #网络协议栈最大接收内存 net.core.wmem_default = 212992 #网络协议栈默认发送内存 net.core.wmem_max = 212992 #网络协议栈最大发送内存 net.ipv4.tcp_moderate_rcvbuf = 1 #是否开启TCP缓冲内存自动调整功能 net.ipv4.tcp_mem = 45918 61225 91836 #TCP协议栈缓冲区的最小值、压力值、最大值;高于最大值,TCP拒绝分配socket net.ipv4.tcp_rmem = 4096 87380 6291456 #TCP套接字接收缓冲区的最小值、压力值、最大值;高于最大值,TCP拒绝分配socket net.ipv4.tcp_wmem = 4096 16384 4194304 #TCP套接字发送缓冲区的最小值、压力值、最大值;高于最大值,TCP拒绝分配socket     TCP并发性能优化   net.core.somaxconn = 1280 #定义了系统中每一个端口最大的监听队列长度，这是个全局的参数 net.ipv4.tcp_max_syn_backlog = 1280 #SYN队列的长度,增大其值可以增大服务器接收并发的能力 net.ipv4.tcp_max_tw_buckets = 8192 #针对TIME-WAIT数量配置其上限 net.ipv4.tcp_syn_retries = 6 #server主动连接client时发送syn的重试次数 net.ipv4.tcp_synack_retries = 5 #server应答client的synack的重试次数 net.ipv4.tcp_fin_timeout = 30 #server端主动发起断开连接后保持在FIN-WAIT-2状态的时间 net.ipv4.tcp_max_orphans = 8192 #允许保留的僵尸套接字的最大值 net.core.netdev_max_backlog = 2000 #网卡设备将请求放入队列的长度 net.core.netdev_tstamp_prequeue = 1 #网络设备预置队列序号   net.ipv4.tcp_tw_recycle = 0 #是否需要快速回收TIME-WAIT套接字，不建议快速回收，但可以reuse,否则NAT环境会有问题 net.ipv4.tcp_tw_reuse = 1 #是否允许将处于TIME-WAIT状态的socket（TIME-WAIT的端口）用于新的TCP连接 net.ipv4.tcp_window_scaling = 1 #要支持超过64KB的TCP窗口，必须启用该值,TCP连接双方都启用时才生效 net.ipv4.tcp_syncookies = 1 #是否打开SYN Cookie功能，该功能可以防止部分SYN××× net.ipv4.tcp_timestamps = 1 #是否启用TCP时间戳（会在TCP包头增加12个字节），增加了报文大小，但实现了更好的TCP性能     对于用不上IPV6的建议直接禁用   net.ipv6.conf.default.disable_ipv6 = 1 #默认是否在lo接口上禁用IPv6 （XenServer虚机禁用无效） net.ipv6.conf.all.disable_ipv6 = 1 #是否在所有接口上禁用IPv6 （XenServer虚机禁用无效） net.ipv6.conf.lo.disable_ipv6 = 1 #是否在lo接口上禁用IPv6 （XenServer虚机禁用无效）     系统端口设定   net.ipv4.ip_local_port_range = 10000 65535 #服务器端可用端口范围（建议值 1024 65535） net.ipv4.ip_local_reserved_ports = #系统预留端口列表：可以防止并发时占用服务端口     TCP丢包重传机制控制，TCP拥塞控制算法对TCP传输速率的影响比较大   net.ipv4.tcp_available_congestion_control = cubic reno #内核中可用的TCP拥塞控制算法 net.ipv4.tcp_congestion_control = cubic #当前正在使用的TCP拥塞控制算法 net.ipv4.tcp_allowed_congestion_control = cubic reno #IPV4 TCP允许的拥塞控制算法     TCP keepalive时长控制   net.ipv4.tcp_keepalive_intvl = 30 #探测消息未获得响应时，重发该消息的间隔时间（秒） net.ipv4.tcp_keepalive_probes = 3 #在认定TCP连接失效之前，最多发送多少个keepalive探测消息 net.ipv4.tcp_keepalive_time = 1800 #TCP发送keepalive探测消息的间隔时间（秒），用于确认TCP连接是否有效       memory   vm.overcommit_memory = 0 #控制是否允许超额申请内存 vm.overcommit_ratio = 50 #只有当vm.overcommit_memory=2时此值才会生效   vm.page-cluster = 3 #控制内核一次从SWAP中连续读取2的多少次幂内存页   vm.panic_on_oom = 0 #控制内核在OOM时是否panic（恐慌） vm.stat_interval = 1 #VM统计信息更新的时间间隔，默认值1s   vm.swappiness = 0 #控制物理内存剩余%多少时使用SWAP（建议值0，但0并非禁用SWAP，只是充分利用物理内存） vm.min_free_kbytes = 45056 #系统内核保留内存的最低值 vm.user_reserve_kbytes = 60942 #始终会预留给用户空间的内存，此处预留60M vm.admin_reserve_kbytes = 8192 #始终会预留给管理员的内存，此处预留8M     OOM控制   vm.oom_dump_tasks = 1 #OOM信息打印 vm.oom_kill_allocating_task = 0 #控制是否杀死触发OOM的进程（建议值0 OOM发生时内核自动kill内存占用最多的进程）       安全防护模块   net.ipv4.conf.default.log_martians = 0 #默认是否开启并记录欺骗，源路由和重定向数据包（如果是路由器建议值为1） net.ipv4.conf.all.log_martians = 0 #是否开启并记录欺骗，源路由和重定向数据包:记录带有不允许的地址的数据报到内核日志中（如果是路由器建议值为1） net.ipv4.conf.default.accept_redirects = 1 #默认是否接收重写过的数据包 net.ipv4.conf.all.accept_redirects = 1 #是否接收重写过的数据包:用作路由器时默认值为0 net.ipv4.conf.default.accept_source_route = 0 #默认是否接收无源路由的数据包 net.ipv4.conf.all.accept_source_route = 0 #是否接收无源路由的数据包 net.ipv4.conf.default.secure_redirects = 1 #默认是否支持安全重定向数据包 net.ipv4.conf.all.secure_redirects = 1 #是否支持安全重定向数据包 net.ipv4.conf.default.rp_filter = 1 #默认是否开启反向路径过滤 net.ipv4.conf.all.rp_filter = 1 #是否开启反向路径过滤   net.ipv4.tcp_invalid_ratelimit = 500 #无效数据包发送速率时间限制（单位：毫秒） net.ipv4.tcp_limit_output_bytes = 262144 #单个套接字限制最大输出字节数       保障TCP通信质量   net.ipv4.tcp_sack = 1 #是否启用有选择的应答（Selective Acknowledgment），使TCP只重新发送交互过程中丢失的包，不用发送后续所有的包，而且提供相应机制使接收方能告诉发送方哪些数据丢失，哪些数据重发了，哪些数据已经提前收到了。如此大大提高了客户端与服务器端数据交互的效率 net.ipv4.tcp_fack = 1 #启用转发应答（Forward Acknowledgment 建议值1），可以进行有选择应答（SACK）从而减少拥塞情况的发生   net.ipv4.tcp_slow_start_after_idle = 1 #拥塞窗口在经过一段时间空闲后是否需要重新初始化 net.ipv4.tcp_stdurg = 0 net.ipv4.tcp_retries1 = 3 #放弃回应一个TCP连接请求前进行重试的次数 net.ipv4.tcp_retries2 = 15 #放弃一个已经建立的TCP连接前进行重试的次数 net.ipv4.tcp_rfc1337 = 0 net.ipv4.tcp_mtu_probing = 0 #是否开启tcp层路径mtu发现 net.ipv4.tcp_no_metrics_save = 0 #是否将LAST_ACK状态保存各种连接信息到路由缓存中：方便下次连接时快速恢复现场       IO密集性服务器优化参数   vm.dirty_expire_centisecs = 3000 #声明Linux内核写缓冲区里面的数据多"旧"了之后，pdflush/flush/kdmflush进程就开始考虑写到磁盘中去 vm.dirty_background_ratio = 10 #当系统脏页的比例或者所占内存数量超过 dirty_background_ratio(百分数)阈值时，启动相关内核线程(pdflush/flush/kdmflush)开始将脏页写入磁盘 vm.dirty_ratio = 30 #当系统pagecache的脏页达到系统内存 dirty_ratio(百分数)阈值时，系统就会阻塞新的写请求,直到脏页被回写到磁盘   vm.drop_caches = 0 #释放cache，该参数每修改一次，触发一次释放操作 vm.dirty_writeback_centisecs = 500 #内核线程(pdflush/flush/kdmflush)多久唤醒一次来检查是否需要将cache中的数据写入磁盘，单位1/100秒       LVS负载均衡需要修改选项arp_ignore=1，arp_announce=2,两项的默认开关不用修改，需要修改all和lo   net.ipv4.conf.default.arp_ignore = 0 net.ipv4.conf.all.arp_ignore = 0 #定义对目标地址为本地IP的ARP询问不同的应答模式 #0：回应任何网络接口上对任何本地IP地址的arp查询请求 #1：只回答目标IP地址是来访网络接口本地地址的ARP查询请求 #2：只回答目标IP地址是来访网络接口本地地址的ARP查询请求,且来访IP必须在该网络接口的子网段内 #3：不回应该网络界面的arp请求，而只对设置的唯一和连接地址做出回应 #8：不回应所有（本地地址）的arp查询 net.ipv4.conf.lo.arp_ignore = 0 net.ipv4.conf.default.arp_announce = 0 net.ipv4.conf.all.arp_announce = 0 #对网络接口上，本地IP地址的发出的，ARP回应，作出相应级别的限制: 确定不同程度的限制,宣布对来自本地源IP地址发出Arp请求的接口 #0： 在任意网络接口（eth0,eth1，lo）上的任何本地地址 #1：尽量避免不在该网络接口子网段的本地地址做出arp回应. 当发起ARP请求的源IP地址是被设置应该经由路由达到此网络接口的时候很有用.此时会检查来访IP是否为所有接口上的子网段内ip之一.如果改来访IP不属于各个网络接口上的子网段内,那么将采用级别2的方式来进行处理. #2：对查询目标使用最适当的本地地址.在此模式下将忽略这个IP数据包的源地址并尝试选择与能与该地址通信的本地地址.首要是选择所有的网络接口的子网中外出访问子网中包含该目标IP地址的本地地址. 如果没有合适的地址被发现,将选择当前的发送网络接口或其他的有可能接受到该ARP回应的网络接口来进行发送. net.ipv4.conf.lo.arp_announce = 0 net.ipv4.ip_no_pmtu_disc = 0 #是否关闭路径MTU探测功能 net.ipv4.ip_forward_use_pmtu = 0 #是否支持巨型帧转发（使用LVS做负载均衡器时建议此值为1）   net.ipv4.conf.default.arp_accept = 0 net.ipv4.conf.all.arp_accept = 0 #默认对不在ARP表中的IP地址发出的APR包的处理方式:0不在ARP表中创建对应IP地址的表项;1在ARP表中创建对应IP地址的表项   net.ipv4.conf.default.arp_filter = 0 net.ipv4.conf.all.arp_filter = 0 # 0：内核设置每个网络接口各自应答其地址上的arp询问。这项看似会错误的设置却经常能非常有效，因为它增加了成功通讯的机会。在Linux主机上，每个IP地址是网络接口独立的，而非一个复合的接口。只有在一些特殊的设置的时候，比如负载均衡的时候会带来麻烦 #1：允许多个网络介质位于同一子网段内，每个网络界面依据是否内核指派路由该数据包经过此接口来确认是否回答ARP查询(这个实现是由来源地址确定路由的时候决定的),换句话说，允许控制使用某一块网卡（通常是第一块）回应arp询问   net.ipv4.conf.default.arp_notify = 0 net.ipv4.conf.all.arp_notify = 0 #是否开启arp通知链操作：0不做任何操作，1当设备或硬件地址改变时自动产生一个arp请求 net.ipv4.conf.default.bootp_relay = 0 net.ipv4.conf.all.bootp_relay = 0 #是否接收源地址为0.a.b.c，目的地址不是本机的数据包，是为了支持bootp服务 net.ipv4.conf.default.disable_policy = 0 net.ipv4.conf.all.disable_policy = 0 #是否禁止internet协议安全性验证 net.ipv4.conf.default.disable_xfrm = 0 net.ipv4.conf.all.disable_xfrm = 0 #是否禁止internet协议安全性加密   net.ipv4.conf.default.force_igmp_version = 0 net.ipv4.conf.all.force_igmp_version = 0     路由器选项控制   net.ipv4.conf.default.forwarding = 0 net.ipv4.ip_forward = 0 #是否启用IP转发 net.ipv4.conf.all.forwarding = 0 #是否启用转发功能 net.ipv4.conf.default.mc_forwarding = 0 net.ipv4.conf.all.mc_forwarding = 0 #是否进行多播路由（只有内核编译有CONFIG_MROUTE并且有路由服务程序在运行该参数才有效） net.ipv4.conf.default.medium_id = 0 net.ipv4.conf.all.medium_id = 0 #用来区分不同媒介.两个网络设备可以使用不同的值,使他们只有其中之一接收到广播包.通常,这个参数被用来配合proxy_arp实现roxy_arp的特性即是允许arp报文在两个不同的网络介质中转发. #0：表示各个网络介质接受他们自己介质上的媒介 #-1：表示该媒介未知 net.ipv4.conf.default.promote_secondaries = 1 net.ipv4.conf.all.promote_secondaries = 1 #主备IP地址切换控制机制：0当接口的主IP地址被移除时，删除所有次IP地址；1当接口的主IP地址被移除时，将次IP地址提升为主IP地址 net.ipv4.conf.default.proxy_arp = 0 net.ipv4.conf.all.proxy_arp = 0 #是否启用arp代理功能 net.ipv4.conf.default.proxy_arp_pvlan = 0 net.ipv4.conf.all.proxy_arp_pvlan = 0 #回应代理ARP的数据包从接收到此代理ARP请求的网络接口出去 net.ipv4.conf.default.route_localnet = 0 net.ipv4.conf.all.route_localnet = 0 #是否允许外部访问localhost net.ipv4.conf.default.shared_media = 1 net.ipv4.conf.all.shared_media = 1 #发送或接收RFC1620 共享媒体重定向 会覆盖ip_secure_redirects的值       路由机制控制   net.ipv4.ip_no_pmtu_disc = 0 #是否关闭路径MTU探测功能 net.ipv4.ip_forward_use_pmtu = 0 #是否支持巨型帧转发（使用LVS做负载均衡器时建议此值为1） net.ipv4.conf.default.send_redirects = 1 #默认是否发送重定向数据包 net.ipv4.conf.all.send_redirects = 1 #是否发送重定向数据包 net.ipv4.ip_default_ttl = 64 #定义数据报的生存周期:最多经过多少路由器后数据将被丢弃   net.ipv4.conf.default.src_valid_mark = 0 #默认是否为源地址有效的数据包打标记 net.ipv4.conf.all.src_valid_mark = 0 #是否为所有接口上源地址有效的数据包打标记   net.ipv4.conf.default.tag = 0 net.ipv4.conf.all.tag = 0   net.ipv4.conf.default.accept_local = 0 #默认是否允许接收从本机IP地址上发送给本机的数据包 net.ipv4.conf.all.accept_local = 0 #是否允许所有接口接收从本机IP地址上发送给本机的数据包       内存大页面使用策略   vm.nr_hugepages = 0 #控制内存是否可以使用大页面