1、sysctl -p查看以下是否已添加以下TCP内核参数
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | [root@centos ~]# sysctl -psysctl: /etc/sysctl.conf(13): invalid syntax, continuing...net.ipv4.ip_forward = 0net.ipv4.conf.default.rp_filter = 1net.ipv4.tcp_syncookies = 1net.ipv4.conf.all.arp_notify = 1net.ipv4.tcp_timestamps = 1net.ipv4.tcp_tw_reuse = 1net.ipv4.tcp_fin_timeout = 30net.ipv4.tcp_max_tw_buckets = 6000net.ipv4.tcp_tw_recycle = 1net.ipv4.tcp_keepalive_time = 1200net.ipv4.ip_local_port_range = 1024 65000net.ipv4.tcp_max_syn_backlog = 8192 |
sysctl 命令:
sysctl命令被用于在内核运行时动态地修改内核的运行参数,
可用的内核参数在目录/proc/sys中。它包含一些TCP/ip堆栈和
虚拟内存系统的高级选项, 这可以让有经验的管理员提高引人注目的系统性能。用sysctl可以读取设置超过五百个系统变量。
sysctl -a :查看所有可读变量
编辑此文件:/etc/sysctl.conf :内核参数设定文件,永久有效
2、vi /etc/sysctl.conf,增加以下参数
1 2 3 4 5 6 7 | net.ipv4.conf.all.arp_notify = 1net.ipv4.tcp_timestamps = 1net.ipv4.tcp_tw_reuse = 1net.ipv4.tcp_fin_timeout = 30net.ipv4.tcp_tw_recycle = 1net.ipv4.tcp_keepalive_time = 1200net.ipv4.ip_local_port_range = 1024 65000 |
Linux命令窗口下输入sysctl -p 立即生效
内核参数
|
参数 |
描述 |
默认值 |
优化值 |
|
net.core.rmem_default |
默认的TCP数据接收窗口大小(字节)。 |
229376 |
256960 |
|
net.core.rmem_max |
最大的TCP数据接收窗口(字节)。 |
131071 |
513920 |
|
net.core.wmem_default |
默认的TCP数据发送窗口大小(字节)。 |
229376 |
256960 |
|
net.core.wmem_max |
最大的TCP数据发送窗口(字节)。 |
131071 |
513920 |
|
net.core.netdev_max_backlog |
在每个网络接口接收数据包的速率比内核处理这些包的速率快时,允许送到队列的数据包的最大数目。 |
1000 |
2000 |
|
net.core.somaxconn |
定义了系统中每一个端口最大的监听队列的长度,这是个全局的参数。 |
128 |
2048 |
|
net.core.optmem_max |
表示每个套接字所允许的最大缓冲区的大小。 |
20480 |
81920 |
常用参数说明:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 | [root@kube ipv4]# sysctl -a |grep net.ipv4.net.ipv4.cipso_cache_bucket_size = 10net.ipv4.cipso_cache_enable = 1net.ipv4.cipso_rbm_optfmt = 0net.ipv4.cipso_rbm_strictvalid = 1net.ipv4.conf.all.accept_local = 0net.ipv4.conf.all.accept_redirects = 0net.ipv4.conf.all.accept_source_route = 0net.ipv4.conf.all.arp_accept = 0net.ipv4.conf.all.arp_announce = 0net.ipv4.conf.all.arp_filter = 0net.ipv4.conf.all.arp_ignore = 0net.ipv4.conf.all.arp_notify = 0net.ipv4.conf.all.bootp_relay = 0net.ipv4.conf.all.disable_policy = 0net.ipv4.conf.all.disable_xfrm = 0net.ipv4.conf.all.force_igmp_version = 0net.ipv4.conf.all.forwarding = 1net.ipv4.conf.all.log_martians = 0net.ipv4.conf.all.mc_forwarding = 0net.ipv4.conf.all.medium_id = 0net.ipv4.conf.all.promote_secondaries = 1net.ipv4.conf.all.proxy_arp = 0net.ipv4.conf.all.proxy_arp_pvlan = 0net.ipv4.conf.all.route_localnet = 0net.ipv4.conf.all.rp_filter = 1net.ipv4.conf.all.secure_redirects = 1net.ipv4.conf.all.send_redirects = 1net.ipv4.conf.all.shared_media = 1net.ipv4.conf.all.src_valid_mark = 0net.ipv4.conf.all.tag = 0net.ipv4.conf.default.accept_local = 0net.ipv4.conf.default.accept_redirects = 1net.ipv4.conf.default.accept_source_route = 0net.ipv4.conf.default.arp_accept = 0net.ipv4.conf.default.arp_announce = 0net.ipv4.conf.default.arp_filter = 0net.ipv4.conf.default.arp_ignore = 0net.ipv4.conf.default.arp_notify = 0net.ipv4.conf.default.bootp_relay = 0net.ipv4.conf.default.disable_policy = 0net.ipv4.conf.default.disable_xfrm = 0net.ipv4.conf.default.force_igmp_version = 0net.ipv4.conf.default.forwarding = 1net.ipv4.conf.default.log_martians = 0net.ipv4.conf.default.mc_forwarding = 0net.ipv4.conf.default.medium_id = 0net.ipv4.conf.default.promote_secondaries = 1net.ipv4.conf.default.proxy_arp = 0net.ipv4.conf.default.proxy_arp_pvlan = 0net.ipv4.conf.default.route_localnet = 0net.ipv4.conf.default.rp_filter = 1net.ipv4.conf.default.secure_redirects = 1net.ipv4.conf.default.send_redirects = 1net.ipv4.conf.default.shared_media = 1net.ipv4.conf.default.src_valid_mark = 0net.ipv4.conf.default.tag = 0net.ipv4.conf.docker0.accept_local = 0net.ipv4.conf.docker0.accept_redirects = 1net.ipv4.conf.docker0.accept_source_route = 0net.ipv4.conf.docker0.arp_accept = 0net.ipv4.conf.docker0.arp_announce = 0net.ipv4.conf.docker0.arp_filter = 0net.ipv4.conf.docker0.arp_ignore = 0net.ipv4.conf.docker0.arp_notify = 0net.ipv4.conf.docker0.bootp_relay = 0net.ipv4.conf.docker0.disable_policy = 0net.ipv4.conf.docker0.disable_xfrm = 0net.ipv4.conf.docker0.force_igmp_version = 0net.ipv4.conf.docker0.forwarding = 1net.ipv4.conf.docker0.log_martians = 0net.ipv4.conf.docker0.mc_forwarding = 0net.ipv4.conf.docker0.medium_id = 0net.ipv4.conf.docker0.promote_secondaries = 1net.ipv4.conf.docker0.proxy_arp = 0net.ipv4.conf.docker0.proxy_arp_pvlan = 0net.ipv4.conf.docker0.route_localnet = 0net.ipv4.conf.docker0.rp_filter = 1net.ipv4.conf.docker0.secure_redirects = 1net.ipv4.conf.docker0.send_redirects = 1net.ipv4.conf.docker0.shared_media = 1net.ipv4.conf.docker0.src_valid_mark = 0net.ipv4.conf.docker0.tag = 0net.ipv4.conf.ens192.accept_local = 0net.ipv4.conf.ens192.accept_redirects = 1net.ipv4.conf.ens192.accept_source_route = 0net.ipv4.conf.ens192.arp_accept = 0net.ipv4.conf.ens192.arp_announce = 0net.ipv4.conf.ens192.arp_filter = 0net.ipv4.conf.ens192.arp_ignore = 0net.ipv4.conf.ens192.arp_notify = 0net.ipv4.conf.ens192.bootp_relay = 0net.ipv4.conf.ens192.disable_policy = 0net.ipv4.conf.ens192.disable_xfrm = 0net.ipv4.conf.ens192.force_igmp_version = 0net.ipv4.conf.ens192.forwarding = 1net.ipv4.conf.ens192.log_martians = 0net.ipv4.conf.ens192.mc_forwarding = 0net.ipv4.conf.ens192.medium_id = 0net.ipv4.conf.ens192.promote_secondaries = 1net.ipv4.conf.ens192.proxy_arp = 0net.ipv4.conf.ens192.proxy_arp_pvlan = 0net.ipv4.conf.ens192.route_localnet = 0net.ipv4.conf.ens192.rp_filter = 1net.ipv4.conf.ens192.secure_redirects = 1net.ipv4.conf.ens192.send_redirects = 1net.ipv4.conf.ens192.shared_media = 1net.ipv4.conf.ens192.src_valid_mark = 0net.ipv4.conf.ens192.tag = 0net.ipv4.conf.lo.accept_local = 0net.ipv4.conf.lo.accept_redirects = 1net.ipv4.conf.lo.accept_source_route = 1net.ipv4.conf.lo.arp_accept = 0net.ipv4.conf.lo.arp_announce = 0net.ipv4.conf.lo.arp_filter = 0net.ipv4.conf.lo.arp_ignore = 0net.ipv4.conf.lo.arp_notify = 0net.ipv4.conf.lo.bootp_relay = 0net.ipv4.conf.lo.disable_policy = 1net.ipv4.conf.lo.disable_xfrm = 1net.ipv4.conf.lo.force_igmp_version = 0net.ipv4.conf.lo.forwarding = 1net.ipv4.conf.lo.log_martians = 0net.ipv4.conf.lo.mc_forwarding = 0net.ipv4.conf.lo.medium_id = 0net.ipv4.conf.lo.promote_secondaries = 0net.ipv4.conf.lo.proxy_arp = 0net.ipv4.conf.lo.proxy_arp_pvlan = 0net.ipv4.conf.lo.route_localnet = 0net.ipv4.conf.lo.rp_filter = 0net.ipv4.conf.lo.secure_redirects = 1net.ipv4.conf.lo.send_redirects = 1net.ipv4.conf.lo.shared_media = 1net.ipv4.conf.lo.src_valid_mark = 0net.ipv4.conf.lo.tag = 0net.ipv4.fwmark_reflect = 0net.ipv4.icmp_echo_ignore_all = 0net.ipv4.icmp_echo_ignore_broadcasts = 1net.ipv4.icmp_errors_use_inbound_ifaddr = 0net.ipv4.icmp_ignore_bogus_error_responses = 1net.ipv4.icmp_msgs_burst = 50net.ipv4.icmp_msgs_per_sec = 1000net.ipv4.icmp_ratelimit = 1000net.ipv4.icmp_ratemask = 6168net.ipv4.igmp_max_memberships = 20net.ipv4.igmp_max_msf = 10net.ipv4.igmp_qrv = 2net.ipv4.inet_peer_maxttl = 600net.ipv4.inet_peer_minttl = 120net.ipv4.inet_peer_threshold = 65664net.ipv4.ip_default_ttl = 64 // ip 数据包字段 生存时间默认值net.ipv4.ip_dynaddr = 0net.ipv4.ip_early_demux = 1net.ipv4.ip_forward = 1 //是否开启内核转发,0 禁用,1 启动net.ipv4.ip_forward_use_pmtu = 0net.ipv4.ip_local_port_range = 32768 60999 //定义 tcp/udp 本地端口范围net.ipv4.ip_local_reserved_ports = net.ipv4.ip_no_pmtu_disc = 0net.ipv4.ip_nonlocal_bind = 0net.ipv4.ipfrag_high_thresh = 4194304net.ipv4.ipfrag_low_thresh = 3145728net.ipv4.ipfrag_max_dist = 64net.ipv4.ipfrag_secret_interval = 600net.ipv4.ipfrag_time = 30net.ipv4.neigh.default.anycast_delay = 100net.ipv4.neigh.default.app_solicit = 0net.ipv4.neigh.default.base_reachable_time_ms = 30000net.ipv4.neigh.default.delay_first_probe_time = 5net.ipv4.neigh.default.gc_interval = 30net.ipv4.neigh.default.gc_stale_time = 60net.ipv4.neigh.default.gc_thresh1 = 128net.ipv4.neigh.default.gc_thresh2 = 512net.ipv4.neigh.default.gc_thresh3 = 1024net.ipv4.neigh.default.locktime = 100net.ipv4.neigh.default.mcast_solicit = 3net.ipv4.neigh.default.proxy_delay = 80net.ipv4.neigh.default.proxy_qlen = 64net.ipv4.neigh.default.retrans_time_ms = 1000net.ipv4.neigh.default.ucast_solicit = 3net.ipv4.neigh.default.unres_qlen = 31net.ipv4.neigh.default.unres_qlen_bytes = 65536net.ipv4.neigh.docker0.anycast_delay = 100net.ipv4.neigh.docker0.app_solicit = 0net.ipv4.neigh.docker0.base_reachable_time_ms = 30000net.ipv4.neigh.docker0.delay_first_probe_time = 5net.ipv4.neigh.docker0.gc_stale_time = 60net.ipv4.neigh.docker0.locktime = 100net.ipv4.neigh.docker0.mcast_solicit = 3net.ipv4.neigh.docker0.proxy_delay = 80net.ipv4.neigh.docker0.proxy_qlen = 64net.ipv4.neigh.docker0.retrans_time_ms = 1000net.ipv4.neigh.docker0.ucast_solicit = 3net.ipv4.neigh.docker0.unres_qlen = 31net.ipv4.neigh.docker0.unres_qlen_bytes = 65536net.ipv4.neigh.ens192.anycast_delay = 100net.ipv4.neigh.ens192.app_solicit = 0net.ipv4.neigh.ens192.base_reachable_time_ms = 30000net.ipv4.neigh.ens192.delay_first_probe_time = 5net.ipv4.neigh.ens192.gc_stale_time = 60net.ipv4.neigh.ens192.locktime = 100net.ipv4.neigh.ens192.mcast_solicit = 3net.ipv4.neigh.ens192.proxy_delay = 80net.ipv4.neigh.ens192.proxy_qlen = 64net.ipv4.neigh.ens192.retrans_time_ms = 1000net.ipv4.neigh.ens192.ucast_solicit = 3net.ipv4.neigh.ens192.unres_qlen = 31net.ipv4.neigh.ens192.unres_qlen_bytes = 65536net.ipv4.neigh.lo.anycast_delay = 100net.ipv4.neigh.lo.app_solicit = 0net.ipv4.neigh.lo.base_reachable_time_ms = 30000net.ipv4.neigh.lo.delay_first_probe_time = 5net.ipv4.neigh.lo.gc_stale_time = 60net.ipv4.neigh.lo.locktime = 100net.ipv4.neigh.lo.mcast_solicit = 3net.ipv4.neigh.lo.proxy_delay = 80net.ipv4.neigh.lo.proxy_qlen = 64net.ipv4.neigh.lo.retrans_time_ms = 1000net.ipv4.neigh.lo.ucast_solicit = 3net.ipv4.neigh.lo.unres_qlen = 31net.ipv4.neigh.lo.unres_qlen_bytes = 65536net.ipv4.ping_group_range = 1 0net.ipv4.route.error_burst = 5000net.ipv4.route.error_cost = 1000net.ipv4.route.gc_elasticity = 8net.ipv4.route.gc_interval = 60net.ipv4.route.gc_min_interval = 0net.ipv4.route.gc_min_interval_ms = 500net.ipv4.route.gc_thresh = -1net.ipv4.route.gc_timeout = 300net.ipv4.route.max_size = 2147483647net.ipv4.route.min_adv_mss = 256net.ipv4.route.min_pmtu = 552net.ipv4.route.mtu_expires = 600net.ipv4.route.redirect_load = 20net.ipv4.route.redirect_number = 9net.ipv4.route.redirect_silence = 20480net.ipv4.tcp_abort_on_overflow = 0net.ipv4.tcp_adv_win_scale = 1net.ipv4.tcp_allowed_congestion_control = cubic renonet.ipv4.tcp_app_win = 31net.ipv4.tcp_autocorking = 1net.ipv4.tcp_available_congestion_control = cubic renonet.ipv4.tcp_base_mss = 512net.ipv4.tcp_challenge_ack_limit = 1000net.ipv4.tcp_congestion_control = cubicnet.ipv4.tcp_dsack = 1net.ipv4.tcp_early_retrans = 3net.ipv4.tcp_ecn = 2net.ipv4.tcp_fack = 1net.ipv4.tcp_fastopen = 0net.ipv4.tcp_fastopen_key = 3d9f4df5-5c82290b-6c465833-328c3b2dnet.ipv4.tcp_fin_timeout = 60net.ipv4.tcp_frto = 2net.ipv4.tcp_invalid_ratelimit = 500net.ipv4.tcp_keepalive_intvl = 75 //keepalive 消息失败后的重新探测间隔,乘以 keepalive_probes 的次数代表多久后连接失效net.ipv4.tcp_keepalive_probes = 9 // 尝试次数9 次net.ipv4.tcp_keepalive_time = 7200 //启用keepalive 时,keepalive 多久发一次消息,默认2 小时net.ipv4.tcp_limit_output_bytes = 262144net.ipv4.tcp_low_latency = 0 //旧选项不再有效net.ipv4.tcp_max_orphans = 8192net.ipv4.tcp_max_ssthresh = 0net.ipv4.tcp_max_syn_backlog = 128 //一个 socket 最大请求数 SYN_RECVnet.ipv4.tcp_max_tw_buckets = 8192 //保存最大 timewait 数量net.ipv4.tcp_mem = 42471 56631 84942net.ipv4.tcp_min_tso_segs = 2net.ipv4.tcp_moderate_rcvbuf = 1net.ipv4.tcp_mtu_probing = 0net.ipv4.tcp_no_metrics_save = 0net.ipv4.tcp_notsent_lowat = -1net.ipv4.tcp_orphan_retries = 0net.ipv4.tcp_reordering = 3net.ipv4.tcp_retrans_collapse = 1net.ipv4.tcp_retries1 = 3 //回收一个 连接 多少次重试net.ipv4.tcp_retries2 = 15 //断开与远端主机的会话次数net.ipv4.tcp_rfc1337 = 0net.ipv4.tcp_rmem = 4096 87380 6291456net.ipv4.tcp_sack = 1 //启动sack ,有选择的应答乱序的包,之重发丢失的数据包net.ipv4.tcp_slow_start_after_idle = 1net.ipv4.tcp_stdurg = 0net.ipv4.tcp_syn_retries = 6 // 重启发送syn 包的次数net.ipv4.tcp_synack_retries = 5net.ipv4.tcp_syncookies = 1 //开启 syncookies ,当套接字 syn 待办事项队列溢出时,发出syncookies 防止常见的 syn flood net.ipv4.tcp_thin_dupack = 0net.ipv4.tcp_thin_linear_timeouts = 0net.ipv4.tcp_timestamps = 1net.ipv4.tcp_tso_win_divisor = 3net.ipv4.tcp_tw_recycle = 0 //设置 TIME_AIT 快速回收net.ipv4.tcp_tw_reuse = 0 //设置timewait 的重用,超过这个值立即删除可以复用net.ipv4.tcp_window_scaling = 1net.ipv4.tcp_wmem = 4096 16384 4194304net.ipv4.tcp_workaround_signed_windows = 0net.ipv4.udp_mem = 43563 58086 87126net.ipv4.udp_rmem_min = 4096net.ipv4.udp_wmem_min = 4096net.ipv4.xfrm4_gc_thresh = 32768sysctl: reading key "net.ipv6.conf.all.stable_secret"sysctl: reading key "net.ipv6.conf.default.stable_secret"sysctl: reading key "net.ipv6.conf.docker0.stable_secret"sysctl: reading key "net.ipv6.conf.ens192.stable_secret"sysctl: reading key "net.ipv6.conf.lo.stable_secret"[root@kube ipv4]# |
参考:https://www.cnblogs.com/zy09/p/13131054.html
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 阿里最新开源QwQ-32B,效果媲美deepseek-r1满血版,部署成本又又又降低了!
· AI编程工具终极对决:字节Trae VS Cursor,谁才是开发者新宠?
· 开源Multi-agent AI智能体框架aevatar.ai,欢迎大家贡献代码
· Manus重磅发布:全球首款通用AI代理技术深度解析与实战指南
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!