1、sysctl -p查看以下是否已添加以下TCP内核参数
[root@centos ~]# sysctl -p sysctl: /etc/sysctl.conf(13): invalid syntax, continuing... net.ipv4.ip_forward = 0 net.ipv4.conf.default.rp_filter = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.conf.all.arp_notify = 1 net.ipv4.tcp_timestamps = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_max_tw_buckets = 6000 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_keepalive_time = 1200 net.ipv4.ip_local_port_range = 1024 65000 net.ipv4.tcp_max_syn_backlog = 8192
sysctl 命令:
sysctl命令被用于在内核运行时动态地修改内核的运行参数,
可用的内核参数在目录/proc/sys中。它包含一些TCP/ip堆栈和
虚拟内存系统的高级选项, 这可以让有经验的管理员提高引人注目的系统性能。用sysctl可以读取设置超过五百个系统变量。
sysctl -a :查看所有可读变量
编辑此文件:/etc/sysctl.conf :内核参数设定文件,永久有效
2、vi /etc/sysctl.conf,增加以下参数
net.ipv4.conf.all.arp_notify = 1 net.ipv4.tcp_timestamps = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_keepalive_time = 1200 net.ipv4.ip_local_port_range = 1024 65000
Linux命令窗口下输入sysctl -p 立即生效
内核参数
|
参数 |
描述 |
默认值 |
优化值 |
|
net.core.rmem_default |
默认的TCP数据接收窗口大小(字节)。 |
229376 |
256960 |
|
net.core.rmem_max |
最大的TCP数据接收窗口(字节)。 |
131071 |
513920 |
|
net.core.wmem_default |
默认的TCP数据发送窗口大小(字节)。 |
229376 |
256960 |
|
net.core.wmem_max |
最大的TCP数据发送窗口(字节)。 |
131071 |
513920 |
|
net.core.netdev_max_backlog |
在每个网络接口接收数据包的速率比内核处理这些包的速率快时,允许送到队列的数据包的最大数目。 |
1000 |
2000 |
|
net.core.somaxconn |
定义了系统中每一个端口最大的监听队列的长度,这是个全局的参数。 |
128 |
2048 |
|
net.core.optmem_max |
表示每个套接字所允许的最大缓冲区的大小。 |
20480 |
81920 |
常用参数说明:
[root@kube ipv4]# sysctl -a |grep net.ipv4. net.ipv4.cipso_cache_bucket_size = 10 net.ipv4.cipso_cache_enable = 1 net.ipv4.cipso_rbm_optfmt = 0 net.ipv4.cipso_rbm_strictvalid = 1 net.ipv4.conf.all.accept_local = 0 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.all.arp_accept = 0 net.ipv4.conf.all.arp_announce = 0 net.ipv4.conf.all.arp_filter = 0 net.ipv4.conf.all.arp_ignore = 0 net.ipv4.conf.all.arp_notify = 0 net.ipv4.conf.all.bootp_relay = 0 net.ipv4.conf.all.disable_policy = 0 net.ipv4.conf.all.disable_xfrm = 0 net.ipv4.conf.all.force_igmp_version = 0 net.ipv4.conf.all.forwarding = 1 net.ipv4.conf.all.log_martians = 0 net.ipv4.conf.all.mc_forwarding = 0 net.ipv4.conf.all.medium_id = 0 net.ipv4.conf.all.promote_secondaries = 1 net.ipv4.conf.all.proxy_arp = 0 net.ipv4.conf.all.proxy_arp_pvlan = 0 net.ipv4.conf.all.route_localnet = 0 net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.all.secure_redirects = 1 net.ipv4.conf.all.send_redirects = 1 net.ipv4.conf.all.shared_media = 1 net.ipv4.conf.all.src_valid_mark = 0 net.ipv4.conf.all.tag = 0 net.ipv4.conf.default.accept_local = 0 net.ipv4.conf.default.accept_redirects = 1 net.ipv4.conf.default.accept_source_route = 0 net.ipv4.conf.default.arp_accept = 0 net.ipv4.conf.default.arp_announce = 0 net.ipv4.conf.default.arp_filter = 0 net.ipv4.conf.default.arp_ignore = 0 net.ipv4.conf.default.arp_notify = 0 net.ipv4.conf.default.bootp_relay = 0 net.ipv4.conf.default.disable_policy = 0 net.ipv4.conf.default.disable_xfrm = 0 net.ipv4.conf.default.force_igmp_version = 0 net.ipv4.conf.default.forwarding = 1 net.ipv4.conf.default.log_martians = 0 net.ipv4.conf.default.mc_forwarding = 0 net.ipv4.conf.default.medium_id = 0 net.ipv4.conf.default.promote_secondaries = 1 net.ipv4.conf.default.proxy_arp = 0 net.ipv4.conf.default.proxy_arp_pvlan = 0 net.ipv4.conf.default.route_localnet = 0 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.secure_redirects = 1 net.ipv4.conf.default.send_redirects = 1 net.ipv4.conf.default.shared_media = 1 net.ipv4.conf.default.src_valid_mark = 0 net.ipv4.conf.default.tag = 0 net.ipv4.conf.docker0.accept_local = 0 net.ipv4.conf.docker0.accept_redirects = 1 net.ipv4.conf.docker0.accept_source_route = 0 net.ipv4.conf.docker0.arp_accept = 0 net.ipv4.conf.docker0.arp_announce = 0 net.ipv4.conf.docker0.arp_filter = 0 net.ipv4.conf.docker0.arp_ignore = 0 net.ipv4.conf.docker0.arp_notify = 0 net.ipv4.conf.docker0.bootp_relay = 0 net.ipv4.conf.docker0.disable_policy = 0 net.ipv4.conf.docker0.disable_xfrm = 0 net.ipv4.conf.docker0.force_igmp_version = 0 net.ipv4.conf.docker0.forwarding = 1 net.ipv4.conf.docker0.log_martians = 0 net.ipv4.conf.docker0.mc_forwarding = 0 net.ipv4.conf.docker0.medium_id = 0 net.ipv4.conf.docker0.promote_secondaries = 1 net.ipv4.conf.docker0.proxy_arp = 0 net.ipv4.conf.docker0.proxy_arp_pvlan = 0 net.ipv4.conf.docker0.route_localnet = 0 net.ipv4.conf.docker0.rp_filter = 1 net.ipv4.conf.docker0.secure_redirects = 1 net.ipv4.conf.docker0.send_redirects = 1 net.ipv4.conf.docker0.shared_media = 1 net.ipv4.conf.docker0.src_valid_mark = 0 net.ipv4.conf.docker0.tag = 0 net.ipv4.conf.ens192.accept_local = 0 net.ipv4.conf.ens192.accept_redirects = 1 net.ipv4.conf.ens192.accept_source_route = 0 net.ipv4.conf.ens192.arp_accept = 0 net.ipv4.conf.ens192.arp_announce = 0 net.ipv4.conf.ens192.arp_filter = 0 net.ipv4.conf.ens192.arp_ignore = 0 net.ipv4.conf.ens192.arp_notify = 0 net.ipv4.conf.ens192.bootp_relay = 0 net.ipv4.conf.ens192.disable_policy = 0 net.ipv4.conf.ens192.disable_xfrm = 0 net.ipv4.conf.ens192.force_igmp_version = 0 net.ipv4.conf.ens192.forwarding = 1 net.ipv4.conf.ens192.log_martians = 0 net.ipv4.conf.ens192.mc_forwarding = 0 net.ipv4.conf.ens192.medium_id = 0 net.ipv4.conf.ens192.promote_secondaries = 1 net.ipv4.conf.ens192.proxy_arp = 0 net.ipv4.conf.ens192.proxy_arp_pvlan = 0 net.ipv4.conf.ens192.route_localnet = 0 net.ipv4.conf.ens192.rp_filter = 1 net.ipv4.conf.ens192.secure_redirects = 1 net.ipv4.conf.ens192.send_redirects = 1 net.ipv4.conf.ens192.shared_media = 1 net.ipv4.conf.ens192.src_valid_mark = 0 net.ipv4.conf.ens192.tag = 0 net.ipv4.conf.lo.accept_local = 0 net.ipv4.conf.lo.accept_redirects = 1 net.ipv4.conf.lo.accept_source_route = 1 net.ipv4.conf.lo.arp_accept = 0 net.ipv4.conf.lo.arp_announce = 0 net.ipv4.conf.lo.arp_filter = 0 net.ipv4.conf.lo.arp_ignore = 0 net.ipv4.conf.lo.arp_notify = 0 net.ipv4.conf.lo.bootp_relay = 0 net.ipv4.conf.lo.disable_policy = 1 net.ipv4.conf.lo.disable_xfrm = 1 net.ipv4.conf.lo.force_igmp_version = 0 net.ipv4.conf.lo.forwarding = 1 net.ipv4.conf.lo.log_martians = 0 net.ipv4.conf.lo.mc_forwarding = 0 net.ipv4.conf.lo.medium_id = 0 net.ipv4.conf.lo.promote_secondaries = 0 net.ipv4.conf.lo.proxy_arp = 0 net.ipv4.conf.lo.proxy_arp_pvlan = 0 net.ipv4.conf.lo.route_localnet = 0 net.ipv4.conf.lo.rp_filter = 0 net.ipv4.conf.lo.secure_redirects = 1 net.ipv4.conf.lo.send_redirects = 1 net.ipv4.conf.lo.shared_media = 1 net.ipv4.conf.lo.src_valid_mark = 0 net.ipv4.conf.lo.tag = 0 net.ipv4.fwmark_reflect = 0 net.ipv4.icmp_echo_ignore_all = 0 net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.icmp_errors_use_inbound_ifaddr = 0 net.ipv4.icmp_ignore_bogus_error_responses = 1 net.ipv4.icmp_msgs_burst = 50 net.ipv4.icmp_msgs_per_sec = 1000 net.ipv4.icmp_ratelimit = 1000 net.ipv4.icmp_ratemask = 6168 net.ipv4.igmp_max_memberships = 20 net.ipv4.igmp_max_msf = 10 net.ipv4.igmp_qrv = 2 net.ipv4.inet_peer_maxttl = 600 net.ipv4.inet_peer_minttl = 120 net.ipv4.inet_peer_threshold = 65664 net.ipv4.ip_default_ttl = 64 // ip 数据包字段 生存时间默认值 net.ipv4.ip_dynaddr = 0 net.ipv4.ip_early_demux = 1 net.ipv4.ip_forward = 1 //是否开启内核转发,0 禁用,1 启动 net.ipv4.ip_forward_use_pmtu = 0 net.ipv4.ip_local_port_range = 32768 60999 //定义 tcp/udp 本地端口范围 net.ipv4.ip_local_reserved_ports = net.ipv4.ip_no_pmtu_disc = 0 net.ipv4.ip_nonlocal_bind = 0 net.ipv4.ipfrag_high_thresh = 4194304 net.ipv4.ipfrag_low_thresh = 3145728 net.ipv4.ipfrag_max_dist = 64 net.ipv4.ipfrag_secret_interval = 600 net.ipv4.ipfrag_time = 30 net.ipv4.neigh.default.anycast_delay = 100 net.ipv4.neigh.default.app_solicit = 0 net.ipv4.neigh.default.base_reachable_time_ms = 30000 net.ipv4.neigh.default.delay_first_probe_time = 5 net.ipv4.neigh.default.gc_interval = 30 net.ipv4.neigh.default.gc_stale_time = 60 net.ipv4.neigh.default.gc_thresh1 = 128 net.ipv4.neigh.default.gc_thresh2 = 512 net.ipv4.neigh.default.gc_thresh3 = 1024 net.ipv4.neigh.default.locktime = 100 net.ipv4.neigh.default.mcast_solicit = 3 net.ipv4.neigh.default.proxy_delay = 80 net.ipv4.neigh.default.proxy_qlen = 64 net.ipv4.neigh.default.retrans_time_ms = 1000 net.ipv4.neigh.default.ucast_solicit = 3 net.ipv4.neigh.default.unres_qlen = 31 net.ipv4.neigh.default.unres_qlen_bytes = 65536 net.ipv4.neigh.docker0.anycast_delay = 100 net.ipv4.neigh.docker0.app_solicit = 0 net.ipv4.neigh.docker0.base_reachable_time_ms = 30000 net.ipv4.neigh.docker0.delay_first_probe_time = 5 net.ipv4.neigh.docker0.gc_stale_time = 60 net.ipv4.neigh.docker0.locktime = 100 net.ipv4.neigh.docker0.mcast_solicit = 3 net.ipv4.neigh.docker0.proxy_delay = 80 net.ipv4.neigh.docker0.proxy_qlen = 64 net.ipv4.neigh.docker0.retrans_time_ms = 1000 net.ipv4.neigh.docker0.ucast_solicit = 3 net.ipv4.neigh.docker0.unres_qlen = 31 net.ipv4.neigh.docker0.unres_qlen_bytes = 65536 net.ipv4.neigh.ens192.anycast_delay = 100 net.ipv4.neigh.ens192.app_solicit = 0 net.ipv4.neigh.ens192.base_reachable_time_ms = 30000 net.ipv4.neigh.ens192.delay_first_probe_time = 5 net.ipv4.neigh.ens192.gc_stale_time = 60 net.ipv4.neigh.ens192.locktime = 100 net.ipv4.neigh.ens192.mcast_solicit = 3 net.ipv4.neigh.ens192.proxy_delay = 80 net.ipv4.neigh.ens192.proxy_qlen = 64 net.ipv4.neigh.ens192.retrans_time_ms = 1000 net.ipv4.neigh.ens192.ucast_solicit = 3 net.ipv4.neigh.ens192.unres_qlen = 31 net.ipv4.neigh.ens192.unres_qlen_bytes = 65536 net.ipv4.neigh.lo.anycast_delay = 100 net.ipv4.neigh.lo.app_solicit = 0 net.ipv4.neigh.lo.base_reachable_time_ms = 30000 net.ipv4.neigh.lo.delay_first_probe_time = 5 net.ipv4.neigh.lo.gc_stale_time = 60 net.ipv4.neigh.lo.locktime = 100 net.ipv4.neigh.lo.mcast_solicit = 3 net.ipv4.neigh.lo.proxy_delay = 80 net.ipv4.neigh.lo.proxy_qlen = 64 net.ipv4.neigh.lo.retrans_time_ms = 1000 net.ipv4.neigh.lo.ucast_solicit = 3 net.ipv4.neigh.lo.unres_qlen = 31 net.ipv4.neigh.lo.unres_qlen_bytes = 65536 net.ipv4.ping_group_range = 1 0 net.ipv4.route.error_burst = 5000 net.ipv4.route.error_cost = 1000 net.ipv4.route.gc_elasticity = 8 net.ipv4.route.gc_interval = 60 net.ipv4.route.gc_min_interval = 0 net.ipv4.route.gc_min_interval_ms = 500 net.ipv4.route.gc_thresh = -1 net.ipv4.route.gc_timeout = 300 net.ipv4.route.max_size = 2147483647 net.ipv4.route.min_adv_mss = 256 net.ipv4.route.min_pmtu = 552 net.ipv4.route.mtu_expires = 600 net.ipv4.route.redirect_load = 20 net.ipv4.route.redirect_number = 9 net.ipv4.route.redirect_silence = 20480 net.ipv4.tcp_abort_on_overflow = 0 net.ipv4.tcp_adv_win_scale = 1 net.ipv4.tcp_allowed_congestion_control = cubic reno net.ipv4.tcp_app_win = 31 net.ipv4.tcp_autocorking = 1 net.ipv4.tcp_available_congestion_control = cubic reno net.ipv4.tcp_base_mss = 512 net.ipv4.tcp_challenge_ack_limit = 1000 net.ipv4.tcp_congestion_control = cubic net.ipv4.tcp_dsack = 1 net.ipv4.tcp_early_retrans = 3 net.ipv4.tcp_ecn = 2 net.ipv4.tcp_fack = 1 net.ipv4.tcp_fastopen = 0 net.ipv4.tcp_fastopen_key = 3d9f4df5-5c82290b-6c465833-328c3b2d net.ipv4.tcp_fin_timeout = 60 net.ipv4.tcp_frto = 2 net.ipv4.tcp_invalid_ratelimit = 500 net.ipv4.tcp_keepalive_intvl = 75 //keepalive 消息失败后的重新探测间隔,乘以 keepalive_probes 的次数代表多久后连接失效 net.ipv4.tcp_keepalive_probes = 9 // 尝试次数9 次 net.ipv4.tcp_keepalive_time = 7200 //启用keepalive 时,keepalive 多久发一次消息,默认2 小时 net.ipv4.tcp_limit_output_bytes = 262144 net.ipv4.tcp_low_latency = 0 //旧选项不再有效 net.ipv4.tcp_max_orphans = 8192 net.ipv4.tcp_max_ssthresh = 0 net.ipv4.tcp_max_syn_backlog = 128 //一个 socket 最大请求数 SYN_RECV net.ipv4.tcp_max_tw_buckets = 8192 //保存最大 timewait 数量 net.ipv4.tcp_mem = 42471 56631 84942 net.ipv4.tcp_min_tso_segs = 2 net.ipv4.tcp_moderate_rcvbuf = 1 net.ipv4.tcp_mtu_probing = 0 net.ipv4.tcp_no_metrics_save = 0 net.ipv4.tcp_notsent_lowat = -1 net.ipv4.tcp_orphan_retries = 0 net.ipv4.tcp_reordering = 3 net.ipv4.tcp_retrans_collapse = 1 net.ipv4.tcp_retries1 = 3 //回收一个 连接 多少次重试 net.ipv4.tcp_retries2 = 15 //断开与远端主机的会话次数 net.ipv4.tcp_rfc1337 = 0 net.ipv4.tcp_rmem = 4096 87380 6291456 net.ipv4.tcp_sack = 1 //启动sack ,有选择的应答乱序的包,之重发丢失的数据包 net.ipv4.tcp_slow_start_after_idle = 1 net.ipv4.tcp_stdurg = 0 net.ipv4.tcp_syn_retries = 6 // 重启发送syn 包的次数 net.ipv4.tcp_synack_retries = 5 net.ipv4.tcp_syncookies = 1 //开启 syncookies ,当套接字 syn 待办事项队列溢出时,发出syncookies 防止常见的 syn flood net.ipv4.tcp_thin_dupack = 0 net.ipv4.tcp_thin_linear_timeouts = 0 net.ipv4.tcp_timestamps = 1 net.ipv4.tcp_tso_win_divisor = 3 net.ipv4.tcp_tw_recycle = 0 //设置 TIME_AIT 快速回收 net.ipv4.tcp_tw_reuse = 0 //设置timewait 的重用,超过这个值立即删除可以复用 net.ipv4.tcp_window_scaling = 1 net.ipv4.tcp_wmem = 4096 16384 4194304 net.ipv4.tcp_workaround_signed_windows = 0 net.ipv4.udp_mem = 43563 58086 87126 net.ipv4.udp_rmem_min = 4096 net.ipv4.udp_wmem_min = 4096 net.ipv4.xfrm4_gc_thresh = 32768 sysctl: reading key "net.ipv6.conf.all.stable_secret" sysctl: reading key "net.ipv6.conf.default.stable_secret" sysctl: reading key "net.ipv6.conf.docker0.stable_secret" sysctl: reading key "net.ipv6.conf.ens192.stable_secret" sysctl: reading key "net.ipv6.conf.lo.stable_secret" [root@kube ipv4]#
参考:https://www.cnblogs.com/zy09/p/13131054.html
