centos7.4内核调优,tcp单服务器万级并发
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了centos7.4内核调优,tcp单服务器万级并发相关的知识,希望对你有一定的参考价值。
参考技术A 在使用linux的centos7.4遇到的各种坑,其中一个项目采用四层架构,配置层,平台层,逻辑服务器管理层和集体逻辑服务器层的,一个整体的 游戏 项目,其中,作为整个项目负责人和架构打架着,项目运行一年来,遇到了各种各样怪异的问题。其中就是tcp缓存区堵塞的问题,刚开始时候,以为是代码问题,花了半年的时间来排除,验证,把能想到的问题都做了一个遍,问题还是存在。最后应该几个调优和验证。附上算比较稳定centos7.4的内核调优详细参数如下:内核配置文件:/etc/sysctl.conf
net.ipv4.tcp_mem = 768432 2097152 15242880
net.ipv4.tcp_wmem = 40960 163840 4194304
net.ipv4.tcp_rmem = 40960 873800 4194304
#net.core.somaxconn=6553600
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 524288000
net.core.wmem_max = 524288000
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_max_syn_backlog=81920
net.ipv4.tcp_timestamps=0
# 参数的值决定了内核放弃链接之前发送SYN+ACK包的数量,该参数对应系统路径为:/proc/sys/net/ipv4/tcp_synack_retries,默认是2
net.ipv4.tcp_synack_retries=3
# 表示内核放弃建立链接之前发送SYN包的数量,该参数对应系统路径为:/proc/sys/net/ipv4/tcp_syn_retries,默认是6
net.ipv4.tcp_syn_retries=3
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 300
net.ipv4.ip_local_port_range = 20000 65000
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.route.max_size = 5242880
kernel.sem=250 65536 100 2048
kernel.msgmnb = 4203520
kernel.msgmni = 64
kernel.msgmax = 65535
#设置最大内存共享段大小bytes
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
kernel.shmmni = 655360
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_no_metrics_save=1
# 开启SYN洪水攻击保护
kernel.core_uses_pid = 1
net.ipv4.conf.lo.arp_announce=2
net.ipv4.tcp_sack = 1
kernel.randomize_va_space=1
net.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
#net.ipv4.netfilter.ip_conntrack_max=1000000
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
#避免放大攻击
net.ipv4.icmp_echo_ignore_broadcasts=1
#关闭ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
# 开启恶意icmp错误消息保护
net.ipv4.icmp_ignore_bogus_error_responses = 1
#关闭路由转发
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
#开启反向路径过滤
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
#处理无源路由的包
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
#关闭sysrq功能
kernel.sysrq = 0
#每个网络接口接收数据包的速率比内核处理这些包的速率快时,允许送到队列的数据包的最大数目
net.core.netdev_max_backlog = 262144
#限制仅仅是为了防止简单的DoS 攻击
net.ipv4.tcp_max_orphans = 3276800
# 确保无人能修改路由表
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
vm.swappiness = 0
#决定检查过期多久邻居条目
net.ipv4.neigh.default.gc_stale_time=120
fs.file-max = 40000500
fs.nr_open = 40000500
kernel.perf_cpu_time_max_percent=60
kernel.perf_event_max_sample_rate=6250
kernel.sched_migration_cost_ns=5000000
net.core.optmem_max= 25165824
vm.max_map_count=262144
net.core.somaxconn = 65535
#使用arp_announce / arp_ignore解决ARP映射问题
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.lo.arp_announce=2
通用linux接口服务器参数调优
1. 如果需要支撑百万级同时在线数,需要对linux默认内核参数进行调整,我们的典型配置是在 /etc/sysctl.conf增加以下内容: net.ipv4.tcp_max_orphans = 262144 net.ipv4.tcp_no_metrics_save=1 net.ipv4.tcp_window_scaling = 0 net.ipv4.tcp_max_syn_backlog = 120000 net.core.netdev_max_backlog = 120000 net.core.somaxconn = 12000 net.ipv4.tcp_fin_timeout = 10 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_max_tw_buckets = 1000 net.ipv4.tcp_abort_on_overflow = 1 net.ipv4.tcp_sack = 0 net.ipv4.tcp_rmem = 4096 8192 32768 net.ipv4.tcp_wmem = 4096 8192 32768 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_mem = 3075840 4101120 12303360 net.ipv4.tcp_keepalive_time = 30 net.ipv4.tcp_keepalive_probes = 5 net.ipv4.tcp_keepalive_intvl = 15 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 2 net.core.rmem_max=16777216 net.core.wmem_max=16777216 net.ipv4.ip_local_port_range = 1024 65535 net.ipv4.tcp_syncookies = 0 修改/etc/security/limits.conf配置: * soft nofile 1200000 * hard nofile 1200000部分ubuntu系统需要这么修改
root hard nofile 1000000
root soft nofile 1000000
root soft core unlimited
root soft stack 10240
ubuntu hard nofile 1000000
ubuntu soft nofile 1000000
ubuntu soft core unlimited
ubuntu soft stack 10240
* hard nofile 1000000
* soft nofile 1000000
以上是关于centos7.4内核调优,tcp单服务器万级并发的主要内容,如果未能解决你的问题,请参考以下文章