centos7.4内核调优,tcp单服务器万级并发

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了centos7.4内核调优,tcp单服务器万级并发相关的知识,希望对你有一定的参考价值。

参考技术A 在使用linux的centos7.4遇到的各种坑,其中一个项目采用四层架构,配置层,平台层,逻辑服务器管理层和集体逻辑服务器层的,一个整体的 游戏 项目,其中,作为整个项目负责人和架构打架着,项目运行一年来,遇到了各种各样怪异的问题。其中就是tcp缓存区堵塞的问题,刚开始时候,以为是代码问题,花了半年的时间来排除,验证,把能想到的问题都做了一个遍,问题还是存在。最后应该几个调优和验证。附上算比较稳定centos7.4的内核调优详细参数如下:

内核配置文件:/etc/sysctl.conf

net.ipv4.tcp_mem = 768432 2097152 15242880

net.ipv4.tcp_wmem = 40960 163840 4194304

net.ipv4.tcp_rmem = 40960 873800 4194304

#net.core.somaxconn=6553600

net.core.wmem_default = 8388608

net.core.rmem_default = 8388608

net.core.rmem_max = 524288000

net.core.wmem_max = 524288000

net.ipv4.tcp_syncookies=1

net.ipv4.tcp_max_syn_backlog=81920

net.ipv4.tcp_timestamps=0

# 参数的值决定了内核放弃链接之前发送SYN+ACK包的数量,该参数对应系统路径为:/proc/sys/net/ipv4/tcp_synack_retries,默认是2

net.ipv4.tcp_synack_retries=3

# 表示内核放弃建立链接之前发送SYN包的数量,该参数对应系统路径为:/proc/sys/net/ipv4/tcp_syn_retries,默认是6

net.ipv4.tcp_syn_retries=3

net.ipv4.tcp_fin_timeout = 30

net.ipv4.tcp_keepalive_time = 300

net.ipv4.ip_local_port_range = 20000 65000

net.ipv4.tcp_max_tw_buckets = 6000

net.ipv4.route.max_size = 5242880

kernel.sem=250 65536 100 2048

kernel.msgmnb = 4203520

kernel.msgmni = 64

kernel.msgmax = 65535

#设置最大内存共享段大小bytes

kernel.shmmax = 68719476736

kernel.shmall = 4294967296

kernel.shmmni = 655360

net.ipv4.tcp_tw_reuse=1

net.ipv4.tcp_tw_recycle = 1

net.ipv4.tcp_window_scaling = 1

net.ipv4.tcp_no_metrics_save=1

# 开启SYN洪水攻击保护

kernel.core_uses_pid = 1

net.ipv4.conf.lo.arp_announce=2

net.ipv4.tcp_sack = 1

kernel.randomize_va_space=1

net.nf_conntrack_max = 25000000

net.netfilter.nf_conntrack_max = 25000000

net.netfilter.nf_conntrack_tcp_timeout_established = 180

#net.ipv4.netfilter.ip_conntrack_max=1000000

net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120

net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60

net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120

#避免放大攻击

net.ipv4.icmp_echo_ignore_broadcasts=1

#关闭ipv6

net.ipv6.conf.all.disable_ipv6 = 1

net.ipv6.conf.default.disable_ipv6 = 1

# 开启恶意icmp错误消息保护

net.ipv4.icmp_ignore_bogus_error_responses = 1

#关闭路由转发

net.ipv4.ip_forward = 0

net.ipv4.conf.all.send_redirects = 0

net.ipv4.conf.default.send_redirects = 0

#开启反向路径过滤

net.ipv4.conf.all.rp_filter = 1

net.ipv4.conf.default.rp_filter = 1

#处理无源路由的包

net.ipv4.conf.all.accept_source_route = 0

net.ipv4.conf.default.accept_source_route = 0

#关闭sysrq功能

kernel.sysrq = 0

#每个网络接口接收数据包的速率比内核处理这些包的速率快时,允许送到队列的数据包的最大数目

net.core.netdev_max_backlog = 262144

#限制仅仅是为了防止简单的DoS 攻击

net.ipv4.tcp_max_orphans = 3276800

# 确保无人能修改路由表

net.ipv4.conf.all.accept_redirects = 0

net.ipv4.conf.default.accept_redirects = 0

net.ipv4.conf.all.secure_redirects = 0

net.ipv4.conf.default.secure_redirects = 0

vm.swappiness = 0

#决定检查过期多久邻居条目

net.ipv4.neigh.default.gc_stale_time=120

fs.file-max = 40000500

fs.nr_open = 40000500

kernel.perf_cpu_time_max_percent=60

kernel.perf_event_max_sample_rate=6250

kernel.sched_migration_cost_ns=5000000

net.core.optmem_max= 25165824

vm.max_map_count=262144

net.core.somaxconn = 65535

#使用arp_announce / arp_ignore解决ARP映射问题

net.ipv4.conf.default.arp_announce = 2

net.ipv4.conf.all.arp_announce=2

net.ipv4.conf.lo.arp_announce=2

通用linux接口服务器参数调优

1. 如果需要支撑百万级同时在线数,需要对linux默认内核参数进行调整,我们的典型配置是在
/etc/sysctl.conf增加以下内容:
   
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_no_metrics_save=1
net.ipv4.tcp_window_scaling = 0
net.ipv4.tcp_max_syn_backlog = 120000
    net.core.netdev_max_backlog = 120000
    net.core.somaxconn = 12000
    net.ipv4.tcp_fin_timeout = 10
    net.ipv4.tcp_tw_reuse = 1
    net.ipv4.tcp_tw_recycle = 1
    net.ipv4.tcp_max_tw_buckets = 1000
    net.ipv4.tcp_abort_on_overflow = 1
    net.ipv4.tcp_sack = 0
    net.ipv4.tcp_rmem = 4096 8192 32768
    net.ipv4.tcp_wmem = 4096 8192 32768
    net.ipv4.tcp_timestamps = 0
    net.ipv4.tcp_mem = 3075840  4101120  12303360
    net.ipv4.tcp_keepalive_time = 30
    net.ipv4.tcp_keepalive_probes = 5
    net.ipv4.tcp_keepalive_intvl = 15
    net.ipv4.tcp_synack_retries = 2
    net.ipv4.tcp_syn_retries = 2
net.core.rmem_max=16777216
net.core.wmem_max=16777216
    net.ipv4.ip_local_port_range = 1024     65535
net.ipv4.tcp_syncookies = 0

    修改/etc/security/limits.conf配置:
    *               soft    nofile          1200000
    *               hard    nofile          1200000
部分ubuntu系统需要这么修改
root hard nofile 1000000
root soft nofile 1000000
root soft core unlimited
root soft stack 10240
ubuntu hard nofile 1000000
ubuntu soft nofile 1000000
ubuntu soft core unlimited
ubuntu soft stack 10240


*  hard nofile 1000000
*  soft nofile 1000000


以上是关于centos7.4内核调优,tcp单服务器万级并发的主要内容,如果未能解决你的问题,请参考以下文章

高流量大并发Linux TCP 性能调优

通用linux接口服务器参数调优

服务器最大TCP连接数及调优汇总

Linux配置支持高并发TCP连接(socket最大连接数)

zookeeper集群应对万级并发的调优

linux内核tcp调优规范与方案