用sysctl進行調整Linux系統效能
sysctl是一個允許您改變正在執行中的Linux系統的介面。它包含一些 TCP/IP 堆疊和虛擬記憶體系統的高階選項, 這可以讓有經驗的管理員提高引人注目的系統效能。用sysctl可以讀取設定超過五百個系統變數。基於這點,sysctl(8) 提供兩個功能:讀取和修改系統設定。
檢視所有可讀變數:
% sysctl -a
讀一個指定的變數,例如 kern.maxproc:
% sysctl kern.maxproc kern.maxproc: 1044
要設定一個指定的變數,直接用 variable=value 這樣的語法:
# sysctl kern.maxfiles=5000
kern.maxfiles: 2088 -> 5000
您可以使用sysctl修改系統變數,也可以通過編輯sysctl.conf檔案來修改系統變數。sysctl.conf 看起來很像 rc.conf。它用 variable=value 的形式來設定值。指定的值在系統進入多使用者模式之後被設定。並不是所有的變數都可以在這個模式下設定。
sysctl 變數的設定通常是字串、數字或者布林型。 (布林型用 1 來表示'yes',用 0 來表示'no')。
sysctl -w kernel.sysrq=0
sysctl -w kernel.core_uses_pid=1
sysctl -w net.ipv4.conf.default.accept_redirects=0
sysctl -w net.ipv4.conf.default.accept_source_route=0
sysctl -w net.ipv4.conf.default.rp_filter=1
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_max_syn_backlog=2048
sysctl -w net.ipv4.tcp_fin_timeout=30
sysctl -w net.ipv4.tcp_synack_retries=2
sysctl -w net.ipv4.tcp_keepalive_time=3600
sysctl -w net.ipv4.tcp_window_scaling=1
sysctl -w net.ipv4.tcp_sack=1
配置sysctl
編輯此檔案:
vi /etc/sysctl.conf
如果該檔案為空,則輸入以下內容,否則請根據情況自己做調整:
# Controls source route verification
# Default should work for all interfaces
net.ipv4.conf.default.rp_filter = 1
# net.ipv4.conf.all.rp_filter = 1
# net.ipv4.conf.lo.rp_filter = 1
# net.ipv4.conf.eth0.rp_filter = 1
# Disables IP source routing
# Default should work for all interfaces
net.ipv4.conf.default.accept_source_route = 0
# net.ipv4.conf.all.accept_source_route = 0
# net.ipv4.conf.lo.accept_source_route = 0
# net.ipv4.conf.eth0.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
# Increase maximum amount of memory allocated to shm
# Only uncomment if needed!
# kernel.shmmax = 67108864
# Disable ICMP Redirect Acceptance
# Default should work for all interfaces
net.ipv4.conf.default.accept_redirects = 0
# net.ipv4.conf.all.accept_redirects = 0
# net.ipv4.conf.lo.accept_redirects = 0
# net.ipv4.conf.eth0.accept_redirects = 0
# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
# Default should work for all interfaces
net.ipv4.conf.default.log_martians = 1
# net.ipv4.conf.all.log_martians = 1
# net.ipv4.conf.lo.log_martians = 1
# net.ipv4.conf.eth0.log_martians = 1
# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 25
# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1200
# Turn on the tcp_window_scaling
net.ipv4.tcp_window_scaling = 1
# Turn on the tcp_sack
net.ipv4.tcp_sack = 1
# tcp_fack should be on because of sack
net.ipv4.tcp_fack = 1
# Turn on the tcp_timestamps
net.ipv4.tcp_timestamps = 1
# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1
# Enable ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts = 1
# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1
# Make more local ports available
# net.ipv4.ip_local_port_range = 1024 65000
# Set TCP Re-Ordering value in kernel to ‘5′
net.ipv4.tcp_reordering = 5
# Lower syn retry rates
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 3
# Set Max SYN Backlog to ‘2048′
net.ipv4.tcp_max_syn_backlog = 2048
# Various Settings
net.core.netdev_max_backlog = 1024
# Increase the maximum number of skb-heads to be cached
net.core.hot_list_length = 256
# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 360000
# This will increase the amount of memory available for socket input/output queues
net.core.rmem_default = 65535
net.core.rmem_max = 8388608
net.ipv4.tcp_rmem = 4096 87380 8388608
net.core.wmem_default = 65535
net.core.wmem_max = 8388608
net.ipv4.tcp_wmem = 4096 65535 8388608
net.ipv4.tcp_mem = 8388608 8388608 8388608
net.core.optmem_max = 40960
如果希望遮蔽別人 ping 你的主機,則加入以下程式碼:
# Disable ping requests
net.ipv4.icmp_echo_ignore_all = 1
編輯完成後,請執行以下命令使變動立即生效:
/sbin/sysctl -p
/sbin/sysctl -w net.ipv4.route.flush=1
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/14766526/viewspace-566916/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- 對 Nginx SSL 的效能進行調整Nginx
- 【效能調整】系統檢視(二)
- 【效能調整】系統檢視(一)
- Linux系統調整swap大小Linux
- linux調整系統時間Linux
- 在Linux中,如何進行系統效能調優?Linux
- Linux系統效能調優之效能分析Linux
- 調整系統用SYSTEM回滾段
- LINUX系統效能調諧 (zt)Linux
- LINUX系統效能調諧(轉)Linux
- 用於效能調整的動態效能檢視——效能調整手冊和參考
- Oracle效能調整之--DML語句效能調整Oracle
- linux系統檢視調整swap空間Linux
- 調整linux系統時間和時區Linux
- oracle 效能調整Oracle
- K8S 效能最佳化 - OS sysctl 調優K8S
- 系統時間的調整
- AIX檔案系統調整AI
- oracle效能調整(1)Oracle
- oracle效能調整(2)Oracle
- ORACLE效能調整--1Oracle
- ORACLE效能調整---2Oracle
- Oracle 效能調整for HWOracle
- (zt)Oracle效能調整Oracle
- oracle效能調整2Oracle
- 用GParted給linux系統進行磁碟分割槽?Linux
- (3)Linux效能調優之Linux檔案系統Linux
- Linux調整系統時間和時區的方法Linux
- 理解作業系統資源——效能調整手冊和參考作業系統
- Oracle效能最佳化調整--調整重做機制Oracle
- 網路調整——效能調整手冊和參考
- SAP系統中成本中心調整
- linux系統lvm中lv使用空間的調整LinuxLVM
- 關於Linux系統中調整重新整理率(轉)Linux
- Oracle效能調整筆記Oracle筆記
- 【效能調整】等待事件(一)事件
- 【效能調整】等待事件(二)事件
- Oracle效能調整-1(轉)Oracle