Linux kernel parameter setting
Kernel parameter setting
There are three ways for Linux operating system to modify kernel parameters
Modify / etc/ sysctl.conf Documents;
Add a configuration item in the file with the format of key = value, save the modified file, and execute the command sysctl – P to load the new configuration.
Use sysctl command to modify temporarily;
For example: sysctl – W net.ipv4 .tcp_ MEM = “379008 505344 758016” directly modify the files in / proc / sys / directory.
For example: echo “379008 505344 758016” / proc / sys / net / IPv4 / TCP_ MEM note: the first method will take effect automatically and permanently after restarting the operating system; the second and third methods will fail after restarting.
kernel.core_ uses_ pid = 1
core_ uses_ PID can control whether to add PID as an extension to the file name of the core file. Set to 1 to add PID as the extension, and the generated core file format is core.xxx Set to 0 (default), which means that the generated core file is uniformly named core.
kernel.core_ pattern = core
core_ Pattern can control the location and format of the core file.
For example: kernel.core_ Pattern = “/ corefile / core -% e -% p -% T”, which means that the core file is uniformly generated to the / corefile directory, and the generated file name is core command name PID timestamp.
The following is a list of parameters:
%P – insert PID into filename add PID
%U – insert current uid into filename
%G – insert current GID into file name
%S – insert signal that caused the core into the file name
%T – insert UNIX time that the core occurs into file name
%H – insert host name where the kernel happened into filename
%E – insert corestamping executable name into filename add command name
kernel.msgmax = 8192
Message passing between processes takes place in the memory of the kernel. Msgmax specifies the maximum number of messages in the message queue. （65536B=64KB）
kernel.msgmnb = 16384
Msgmnb specifies the maximum value of a message queue, that is, the capacity of a message queue. Msgmnb controls the total number of pages of shared memory that can be used. The size of Linux shared memory page is 4KB, and the size of shared memory segment is an integral multiple of the size of shared memory page. The maximum size of a shared memory segment is 16g, so the number of pages of shared memory required is 16GB / 4KB = 16777216kb / 4KB = 4194304 (pages), that is, 16GB of physical memory in 64bit system kernel.shmall =4194304.
kernel.shmall = 1048576
Represents the total amount of shared memory (bytes) that can be used on the system at any given time.
kernel.shmmax = 4294967295
Represents the maximum size (bytes) of the shared memory segment allowed by the kernel. It is used to define the maximum value of a single shared memory segment. For 64 bit Linux system, the maximum value is – 1 byte of physical memory. The recommended value is more than half of the physical memory, and the general value is greater than SGA_ MAX_ Size, which can take – 1 byte of physical memory. For example, if it is 64GB of physical memory, 64 * 1024 * 1024 – 1 = 68719476735 can be taken.
The actual maximum available shared memory segment size = SHMMAX * 98%, of which about 2% is used for shared memory structure. You can verify this by setting SHMMAX and then executing IPCs – L.
kernel.sysrq = 0
Different values correspond to different functions
0 completely disable the sysrq key combination
1 enable all functions of sysrq key combination
2 enable console log level control
4 enable keyboard control (sak, unraw)
8 enable debugging information output of process, etc
16 enable synchronization command
32 enable remount to read only
64 enable process signals (terminate, kill, overflow kill)
128 allow restart / shutdown
256 control priority control of real time tasks
net.core.netdev_ max_ backlog = 262144
Indicates the maximum number of packets allowed to be sent to the queue when the rate of packets received by each network interface is faster than the rate of packets processed by the kernel.
net.core.rmem_ default = 8388608
Reserve memory default value for TCP socket to receive buffer.
net.core.rmem_ max = 16777216
Reserve the maximum amount of memory for receiving buffer for TCP socket.
net.core.somaxconn = 128
The default parameter of listen (function) and the maximum number of pending requests. In web applications, the listen function’s backlog will give us kernel parameters by default net.core.somaxconn The limit is 128. NGX defined in nginx server_ LISTEN_ Backlog is 511 by default.
net.core.wmem_ default = 8388608
Reserve the default value of memory for TCP socket to send buffer.
net.core.wmem_ max= 16777216
Reserve the maximum memory for TCP socket to send buffer.
net.ipv4 . conf.all.accept_ source_ route = 0、 net.ipv4 . conf.default.accept_ source_ route = 0
Processing packets for passive routing.
net.ipv4 . conf.all.rp_ filter = 1、 net.ipv4 . conf.default.rp_ filter = 1
Turn on reverse path filtering.
net.ipv4 .ip_ forward = 0、 net.ipv4 . conf.all.send_ redirects = 0、v4. conf.default.send_ redirects = 0
Does not act as a router.
net.ipv4 .icmp_ echo_ ignore_ broadcasts = 1
Avoid amplification attacks.
net.ipv4 .icmp_ ignore_ bogus_ error_ responses = 1
Enable malicious ICMP error message protection.
net.ipv4 .ip_ local_ port_ range = 1024 65535
Increase the system IP port limit. Represents the range of ports used for outward connections. reference resources
net.ipv4 .tcp_ fin_ TImeout = 30
If the socket is required to be closed by the local end, this parameter determines the time it remains in the fin-wait-2 state. The opposite end can make mistakes and never close the connection, or even go down unexpectedly. The default value is 60s, and the 2.2 kernel is usually 180s. You can set it according to this setting, but remember that even if your machine is a light web server, there is a risk of memory overflow due to a large number of dead sockets. The risk of fin-wait-2 is smaller than that of fin-wait-1, because it can only eat 1.5k of memory at most, but its lifetime is longer.
net.ipv4 .tcp_ keepalive_ TIme = 1200
Indicates the frequency of TCP sending keepalive messages when keepalive works. (unit: seconds, default: 2 hours)
net.ipv4 .tcp_ max_ orphans = 3276800
Indicates the maximum number of TCP sockets in the system that are not associated with any user file handle. This limit is only to prevent simple DoS attacks. Guo Fei can’t rely on it or reduce this value. If memory is increased, this value should be increased.
net.ipv4 .tcp_ max_ syn_ backlog = 262144
It records the maximum number of connection requests that have not received confirmation from the client. For systems with 128M of memory, the default value is 1024, while for systems with small memory, it is 128.
net.ipv4 .tcp_ max_ Tw_ buckets = 6000
Indicates that the system maintains time at the same time_ The maximum number of wait sockets is 180000 by default.
net.ipv4 .tcp_ mem = 94500000 915000000 927000000
Determine how the TCP stack should reflect memory usage; the unit of each value is memory page (usually 4KB)
The first value is the lower limit of memory usage.
The second value is the upper limit of the application pressure that memory pressure mode begins to use on the buffer.
The third value is the upper memory limit. At this level, packets can be discarded to reduce the use of memory. For larger BDPs, you can increase these values (but remember that the units are memory pages, not bytes).
net.ipv4 .tcp_ sack = 1
Enable selective response (1 means enable), improve the performance by selectively responding to messages received out of order, so that the sender can only send the missing message segments. (for WAN communication) this option should be enabled, but it will increase the CPU occupation.
net.ipv4 .tcp_ synack_ retries = 1
In order to open the peer connection, the kernel needs to send a syn with an ACK in response to the previous syn. That is the second handshake of the so-called three handshakes. This setting determines the number of syn + ACK packets sent before the kernel abandons the connection.
net.ipv4 .tcp_ syncookies = 1
Turn on SYN Flood protection.
net.ipv4 .tcp_ syn_ retries = 1
The number of syn packets sent before the kernel abandons establishing a connection.
net.ipv4 .tcp_ TImestamps = 0
This parameter is used to set the time stamp to avoid the winding of the serial number. A 1Gbps link is bound to encounter a previously used serial number. Timestamps allow the kernel to accept such “abnormal” packets. Set to 0 to turn it off.
net.ipv4 .tcp_ Tw_ recycle = 0
Whether to enable fast recovery of time-wait sockets in TCP connection, 0 means off, 1 means on. When TCP_ Tw_ Recycle and TCP_ When the timestamp is turned on at the same time, the connection success rate will be reduced.
net.ipv4 .tcp_ Tw_ reuse = 1
Whether to enable reuse and allow time-wait sockets to be reused for new TCP connections. 0 means to close and 1 means to open.
net.ipv4 .tcp_ window_ scaling = 1
To enable the window scaling defined in RFC 1323, to support a TCP window of more than 64KB, this value must be enabled (1 means enabled). The maximum TCP window size is 1GB. It will take effect only when both sides of the TCP connection are enabled.
net.ipv6 . conf.all.disable_ ipv6 = 1、 net.ipv6 . conf.default.disable_ ipv6 = 1
What are the functions of Linux kernel
The kernel mainly has the following four functions: system memory management; software program management; hardware management; file system management;
(1) System memory management
Memory management is one of the main functions of operating system kernel. The kernel can not only manage available physical memory, but also create and manage virtual memory.
Memory management must use hard disk space, which is called swap space. The kernel constantly exchanges the contents of the virtual memory location between the swap space and the actual physical memory. In this way, the available memory of the system is more than the actual memory.
Grouping memory locations into blocks is called paging. The kernel locates each memory page in physical memory or swap space, and then maintains a memory page table, which describes the pages in physical memory and the pages swapped to disk. Memory tracking uses the page, and automatically will not be used for a period of time to copy the memory page to the swap space area, known as the swap out process. This process is executed even if there is enough memory. When the program needs to access the pages that have been swapped out, the memory must swap out another page to make room for the page in the physical memory, and then swap in the required page from the swap space.
Every process running on Linux system has its own memory paging. One process cannot access the paging that another process is using. The kernel also has its own memory area. For security reasons, no process can access the memory that the kernel process is using.
(2) Software program management
A running program is called a process. The process can run in the foreground or in the background.
The first process created by the kernel is called the initial process, which starts all other processes on the system. When the kernel starts, the initial process is loaded into the virtual memory. Every time the memory starts another process, it will allocate a unique space in the virtual memory to store the data and code of the process.
(3) Hardware management
The device that Linux system needs to communicate with must insert driver code into kernel code. The driver code enables the kernel to transfer data to the device. There are two ways to insert device drivers into Linux
1. Compile driver in kernel.
2. Add driver module to kernel.
Linux identifies hardware devices as special files, which are called device files. There are three types of equipment files
Character device files are used for devices that process only one character at a time. Block files are used for devices that can handle a large number of blocks at a time. Network files are used for devices that use packets to send and receive data.
(4) File system management
Linux system can use different types of file system and hard disk to transfer data. In addition to its own file system, it can also transfer data through the file system used by other operating systems. The Linux kernel uses a virtual file system to connect to each file system. It provides a standard interface for kernel to communicate with other file system types. Cache related information in virtual file system.