sysctl.conf文件

linux系统中/proc/sys目录下存放的内核参数,可以在系统运行时进行更改,不过重启机器后配置就会失效。
由于/proc/sys下内核文件与配置文件sysctl.conf中变量存在着对应关系,在/etc/sysctl.conf文件中修改配置内核参数可以实现永久生效,以下是本人整理的常用参数配置
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1 #开启路由转发功能

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1

# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1 #当出现SYN等待队列溢出时,启用cookies来处理,可防范少量SYN攻击,默认为0,表示关闭

# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

# Controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65536

# # Controls the maximum size of a message, in bytes
kernel.msgmax = 65536

# Controls the maximum shared segment size, in bytes
kernel.shmmax = 2147483648 #共享内存段的最大尺寸(以字节为单位),通常设置为2G

# # Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296 #表示系统一次可以使用的共享内存总量(以页为单位)




# TCP kernel paramater
net.ipv4.tcp_mem = 786432 1048576 1572864
net.ipv4.tcp_rmem = 4096        87380   4194304 #定义了TCP接受缓存(用于TCP接收滑动窗口)的最小值,默认值,最大值
net.ipv4.tcp_wmem = 4096        16384   4194304 #定义了TCP发送缓存(用于TCP发送滑动窗口)的最小值,默认值,最大值
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1

# socket buffer
net.core.wmem_default = 8388608 #表示内核套接字发送缓存区默认的大小
net.core.rmem_default = 8388608 #表示内核套接字接收缓存区默认的大小
net.core.rmem_max = 16777216 #表示内核套接字接收缓存区默认的最大值
net.core.wmem_max = 16777216 #表示内核套接字发送缓存区默认的最大值
net.core.netdev_max_backlog = 262144 #当网卡接收数据包的速度大于内核处理的速度时,会有一个队列保存这些数据包。这个参数表示该队列的最大值
net.core.somaxconn = 20480
net.core.optmem_max = 81920


# TCP conn
net.ipv4.tcp_max_syn_backlog = 16384 #表示TCP三次握手建立阶段接受WYN请求队列的最大长度,默认1024,将其设置大一些可以使出现Nginx繁忙来不及accept新连接的情况时,Linux不至于丢失客户端发起的连接请求
net.ipv4.tcp_syn_retries = 3 #在内核放弃建立连接之前发送SYN包的数量
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 15

# tcp conn reuse
net.ipv4.tcp_tw_reuse = 1 #允许将TIME-WAIT sockets重新用于新的TCP连接,默认为0表示关闭
net.ipv4.tcp_tw_recycle = 1 #开启TCP连接中TIME-WAIT sockets的快速收回功能,默认为0,表示关闭
net.ipv4.tcp_fin_timeout = 1 #表示当服务器主动关闭连接时,socket保持在FIN-WAIT-2状态的最大时间


net.ipv4.tcp_max_tw_buckets = 20000 #表示操作系统允许TIME_WAIT套接字数量的最大值,如果超过这个数字,TIME_WAIT套接字将立刻被清除并打印警告信息。默认是180000,过多TIME_WAIT套接字会使Web服务器变慢
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_timestamps = 1 #?
net.ipv4.tcp_synack_retries = 1 #减少系统SYN连接重试次数,默认是5
net.ipv4.tcp_syncookies = 1

# keepalive conn
net.ipv4.tcp_keepalive_time = 300 #这个参数表示当keepalive启用时,TCP发送keepalive消息的频度。默认是7200 seconds,意思是如果某个TCP连接在idle 2小时后,内核才发起probe。若将其设置得小一点,可以更快地清理无效的连接
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.ip_local_port_range = 10001    65000 #定义了在UDP和TCP连接中本地端口的取值范围

# swap
vm.overcommit_memory = 0
vm.swappiness = 10

#net.ipv4.conf.eth1.rp_filter = 0
#net.ipv4.conf.lo.arp_ignore = 1
#net.ipv4.conf.lo.arp_announce = 2
#net.ipv4.conf.all.arp_ignore = 1
#net.ipv4.conf.all.arp_announce = 2