Tuning the TCP stack

By OK -
IP defines the rules for IP addressing and routing packets over network and provides an identity IP address to each host on the network. TCP deals with the interconnection between two hosts and enables them to exchange data over network. TCP is a connection-oriented protocol and controls the ordering of packets, retransmission, error detection, and other reliability tasks.

 New Linux kernel provides a tool called sysctl that can be used to modify kernel parameters at runtime without recompiling the entire kernel. We can use sysctl to modify and TCP/IP parameters to match our needs.

 Set the maximum open files limit:
$ ulimit -n   # check existing limits for logged in user
ubuntu@ubuntu:/etc/haproxy$ ulimit -n
1024

# ulimit -n 65535   # root change values above hard limits
  1. To permanently set limits for a user, open /etc/security/limits.conf and add the following lines at end of the file. Make sure to replace values in brackets, <>:
    <username>  soft  nofile  <value>     # soft limits
<username>  hard  nofile  <value>     # hard limits
  2. Save limits.conf and exit. Then restart the user session.
  1. Set the TCP read and write buffers to 8 MB:
    # echo 'net.core.rmem_max=8388608' >> /etc/sysctl.conf
# echo 'net.core.wmem_max=8388608' >> /etc/sysctl.conf
  2. Increase the maximum TCP orphans:
    # echo 'net.ipv4.tcp_max_orphans=4096' >> /etc/sysctl.conf
  3. Disable slow start after being idle:
    # echo 'net.ipv4.tcp_slow_start_after_idle=0' >> /etc/sysctl.conf
  4. Minimize TCP connection retries:
    # echo 'net.ipv4.tcp_synack_retries=3' >> /etc/sysctl.conf
# echo 'net.ipv4.tcp_syn_retries =3' >> /etc/sysctl.conf
  5. Set the TCP window scaling:
    # echo 'net.ipv4.tcp_window_scaling=1' >> /etc/sysctl.conf
  6. Enable timestamps:
    # echo 'net.ipv4.tcp_timestamp=1' >> /etc/sysctl.conf
  7. Enable selective acknowledgements:
    # echo 'net.ipv4.tcp_sack=0' >> /etc/sysctl.conf
  8. Set the maximum number of times the IPV4 packet can be reordered in the TCP packet stream:
    # echo 'net.ipv4.tcp_reordering=3' >> /etc/sysctl.conf
  9. Send data in the opening SYN packet:
    # echo 'net.ipv4.tcp_fastopen=1'  >> /etc/sysctl.conf
  10. Set the number of opened connections to be remembered before receiving acknowledgement:
    # echo 'tcp_max_syn_backlog=1500' >> /etc/sysctl.conf
  11. Set the number of TCP keep-alive probes to send before deciding the connection is broken:
    # echo 'tcp_keepalive_probes=5' >> /etc/sysctl.conf
  12. Set the keep-alive time, which is a timeout value after the broken connection is killed:
    # echo 'tcp_keepalive_time=1800' >> /etc/sysctl.conf
  13. Set intervals to send keep-alive packets:
    # echo 'tcp_keepalive_intvl=60' >> /etc/sysctl.conf
  14. Set to reuse or recycle connections in the wait state:
    # echo 'net.ipv4.tcp_tw_reuse=1' >> /etc/sysctl.conf
# echo 'net.ipv4.tcp_tw_recycle=1' >> /etc/sysctl.conf
  15. Increase the maximum number of connections:
    # echo 'net.ipv4.ip_local_port_range=32768 65535' >> /etc/sysctl.conf
  16. Set TCP FIN timeout:
    # echo 'tcp_fin_timeout=60' >> /etc/sysctl.conf
Along with network parameters, tons of other kernel parameters can be configured with the sysctlcommand. The -a flag to sysctl will list all the available parameters:
$ sysctl -a
All these configurations are stored in a filesystem at the /proc directory, grouped in their respective categories. You can directly read/write these files or use the sysctl command:
ubuntu@ubuntu:~$ sysctl fs.file-max
fs.file-max = 98869
ubuntu@ubuntu:~$ cat /proc/sys/fs/file-max
98869

Comments

Post a Comment

Popular posts from this blog

HAproxy logging

By OK -
ubuntu@ubuntu:/etc/haproxy$ cat /etc/rsyslog.d/haproxy.conf # Create an additional socket in haproxy's chroot in order to allow logging via # /dev/log to chroot'ed HAProxy processes $ModLoad imudp $UDPServerRun 514 local0.* -/var/log/haproxy-0.log local1.* -/var/log/haproxy-1.log ### keep logs in localhost ## $AddUnixListenSocket /var/lib/haproxy/dev/log ------------------- ubuntu@ubuntu:/etc/haproxy$ cat /etc/haproxy/haproxy.cfg global chroot /var/lib/haproxy user haproxy group haproxy log 127.0.0.1   local0         log 127.0.0.1   local1 notice daemon frontend www     bind 192.168.40.128:8282    # haproxy public IP     default_backend as-backend    # backend used backend as-backend    balance leastconn    mode http  server as1 192.168.40.128:8082 check    # application srv 1 defaults log global mode http option httplog option dontlognull         contimeout 5000    
Read more

tomcat catalina coyote jasper cluster

By OK -
Tomcat Component are Catalina Coyote Jasper Cluster Catalina :  Catalina is the name of the servlet container of Apache Tomcat since version 4.x. Tomcat implements Sun Microsystems' specifications for servlet and JavaServer Pages (JSP), which are important Java-based Web technologies. Tomcat's servlet container was redesigned as Catalina in Tomcat version 4.x. other components of the Tomcat engine are: Tomcat Jasper which converts the code portions within JavaServer Pages into servlets and pass them to Catalina to process. Tomcat Coyote which is an HTTP connector based on HTTP/1.1 specifications that receives and transmits web requests to the Tomcat engine by listening to a TCP/IP port and returns requests back to the requesting client. Coyote :  The Coyote JK Connector element represents a Connector component that communicates with a web connector via the JK protocol (also known as the AJP protocol). This is used for cases where you wish to invisibly integr
Read more

NFS mount add in fstab _netdev instead of default | firewall-cmd --list-all

By OK -
Redhat recommends us to add  _netdev  option for NFS file system in /etc/fstab. So that they can be mounted after starting the networking service. Alternative ways to refer to partitions: Label : LABEL=label Network ID Samba : //server/share NFS : server:/share SSHFS : sshfs#user@server:/share Device : /dev/sdxy (not recommended) Example #1 //192.168.1.134/share_name /mnt/share_name cifs username=server_user,password=server_password,_netdev 0 0 ^ Path to your share ^ Mountpoint ^ Username ^ Password ^ See note A Note A: The  _netdev  options makes sure the mount is only attempted AFTER a network connection has been established. Example #2 10.10.10.1:/vol1/fs1 /data nfs defaults,_netdev 0 0 ============================ [root@localhost ~]# firewall-cmd --list-all public   target: default   icmp-block-inversion: no   interfaces:   sources:   services: dhcpv6-client high-availability ssh   ports:   protocols:   masquera
Read more