一、修改/etc/sysctl.conf
1 | vim /etc/sysctl.conf |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | net.ipv4.ip_forward=1 vm.swappiness = 0 net.ipv4.neigh. default .gc_stale_time=120 net.ipv4.conf.all.rp_filter=0 net.ipv4.conf. default .rp_filter=0 net.ipv4.conf. default .arp_announce = 2 net.ipv4.conf.all.arp_announce=2 net.ipv4.tcp_max_tw_buckets = 5000 net.ipv4.tcp_max_syn_backlog = 1024 net.ipv4.tcp_synack_retries = 2 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf. default .disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 net.ipv4.conf.lo.arp_announce=2 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_keepalive_time = 1200 net.ipv4.ip_local_port_range = 10000 65000 |
二、配置立即生效
1 | sysctl -p |
三、其他内核优化参数
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | #该参数设置系统的TIME_WAIT的数量,如果超过默认值则会被立即清除 net.ipv4.tcp_max_tw_buckets = 20000 #定义了系统中每一个端口最大的监听队列的长度,这是个全局的参数 net.core.somaxconn = 65535 #对于还未获得对方确认的连接请求,可保存在队列中的最大数目 net.ipv4.tcp_max_syn_backlog = 262144 #在每个网络接口接收数据包的速率比内核处理这些包的速率快时,允许送到队列的数据包的最大数目 net.core.netdev_max_backlog = 30000 #能够更快地回收TIME-WAIT套接字。此选项会导致处于NAT网络的客户端超时,建议为0 net.ipv4.tcp_tw_recycle = 0 #系统所有进程一共可以打开的文件数量 fs.file-max = 6815744 #防火墙跟踪表的大小。注意:如果防火墙没开则会提示error: "net.netfilter.nf_conntrack_max" is an unknown key,忽略即可 net.netfilter.nf_conntrack_max = 2621440 |