网络内核设置

请根据需要自行修改内核设置,内核文件路径:

/etc/sysctl.conf

### IMPROVE SYSTEM MEMORY MANAGEMENT ###

# Increase size of file handles and inode cache
fs.file-max = 2097152

# Do less swapping
vm.swappiness = 10
vm.dirty_ratio = 60
vm.dirty_background_ratio = 2

### GENERAL NETWORK SECURITY OPTIONS ###

# Number of times SYNACKs for passive TCP connection.
net.ipv4.tcp_synack_retries = 2

# Allowed local port range
net.ipv4.ip_local_port_range = 2000 65535

# Protect Against TCP Time-Wait
net.ipv4.tcp_rfc1337 = 1

# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 15

# Decrease the time default value for connections to keep alive
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_intvl = 15

### TUNING NETWORK PERFORMANCE ###

# Default Socket Receive Buffer
net.core.rmem_default = 31457280

# Maximum Socket Receive Buffer
net.core.rmem_max = 12582912

# Default Socket Send Buffer
net.core.wmem_default = 31457280

# Maximum Socket Send Buffer
net.core.wmem_max = 12582912

# Increase number of incoming connections
net.core.somaxconn = 4096

# Increase number of incoming connections backlog
net.core.netdev_max_backlog = 65536

# Increase the maximum amount of option memory buffers
net.core.optmem_max = 25165824

# Increase the maximum total buffer-space allocatable
# This is measured in units of pages (4096 bytes)
net.ipv4.tcp_mem = 65536 131072 262144
net.ipv4.udp_mem = 65536 131072 262144

# Increase the read-buffer space allocatable
net.ipv4.tcp_rmem = 8192 87380 16777216
net.ipv4.udp_rmem_min = 16384

# Increase the write-buffer-space allocatable
net.ipv4.tcp_wmem = 8192 65536 16777216
net.ipv4.udp_wmem_min = 16384

# Increase the tcp-time-wait buckets pool size to prevent simple DOS attacks
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1

使用翻译后的内容如下:

### 改善系统内存管理 ###

# 增加文件句柄和inode缓存的大小
fs.file-max = 2097152

# 减少交换
vm.swappiness = 10
vm.dirty_ratio = 60
vm.dirty_background_ratio = 2

### 一般网络安全选项 ###

# 被动TCP连接的SYNACK次数。
net.ipv4.tcp_synack_retries = 2

# 允许的本地端口范围
net.ipv4.ip_local_port_range = 2000 65535

# 防止TCP Time-Wait状态的影响
net.ipv4.tcp_rfc1337 = 1

# 减少默认的tcp_fin_timeout连接时间
net.ipv4.tcp_fin_timeout = 15

# 减少连接的默认保活时间
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_intvl = 15

### 调优网络性能 ###

# 默认套接字接收缓冲区大小
net.core.rmem_default = 31457280

# 最大套接字接收缓冲区大小
net.core.rmem_max = 12582912

# 默认套接字发送缓冲区大小
net.core.wmem_default = 31457280

# 最大套接字发送缓冲区大小
net.core.wmem_max = 12582912

# 增加传入连接数
net.core.somaxconn = 4096

# 增加传入连接积压
net.core.netdev_max_backlog = 65536

# 增加最大选项内存缓冲区数量
net.core.optmem_max = 25165824

# 增加最大可分配的总缓冲区空间
# 以页面为单位（4096字节）进行度量
net.ipv4.tcp_mem = 65536 131072 262144
net.ipv4.udp_mem = 65536 131072 262144

# 增加可分配的读缓冲区空间
net.ipv4.tcp_rmem = 8192 87380 16777216
net.ipv4.udp_rmem_min = 16384

# 增加可分配的写缓冲区空间
net.ipv4.tcp_wmem = 8192 65536 16777216
net.ipv4.udp_wmem_min = 16384

# 增加tcp-time-wait桶池大小以防范简单的DOS攻击
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1