sysctl.conf

# Centos 7
# for high performance website!
# 参考https://www.teakki.com/p/57dbd24a1b9882de17e7fd4f

# 允许IPV6, 将来的趋势是都会使用IPV6的
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0

# 定义本机作为客户端时允许使用的端口范围
net.ipv4.ip_local_port_range = 5000 65535

# Decrease the time default value for connections to keep alive
net.ipv4.tcp_keepalive_time = 1800
#表示当keepalive起用的时候，TCP发送keepalive消息的频度。缺省是2小时，改为30分钟。
net.ipv4.tcp_keepalive_probes = 3
#如果对方不予应答，探测包的发送次数
net.ipv4.tcp_keepalive_intvl = 15
#keepalive探测包的发送间隔

# TCP window scaling for high-throughput, high-pingtime TCP performance
net.ipv4.tcp_window_scaling = 1
# 建议关闭, 如果开启的话客户端为NAT网络的时候会出现无法建立TCP连接, 参考https://help.aliyun.com/knowledge_detail/41334.html
net.ipv4.tcp_tw_recycle = 0

# 禁用端口转发, 应用服务器一般使用不到, 除非有端口转发的需要
net.ipv4.ip_forward = 0

# Disable IP spoofing protection, turn off source route verification
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0

#当出现SYN等待队列溢出时，启用cookies来处理，可防范少量SYN攻击
net.ipv4.tcp_syncookies = 1
#对于一个新建连接，内核要发送多少个SYN连接请求才决定放弃
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_synack_retries = 3
#只完成了TCP三次握手中的第一步SYN的socket的队列长度
net.ipv4.tcp_max_syn_backlog = 16384
#在每个网络接口接收数据包的速率比内核处理这些包的速率快时，允许送到队列的数据包的最大数目
net.core.netdev_max_backlog = 16384
#完成了TCP三次握手并即将送给应用层处理的socket队列长度, 编程中的socket模块的backlog数值上限取决于该值
net.core.somaxconn = 5000
#服务器主动关闭后会进入fin_wait1状态, 等待另一端的ACK, 这里是为了快速关闭
net.ipv4.tcp_fin_timeout = 10

net.core.netdev_max_backlog = 262144

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename
# Useful for debugging multi-threaded applications
kernel.core_uses_pid = 1

# Don't ignore directed pings
net.ipv4.icmp_echo_ignore_all = 0

# Controls the maximum size of a message, in bytes
kernel.msgmnb = 65536

# Controls the default maximum size of a message queue
kernel.msgmax = 65536

# Not use the swap, only use the mem.
vm.swappiness = 0

# How many times to retry killing an alive TCP connection
net.ipv4.tcp_retries2 = 15
net.ipv4.tcp_retries1 = 3

# Increase the maximum memory used to reassemble IP fragments
net.ipv4.ipfrag_high_thresh = 512000
net.ipv4.ipfrag_low_thresh = 446464

# maximum number of file descriptor
fs.file-max = 65535

# Set maximum amount of memory allocated to shm to 256MB
kernel.shmmax = 268435456
kernel.shmall = 268435456

# per https://gist.github.com/kfox/1942782
net.ipv4.neigh.default.gc_thresh1 = 4096
net.ipv4.neigh.default.gc_thresh2 = 8192
net.ipv4.neigh.default.gc_thresh3 = 16384
net.ipv4.neigh.default.gc_interval = 5
net.ipv4.neigh.default.base_reachable_time = 120
net.ipv4.neigh.default.gc_stale_time = 120
net.ipv4.neigh.default.base_reachable_time = 120
net.ipv4.neigh.default.gc_stale_time = 120

# net.core.rmem_default = 16777216
# net.core.optmem_max = 2048000
# 最大的socket接收buffer大小
net.core.rmem_max = 108544
# 最大的socket发送buffer大小
net.core.wmem_max = 108544

# tuning TCP for web pdf
net.ipv4.tcp_rmem = 4096 65536 16777216
net.ipv4.tcp_wmem = 4096 16384 16777216
#表示允许重用TIME_WAIT状态的套接字用于新的TCP连接
net.ipv4.tcp_tw_reuse = 1
#系统在同时所处理的最大 timewait sockets 数目
net.ipv4.tcp_max_tw_buckets = 8192

# Do a 'modprobe tcp_cubic' first
net.ipv4.tcp_congestion_control = cubic

# cache ssthresh from previous connection
net.ipv4.tcp_no_metrics_save = 0
net.ipv4.tcp_moderate_rcvbuf = 0

# Enable ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts = 1

# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1