sysctl -a
abi.vsyscall32 = 1 //开启vdso
debug.exception-trace = 1 //开启异常debug调试日志
debug.kprobes-optimization = 1 //动态插入探测点
debug.panic_on_rcu_stall = 0
dev.parport.default.spintime = 500
dev.parport.default.timeslice = 200
dev.raid.speed_limit_max = 200000
dev.raid.speed_limit_min = 1000
dev.scsi.logging_level = 0
fs.aio-max-nr = 65536 //同时异步io请求数目
fs.aio-nr = 0
fs.binfmt_misc.status = enabled
fs.dentry-state = 645715 630329 45 0 0 0
fs.dir-notify-enable = 1
fs.epoll.max_user_watches = 1634918 //epollfd能被多少读者监视
fs.file-max = 790341 //所有进程能打开的文件数量
fs.file-nr = 1536 0 790341
fs.inode-nr = 75046 23553
fs.inode-state = 75046 23553 0 0 0 0 0
fs.inotify.max_queued_events = 16384
fs.inotify.max_user_instances = 128
fs.inotify.max_user_watches = 8192
fs.lease-break-time = 45
fs.leases-enable = 1
fs.may_detach_mounts = 0
fs.mount-max = 100000
fs.mqueue.msg_default = 10
fs.mqueue.msg_max = 10
fs.mqueue.msgsize_default = 8192
fs.mqueue.msgsize_max = 8192
fs.mqueue.queues_max = 256
fs.nr_open = 1048576
fs.overflowgid = 65534
fs.overflowuid = 65534
fs.pipe-max-size = 1048576
fs.pipe-user-pages-hard = 0
fs.pipe-user-pages-soft = 16384
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
fs.quota.allocated_dquots = 0
fs.quota.cache_hits = 0
fs.quota.drops = 0
fs.quota.free_dquots = 0
fs.quota.lookups = 0
fs.quota.reads = 0
fs.quota.syncs = 0
fs.quota.warnings = 1
fs.quota.writes = 0
fs.suid_dumpable = 0
fs.xfs.age_buffer_centisecs = 1500
fs.xfs.error_level = 3
fs.xfs.filestream_centisecs = 3000
fs.xfs.inherit_noatime = 1
fs.xfs.inherit_nodefrag = 1
fs.xfs.inherit_nodump = 1
fs.xfs.inherit_nosymlinks = 0
fs.xfs.inherit_sync = 1
fs.xfs.irix_sgid_inherit = 0
fs.xfs.irix_symlink_mode = 0
fs.xfs.panic_mask = 0
fs.xfs.rotorstep = 1
fs.xfs.speculative_prealloc_lifetime = 300
fs.xfs.stats_clear = 0
fs.xfs.xfsbufd_centisecs = 100
fs.xfs.xfssyncd_centisecs = 3000
kernel.acct = 4 2 30
kernel.acpi_video_flags = 0
kernel.auto_msgmni = 1
kernel.bootloader_type = 114
kernel.bootloader_version = 2
kernel.cad_pid = 1
kernel.cap_last_cap = 36
kernel.compat-log = 1
kernel.core_pattern = core
kernel.core_pipe_limit = 0
kernel.core_uses_pid = 1
kernel.ctrl-alt-del = 0
kernel.dmesg_restrict = 0
kernel.domainname = (none)
kernel.ftrace_dump_on_oops = 0
kernel.ftrace_enabled = 1
kernel.hardlockup_all_cpu_backtrace = 0
kernel.hardlockup_panic = 1
kernel.hostname = localhost.localdomain
kernel.hotplug =
kernel.hung_task_check_count = 4194304
kernel.hung_task_panic = 0
kernel.hung_task_timeout_secs = 120
kernel.hung_task_warnings = 10
kernel.io_delay_type = 0
kernel.kexec_load_disabled = 0
kernel.keys.gc_delay = 300
kernel.keys.maxbytes = 20000
kernel.keys.maxkeys = 200
kernel.keys.persistent_keyring_expiry = 259200
kernel.keys.root_maxbytes = 25000000
kernel.keys.root_maxkeys = 1000000
kernel.kptr_restrict = 0
kernel.max_lock_depth = 1024
kernel.modprobe = /sbin/modprobe
kernel.modules_disabled = 0
kernel.msg_next_id = -1
kernel.msgmax = 8192
kernel.msgmnb = 16384
kernel.msgmni = 15633
kernel.ngroups_max = 65536 //进程的最大组数量
kernel.nmi_watchdog = 1
kernel.ns_last_pid = 21002
kernel.numa_balancing = 1
kernel.numa_balancing_scan_delay_ms = 1000
kernel.numa_balancing_scan_period_max_ms = 60000
kernel.numa_balancing_scan_period_min_ms = 1000
kernel.numa_balancing_scan_size_mb = 256
kernel.numa_balancing_settle_count = 4
kernel.osrelease = 3.10.0-957.el7.x86_64
kernel.ostype = Linux
kernel.overflowgid = 65534
kernel.overflowuid = 65534
kernel.panic = 0
kernel.panic_on_io_nmi = 0 //非可屏蔽中断(nmi)
kernel.panic_on_oops = 1
kernel.panic_on_stackoverflow = 0
kernel.panic_on_unrecovered_nmi = 0
kernel.panic_on_warn = 0
kernel.perf_cpu_time_max_percent = 25
kernel.perf_event_max_sample_rate = 100000
kernel.perf_event_mlock_kb = 516
kernel.perf_event_paranoid = 2
kernel.pid_max = 32768
kernel.poweroff_cmd = /sbin/poweroff
kernel.print-fatal-signals = 0
kernel.printk = 4 4 1 7
kernel.printk_delay = 0
kernel.printk_ratelimit = 5
kernel.printk_ratelimit_burst = 10
kernel.pty.max = 4096
kernel.pty.nr = 4
kernel.pty.reserve = 1024
kernel.random.boot_id = e8848b90-6c7f-45d3-8428-ec08b1ba5615
kernel.random.entropy_avail = 2665
kernel.random.poolsize = 4096
kernel.random.read_wakeup_threshold = 64
kernel.random.urandom_min_reseed_secs = 60
kernel.random.uuid = 9d010324-707f-4ec5-b463-f735f97d1620
kernel.random.write_wakeup_threshold = 896
kernel.randomize_va_space = 2
kernel.real-root-dev = 0
kernel.sched_autogroup_enabled = 0
kernel.sched_cfs_bandwidth_slice_us = 5000
kernel.sched_child_runs_first = 0
kernel.sched_domain.cpu0.domain0.busy_factor = 32
kernel.sched_domain.cpu0.domain0.busy_idx = 2
kernel.sched_domain.cpu0.domain0.cache_nice_tries = 1
kernel.sched_domain.cpu0.domain0.flags = 4655
kernel.sched_domain.cpu0.domain0.forkexec_idx = 0
kernel.sched_domain.cpu0.domain0.idle_idx = 0
kernel.sched_domain.cpu0.domain0.imbalance_pct = 117
kernel.sched_domain.cpu0.domain0.max_interval = 16
kernel.sched_domain.cpu0.domain0.max_newidle_lb_cost = 16065
kernel.sched_domain.cpu0.domain0.min_interval = 8
kernel.sched_domain.cpu0.domain0.name = MC
kernel.sched_domain.cpu0.domain0.newidle_idx = 0
kernel.sched_domain.cpu0.domain0.wake_idx = 0
kernel.sched_domain.cpu0.domain1.busy_factor = 32
kernel.sched_domain.cpu0.domain1.busy_idx = 3
kernel.sched_domain.cpu0.domain1.cache_nice_tries = 2
kernel.sched_domain.cpu0.domain1.flags = 25647
kernel.sched_domain.cpu0.domain1.forkexec_idx = 0
kernel.sched_domain.cpu0.domain1.idle_idx = 2
kernel.sched_domain.cpu0.domain1.imbalance_pct = 125
kernel.sched_domain.cpu0.domain1.max_interval = 32
kernel.sched_domain.cpu0.domain1.max_newidle_lb_cost = 4782
kernel.sched_domain.cpu0.domain1.min_interval = 16
kernel.sched_domain.cpu0.domain1.name = NUMA
kernel.sched_domain.cpu0.domain1.newidle_idx = 0
kernel.sched_domain.cpu0.domain1.wake_idx = 0
kernel.sched_latency_ns = 24000000
kernel.sched_migration_cost_ns = 500000
kernel.sched_min_granularity_ns = 3000000
kernel.sched_nr_migrate = 32
kernel.sched_rr_timeslice_ms = 100
kernel.sched_rt_period_us = 1000000
kernel.sched_rt_runtime_us = 950000
kernel.sched_schedstats = 0
kernel.sched_shares_window_ns = 10000000
kernel.sched_time_avg_ms = 1000
kernel.sched_tunable_scaling = 1
kernel.sched_wakeup_granularity_ns = 4000000
kernel.seccomp.actions_avail = kill trap errno trace allow
kernel.seccomp.actions_logged = kill trap errno trace
kernel.sem = 250 32000 32 128
kernel.sem_next_id = -1
kernel.shm_next_id = -1
kernel.shm_rmid_forced = 0
kernel.shmall = 18446744073692774399
kernel.shmmax = 18446744073692774399
kernel.shmmni = 4096
kernel.softlockup_all_cpu_backtrace = 0
kernel.softlockup_panic = 0
kernel.stack_tracer_enabled = 0
kernel.sysctl_writes_strict = 1
kernel.sysrq = 16
kernel.tainted = 0
kernel.threads-max = 62367
kernel.timer_migration = 1
kernel.traceoff_on_warning = 0
kernel.unknown_nmi_panic = 0
kernel.usermodehelper.bset = 4294967295 31
kernel.usermodehelper.inheritable = 4294967295 31
kernel.version = #1 SMP Thu Nov 8 23:39:32 UTC 2018
kernel.watchdog = 1
kernel.watchdog_cpumask = 0-15
kernel.watchdog_thresh = 10
kernel.yama.ptrace_scope = 0
net.core.bpf_jit_enable = 1
net.core.bpf_jit_harden = 1
net.core.busy_poll = 0
net.core.busy_read = 0
net.core.default_qdisc = pfifo_fast //qdisc是链路层的输出,排队规则,fq就是bbr算法
net.core.dev_weight = 64 //每个CPU一次NAPI中断能够处理网络包数量的最大值
net.core.dev_weight_rx_bias = 1
net.core.dev_weight_tx_bias = 1
net.core.message_burst = 10 //设置每5秒写入多少次请求警告;此设置可以用来防止DOS攻击
net.core.message_cost = 5 //设置每一个警告的度量值,缺省为5,当用来防止DOS攻击时设置为0
net.core.netdev_budget = 300 //每次软中断处理的网络包个数
net.core.netdev_max_backlog = 1000 //最大处理包的队列长度
net.core.netdev_rss_key = 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
net.core.netdev_tstamp_prequeue = 1 //时间戳早点标记
net.core.optmem_max = 20480 //每个socket允许的最大缓冲区大小
net.core.rmem_default = 212992 //读缓冲大小默认值
net.core.rmem_max = 212992 //读缓冲大小最大值
net.core.rps_sock_flow_entries = 0 //将包负载均衡到各cpu
net.core.somaxconn = 128 //和backlog共同决定连接队列长度
net.core.warnings = 1
net.core.wmem_default = 212992
net.core.wmem_max = 212992
net.core.xfrm_acq_expires = 30 //xfrm是ipsec(ip分组加密认证)的实现框架,获取请求超时时间
net.core.xfrm_aevent_etime = 10 //默认时间
net.core.xfrm_aevent_rseqth = 2 //默认包数量
net.core.xfrm_larval_drop = 1
net.ipv4.cipso_cache_bucket_size = 10 //cipso缓存
net.ipv4.cipso_cache_enable = 1
net.ipv4.cipso_rbm_optfmt = 0
net.ipv4.cipso_rbm_strictvalid = 1
net.ipv4.conf.all.accept_local = 0 //设置是否允许接收从本机IP地址上发送给本机的数据包
net.ipv4.conf.all.accept_redirects = 1 //接收ICMP重定向消息
net.ipv4.conf.all.accept_source_route = 0//接收带有SRR选项的数据报。主机设为0,路由设为1
net.ipv4.conf.all.arp_accept = 0
net.ipv4.conf.all.arp_announce = 0
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.all.arp_notify = 0
net.ipv4.conf.all.bootp_relay = 0
net.ipv4.conf.all.disable_policy = 0
net.ipv4.conf.all.disable_xfrm = 0
net.ipv4.conf.all.force_igmp_version = 0
net.ipv4.conf.all.forwarding = 0 //在该接口打开转发功能
net.ipv4.conf.all.log_martians = 0 //记录带有不允许的地址的数据报到内核日志中。
net.ipv4.conf.all.mc_forwarding = 0/是否进行多播路由
net.ipv4.conf.all.medium_id = 0 //通常,这个参数用来区分不同媒介
net.ipv4.conf.all.promote_secondaries = 1//0:当接口的主IP地址被移除时,删除所有次IP地址,1:当接口的主IP地址被移除时,将次IP地址提升为主IP地址
net.ipv4.conf.all.proxy_arp = 0 // 打开arp代理功能
net.ipv4.conf.all.proxy_arp_pvlan = 0
net.ipv4.conf.all.route_localnet = 0
net.ipv4.conf.all.rp_filter = 1 //路由回溯验证
net.ipv4.conf.all.secure_redirects = 1
net.ipv4.conf.all.send_redirects = 1 //允许发送重定向消息
net.ipv4.conf.all.shared_media = 1
net.ipv4.conf.all.src_valid_mark = 0
net.ipv4.conf.all.tag = 0
net.ipv4.conf.default.accept_local = 0
net.ipv4.conf.default.accept_redirects = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.arp_accept = 0
net.ipv4.conf.default.arp_announce = 0
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.default.arp_ignore = 0
net.ipv4.conf.default.arp_notify = 0
net.ipv4.conf.default.bootp_relay = 0
net.ipv4.conf.default.disable_policy = 0
net.ipv4.conf.default.disable_xfrm = 0
net.ipv4.conf.default.force_igmp_version = 0
net.ipv4.conf.default.forwarding = 0
net.ipv4.conf.default.log_martians = 0
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.default.medium_id = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.default.proxy_arp_pvlan = 0
net.ipv4.conf.default.route_localnet = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.secure_redirects = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.default.shared_media = 1
net.ipv4.conf.default.src_valid_mark = 0
net.ipv4.conf.default.tag = 0
net.ipv4.conf.ens160.accept_local = 0
net.ipv4.conf.ens160.accept_redirects = 1
net.ipv4.conf.ens160.accept_source_route = 0
net.ipv4.conf.ens160.arp_accept = 0
net.ipv4.conf.ens160.arp_announce = 0
net.ipv4.conf.ens160.arp_filter = 0
net.ipv4.conf.ens160.arp_ignore = 0
net.ipv4.conf.ens160.arp_notify = 0
net.ipv4.conf.ens160.bootp_relay = 0
net.ipv4.conf.ens160.disable_policy = 0
net.ipv4.conf.ens160.disable_xfrm = 0
net.ipv4.conf.ens160.force_igmp_version = 0
net.ipv4.conf.ens160.forwarding = 0
net.ipv4.conf.ens160.log_martians = 0
net.ipv4.conf.ens160.mc_forwarding = 0
net.ipv4.conf.ens160.medium_id = 0
net.ipv4.conf.ens160.promote_secondaries = 1
net.ipv4.conf.ens160.proxy_arp = 0
net.ipv4.conf.ens160.proxy_arp_pvlan = 0
net.ipv4.conf.ens160.route_localnet = 0
net.ipv4.conf.ens160.rp_filter = 1
net.ipv4.conf.ens160.secure_redirects = 1
net.ipv4.conf.ens160.send_redirects = 1
net.ipv4.conf.ens160.shared_media = 1
net.ipv4.conf.ens160.src_valid_mark = 0
net.ipv4.conf.ens160.tag = 0
net.ipv4.conf.lo.accept_local = 0
net.ipv4.conf.lo.accept_redirects = 1
net.ipv4.conf.lo.accept_source_route = 1
net.ipv4.conf.lo.arp_accept = 0
net.ipv4.conf.lo.arp_announce = 0
net.ipv4.conf.lo.arp_filter = 0
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.conf.lo.arp_notify = 0
net.ipv4.conf.lo.bootp_relay = 0
net.ipv4.conf.lo.disable_policy = 1
net.ipv4.conf.lo.disable_xfrm = 1
net.ipv4.conf.lo.force_igmp_version = 0
net.ipv4.conf.lo.forwarding = 0
net.ipv4.conf.lo.log_martians = 0
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.lo.medium_id = 0
net.ipv4.conf.lo.promote_secondaries = 0
net.ipv4.conf.lo.proxy_arp = 0
net.ipv4.conf.lo.proxy_arp_pvlan = 0
net.ipv4.conf.lo.route_localnet = 0
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.lo.secure_redirects = 1
net.ipv4.conf.lo.send_redirects = 1
net.ipv4.conf.lo.shared_media = 1
net.ipv4.conf.lo.src_valid_mark = 0
net.ipv4.conf.lo.tag = 0
net.ipv4.fib_multipath_hash_policy = 0 //多路径路由选择
net.ipv4.fwmark_reflect = 0 //fwmark匹配条件,搭配netfilter
net.ipv4.icmp_echo_ignore_all = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_errors_use_inbound_ifaddr = 0
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.icmp_msgs_burst = 50
net.ipv4.icmp_msgs_per_sec = 1000
net.ipv4.icmp_ratelimit = 1000
net.ipv4.icmp_ratemask = 6168
net.ipv4.igmp_max_memberships = 20
net.ipv4.igmp_max_msf = 10
net.ipv4.igmp_qrv = 2
net.ipv4.inet_peer_maxttl = 600
net.ipv4.inet_peer_minttl = 120
net.ipv4.inet_peer_threshold = 65664
net.ipv4.ip_default_ttl = 64
net.ipv4.ip_dynaddr = 0 //是否使用动态ip地址
net.ipv4.ip_early_demux = 1
net.ipv4.ip_forward = 0 //ipv4转发
net.ipv4.ip_forward_use_pmtu = 0 //自动使用mtu大小
net.ipv4.ip_local_port_range = 32768 60999// 本地发起连接时使用的端口范围,tcp初始化时会修改此值
net.ipv4.ip_local_reserved_ports = //预留端口
net.ipv4.ip_no_pmtu_disc = 0 //在全局范围内关闭路径MTU探测功能
net.ipv4.ip_nonlocal_bind = 0 //绑定非本地ip
net.ipv4.ipfrag_high_thresh = 4194304 //于重组IP分段的内存分配最高值
net.ipv4.ipfrag_low_thresh = 3145728 //用于重组IP分段的内存分配最低值
net.ipv4.ipfrag_max_dist = 64 //相同的源地址ip碎片数据报的最大数量
net.ipv4.ipfrag_secret_interval = 600 // hash表中ip碎片队列的重建延迟
net.ipv4.ipfrag_time = 30 //一个IP分段在内存中保留多少秒
net.ipv4.neigh.default.anycast_delay = 100
net.ipv4.neigh.default.app_solicit = 0
net.ipv4.neigh.default.base_reachable_time_ms = 30000
net.ipv4.neigh.default.delay_first_probe_time = 5
net.ipv4.neigh.default.gc_interval = 30
net.ipv4.neigh.default.gc_stale_time = 60
net.ipv4.neigh.default.gc_thresh1 = 128
net.ipv4.neigh.default.gc_thresh2 = 512
net.ipv4.neigh.default.gc_thresh3 = 1024
net.ipv4.neigh.default.locktime = 100
net.ipv4.neigh.default.mcast_solicit = 3
net.ipv4.neigh.default.proxy_delay = 80
net.ipv4.neigh.default.proxy_qlen = 64
net.ipv4.neigh.default.retrans_time_ms = 1000
net.ipv4.neigh.default.ucast_solicit = 3
net.ipv4.neigh.default.unres_qlen = 31
net.ipv4.neigh.default.unres_qlen_bytes = 65536
net.ipv4.neigh.ens160.anycast_delay = 100
net.ipv4.neigh.ens160.app_solicit = 0
net.ipv4.neigh.ens160.base_reachable_time_ms = 30000
net.ipv4.neigh.ens160.delay_first_probe_time = 5
net.ipv4.neigh.ens160.gc_stale_time = 60
net.ipv4.neigh.ens160.locktime = 100
net.ipv4.neigh.ens160.mcast_solicit = 3
net.ipv4.neigh.ens160.proxy_delay = 80
net.ipv4.neigh.ens160.proxy_qlen = 64
net.ipv4.neigh.ens160.retrans_time_ms = 1000
net.ipv4.neigh.ens160.ucast_solicit = 3
net.ipv4.neigh.ens160.unres_qlen = 31
net.ipv4.neigh.ens160.unres_qlen_bytes = 65536
net.ipv4.neigh.lo.anycast_delay = 100
net.ipv4.neigh.lo.app_solicit = 0
net.ipv4.neigh.lo.base_reachable_time_ms = 30000
net.ipv4.neigh.lo.delay_first_probe_time = 5
net.ipv4.neigh.lo.gc_stale_time = 60
net.ipv4.neigh.lo.locktime = 100
net.ipv4.neigh.lo.mcast_solicit = 3
net.ipv4.neigh.lo.proxy_delay = 80
net.ipv4.neigh.lo.proxy_qlen = 64
net.ipv4.neigh.lo.retrans_time_ms = 1000
net.ipv4.neigh.lo.ucast_solicit = 3
net.ipv4.neigh.lo.unres_qlen = 31
net.ipv4.neigh.lo.unres_qlen_bytes = 65536
net.ipv4.ping_group_range = 1 0
net.ipv4.route.error_burst = 5000
net.ipv4.route.error_cost = 1000
net.ipv4.route.gc_elasticity = 8
net.ipv4.route.gc_interval = 60
net.ipv4.route.gc_min_interval = 0
net.ipv4.route.gc_min_interval_ms = 500
net.ipv4.route.gc_thresh = -1
net.ipv4.route.gc_timeout = 300
net.ipv4.route.max_size = 2147483647
net.ipv4.route.min_adv_mss = 256
net.ipv4.route.min_pmtu = 552
net.ipv4.route.mtu_expires = 600
net.ipv4.route.redirect_load = 20
net.ipv4.route.redirect_number = 9
net.ipv4.route.redirect_silence = 20480
net.ipv4.tcp_abort_on_overflow = 0 //守护进程太忙而不能接受新的连接,就向对方发送reset消息
net.ipv4.tcp_adv_win_scale = 1 //计算缓冲开销
net.ipv4.tcp_allowed_congestion_control = cubic reno //列出了tcp目前允许使用的拥塞控制算法
net.ipv4.tcp_app_win = 31 //保留max(window/2^tcp_app_win, mss)数量的窗口用于应用缓冲。当为0时表示不需要缓冲
net.ipv4.tcp_autocorking = 1 //自动阻塞cork
net.ipv4.tcp_available_congestion_control = cubic reno
net.ipv4.tcp_base_mss = 512 //tcp探察路径上mtu的最低边界限制, mss+TCP头部+TCP选项+IP头+IP选项.
net.ipv4.tcp_challenge_ack_limit = 1000 //控制每秒钟发送挑战ACK报文的数量。避免遭受Blind In-Window Attacks,包括reset,sync或者数据注入攻击等
net.ipv4.tcp_congestion_control = cubic //当前拥塞控制算法
net.ipv4.tcp_dsack = 1 //表示是否允许TCP发送“两个完全相同”的SACK
net.ipv4.tcp_early_retrans = 3 //是否启用tlp(尾端丢包探测)
net.ipv4.tcp_ecn = 2 //表示是否打开TCP的直接拥塞通告功能
net.ipv4.tcp_fack = 1//表示是否打开FACK拥塞避免和快速重传功能
net.ipv4.tcp_fastopen = 0 //建立连接的syn带数据
net.ipv4.tcp_fastopen_key = 00000000-00000000-00000000-00000000
net.ipv4.tcp_fin_timeout = 60 //TCP保持在FIN-WAIT-2状态的时间
net.ipv4.tcp_frto = 2 //虚假重传探测
net.ipv4.tcp_invalid_ratelimit = 500 //控制发送ACK确认报文的最大速率
net.ipv4.tcp_keepalive_intvl = 75
net.ipv4.tcp_keepalive_probes = 9 //表示丢弃TCP连接前,进行最大TCP保持连接侦测的次数
net.ipv4.tcp_keepalive_time = 7200
net.ipv4.tcp_limit_output_bytes = 262144 //限制了Qdisc队列或者设备队列中的数据量
net.ipv4.tcp_low_latency = 0 //允许 TCP/IP 栈适应在高吞吐量情况下低延时的情况
net.ipv4.tcp_max_orphans = 32768 //系统所能处理不属于任何进程的TCP sockets最大数量
net.ipv4.tcp_max_ssthresh = 0
net.ipv4.tcp_max_syn_backlog = 256//对于那些依然还未获得客户端确认的连接请求,需要保存在队列中最大数目。默认值是1024,可提高到2048。
net.ipv4.tcp_max_tw_buckets = 32768 //系统在同时所处理的最大timewait sockets 数目。如果超过此数的话,time-wait socket 会被立即砍除并且显示警告信息。
net.ipv4.tcp_mem = 184428 245907 368856//
该文件保存了三个值,分别是
low:当TCP使用了低于该值的内存页面数时,TCP不会考虑释放内存。
presure:当TCP使用了超过该值的内存页面数量时,TCP试图稳定其内存使用,进入pressure模式,当内存消耗低于low值时则退出pressure状态。
high:允许所有tcp sockets用于排队缓冲数据报的页面量。
net.ipv4.tcp_min_tso_segs = 2 //每个tso帧的最小段数量
net.ipv4.tcp_moderate_rcvbuf = 1 //接收数据时是否调整接收缓存
net.ipv4.tcp_mtu_probing = 0 // 是否开启tcp层路径mtu发现,自动调整tcp窗口等信
net.ipv4.tcp_no_metrics_save = 0//如果开启,tcp会在连接关闭时也就是LAST_ACK状态保存各种连接信息到路由缓存中,新建立的连接可以使用这些条件来初始化.。通常这会增加总体的系统性能,但是有些时候也会引起性能下降.
net.ipv4.tcp_notsent_lowat = -1 //控制发送缓存队列中的未发送数据量
net.ipv4.tcp_orphan_retries = 0 //针对孤立的socket(也就是已经从进程上下文中删除了,可是还有一些清理工作没有完成).在丢弃TCP连接之前重试的最大的次数
net.ipv4.tcp_reordering = 3 // TCP流中重排序的数据报最大数量
net.ipv4.tcp_retrans_collapse = 1
net.ipv4.tcp_retries1 = 3 //放弃回应一个TCP连接请求前进行重传的次数
net.ipv4.tcp_retries2 = 15 //放弃在已经建立通讯状态下的一个TCP数据包前进行重传的次数
net.ipv4.tcp_rfc1337 = 0 //启用后,内核将丢弃那些发往time-wait状态TCP套接字的RST 包
net.ipv4.tcp_rmem = 4096 87380 6291456//
此文件中保存有三个值,分别是
Min:为TCP socket预留用于接收缓冲的内存最小值。每个tcp socket都可以在建立后使用它。即使在内存出现紧张情况下tcp socket都至少会有这么多数量的内存用于接收缓冲
Default:为TCP socket预留用于接收缓冲的内存数量,默认情况下该值会影响其它协议使用的net.core.rmem_default 值,一般要低于net.core.rmem_default的值。该值决定了在tcp_adv_win_scale、tcp_app_win和tcp_app_win=0默认值情况下,TCP窗口大小为65535。
Max:用于TCP socket接收缓冲的内存最大值。该值不会影响net.core.rmem_max,"静态"选择参数SO_SNDBUF则不受该值影响。
net.ipv4.tcp_sack = 1 //是否启用有选择的应答
net.ipv4.tcp_slow_start_after_idle = 1 //在从新开始计算拥塞窗口前延迟一些时间,这延迟的时间长度由当前rto决定
net.ipv4.tcp_stdurg = 0 // 使用 TCP urg pointer 字段中的主机请求解释功能
net.ipv4.tcp_syn_retries = 6//决定内核在放弃连接之前所送出的 SYN数目
net.ipv4.tcp_synack_retries = 5//SYN+ACK 数目
net.ipv4.tcp_syncookies = 1//是否打开TCP同步标签(syncookie),内核必须打开了 CONFIG_SYN_COOKIES项进行编译。同步标签(syncookie)可以防止一个套接字在有过多试图连接到达时引起过载。
net.ipv4.tcp_thin_dupack = 0 //降低快速重传dup
net.ipv4.tcp_thin_linear_timeouts = 0 //前6次RTO超时触发的重传并不进行指数回退
net.ipv4.tcp_timestamps = 1 //是否启用以一种比超时重发更精确的方法
net.ipv4.tcp_tso_win_divisor = 3 //控制根据拥塞窗口的百分比,是否来发送相应的延迟tso frame
net.ipv4.tcp_tw_recycle = 0 // 打开快速 TIME-WAIT sockets 回收
net.ipv4.tcp_tw_reuse = 0 //是否允许重新应用处于TIME-WAIT状态的socket用于新的TCP连接
net.ipv4.tcp_window_scaling = 1 // 表示设置tcp/ip会话的滑动窗口大小是否可变
net.ipv4.tcp_wmem = 4096 16384 4194304 //
Min:为TCP socket预留用于发送缓冲的内存最小值。每个tcp socket都可以在建立后使用它。
Default:为TCP socket预留用于发送缓冲的内存数量,默认情况下该值会影响其它协议使用的net.core.wmem_default 值,一般要低于net.core.wmem_default的值。
Max:用于TCP socket发送缓冲的内存最大值。该值不会影响net.core.wmem_max,"静态"选择参数SO_SNDBUF则不受该值影响。
net.ipv4.tcp_workaround_signed_windows = 0 //
0:假定远程连接端正常发送了窗口收缩选项,即使对端没有发送.
1:假定远程连接端有错误,没有发送相关的窗口缩放选项
net.ipv4.udp_mem = 187101 249469 374202
net.ipv4.udp_rmem_min = 4096
net.ipv4.udp_wmem_min = 4096
net.ipv4.xfrm4_gc_thresh = 32768
net.ipv6.anycast_src_echo_reply = 0
net.ipv6.bindv6only = 0
net.ipv6.conf.all.accept_dad = 0
net.ipv6.conf.all.accept_ra = 1
net.ipv6.conf.all.accept_ra_defrtr = 1
net.ipv6.conf.all.accept_ra_pinfo = 1
net.ipv6.conf.all.accept_ra_rt_info_max_plen = 0
net.ipv6.conf.all.accept_ra_rtr_pref = 1
net.ipv6.conf.all.accept_redirects = 1
net.ipv6.conf.all.accept_source_route = 0
net.ipv6.conf.all.autoconf = 1
net.ipv6.conf.all.dad_transmits = 1
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.all.enhanced_dad = 1
net.ipv6.conf.all.force_mld_version = 0
net.ipv6.conf.all.force_tllao = 0
net.ipv6.conf.all.forwarding = 0
net.ipv6.conf.all.hop_limit = 64
net.ipv6.conf.all.keep_addr_on_down = 0
net.ipv6.conf.all.max_addresses = 16
net.ipv6.conf.all.max_desync_factor = 600
net.ipv6.conf.all.mc_forwarding = 0
net.ipv6.conf.all.mldv1_unsolicited_report_interval = 10000
net.ipv6.conf.all.mldv2_unsolicited_report_interval = 1000
net.ipv6.conf.all.mtu = 1280
net.ipv6.conf.all.ndisc_notify = 0
net.ipv6.conf.all.optimistic_dad = 0
net.ipv6.conf.all.proxy_ndp = 0
net.ipv6.conf.all.regen_max_retry = 3
net.ipv6.conf.all.router_probe_interval = 60
net.ipv6.conf.all.router_solicitation_delay = 1
net.ipv6.conf.all.router_solicitation_interval = 4
net.ipv6.conf.all.router_solicitations = 3
net.ipv6.conf.all.temp_prefered_lft = 86400
net.ipv6.conf.all.temp_valid_lft = 604800
net.ipv6.conf.all.use_optimistic = 0
net.ipv6.conf.all.use_tempaddr = 0
net.ipv6.conf.default.accept_dad = 1
net.ipv6.conf.default.accept_ra = 1
net.ipv6.conf.default.accept_ra_defrtr = 1
net.ipv6.conf.default.accept_ra_pinfo = 1
net.ipv6.conf.default.accept_ra_rt_info_max_plen = 0
net.ipv6.conf.default.accept_ra_rtr_pref = 1
net.ipv6.conf.default.accept_redirects = 1
net.ipv6.conf.default.accept_source_route = 0
net.ipv6.conf.default.autoconf = 1
net.ipv6.conf.default.dad_transmits = 1
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.default.enhanced_dad = 1
net.ipv6.conf.default.force_mld_version = 0
net.ipv6.conf.default.force_tllao = 0
net.ipv6.conf.default.forwarding = 0
net.ipv6.conf.default.hop_limit = 64
net.ipv6.conf.default.keep_addr_on_down = 0
net.ipv6.conf.default.max_addresses = 16
net.ipv6.conf.default.max_desync_factor = 600
net.ipv6.conf.default.mc_forwarding = 0
net.ipv6.conf.default.mldv1_unsolicited_report_interval = 10000
net.ipv6.conf.default.mldv2_unsolicited_report_interval = 1000
net.ipv6.conf.default.mtu = 1280
net.ipv6.conf.default.ndisc_notify = 0
net.ipv6.conf.default.optimistic_dad = 0
net.ipv6.conf.default.proxy_ndp = 0
net.ipv6.conf.default.regen_max_retry = 3
net.ipv6.conf.default.router_probe_interval = 60
net.ipv6.conf.default.router_solicitation_delay = 1
net.ipv6.conf.default.router_solicitation_interval = 4
net.ipv6.conf.default.router_solicitations = 3
net.ipv6.conf.default.temp_prefered_lft = 86400
net.ipv6.conf.default.temp_valid_lft = 604800
net.ipv6.conf.default.use_optimistic = 0
net.ipv6.conf.default.use_tempaddr = 0
net.ipv6.conf.ens160.accept_dad = 1
net.ipv6.conf.ens160.accept_ra = 1
net.ipv6.conf.ens160.accept_ra_defrtr = 0
net.ipv6.conf.ens160.accept_ra_pinfo = 0
net.ipv6.conf.ens160.accept_ra_rt_info_max_plen = 0
net.ipv6.conf.ens160.accept_ra_rtr_pref = 0
net.ipv6.conf.ens160.accept_redirects = 1
net.ipv6.conf.ens160.accept_source_route = 0
net.ipv6.conf.ens160.autoconf = 1
net.ipv6.conf.ens160.dad_transmits = 1
net.ipv6.conf.ens160.disable_ipv6 = 0
net.ipv6.conf.ens160.enhanced_dad = 1
net.ipv6.conf.ens160.force_mld_version = 0
net.ipv6.conf.ens160.force_tllao = 0
net.ipv6.conf.ens160.forwarding = 0
net.ipv6.conf.ens160.hop_limit = 64
net.ipv6.conf.ens160.keep_addr_on_down = 0
net.ipv6.conf.ens160.max_addresses = 16
net.ipv6.conf.ens160.max_desync_factor = 600
net.ipv6.conf.ens160.mc_forwarding = 0
net.ipv6.conf.ens160.mldv1_unsolicited_report_interval = 10000
net.ipv6.conf.ens160.mldv2_unsolicited_report_interval = 1000
net.ipv6.conf.ens160.mtu = 1500
net.ipv6.conf.ens160.ndisc_notify = 0
net.ipv6.conf.ens160.optimistic_dad = 0
net.ipv6.conf.ens160.proxy_ndp = 0
net.ipv6.conf.ens160.regen_max_retry = 3
net.ipv6.conf.ens160.router_probe_interval = 60
net.ipv6.conf.ens160.router_solicitation_delay = 1
net.ipv6.conf.ens160.router_solicitation_interval = 4
net.ipv6.conf.ens160.router_solicitations = 3
sysctl: reading key “net.ipv6.conf.ens160.stable_secret”
net.ipv6.conf.ens160.temp_prefered_lft = 86400
net.ipv6.conf.ens160.temp_valid_lft = 604800
net.ipv6.conf.ens160.use_optimistic = 0
net.ipv6.conf.ens160.use_tempaddr = 0
net.ipv6.conf.lo.accept_dad = -1
net.ipv6.conf.lo.accept_ra = 1
net.ipv6.conf.lo.accept_ra_defrtr = 1
net.ipv6.conf.lo.accept_ra_pinfo = 1
net.ipv6.conf.lo.accept_ra_rt_info_max_plen = 0
net.ipv6.conf.lo.accept_ra_rtr_pref = 1
net.ipv6.conf.lo.accept_redirects = 1
net.ipv6.conf.lo.accept_source_route = 0
net.ipv6.conf.lo.autoconf = 1
net.ipv6.conf.lo.dad_transmits = 1
net.ipv6.conf.lo.disable_ipv6 = 0
net.ipv6.conf.lo.enhanced_dad = 1
net.ipv6.conf.lo.force_mld_version = 0
net.ipv6.conf.lo.force_tllao = 0
net.ipv6.conf.lo.forwarding = 0
net.ipv6.conf.lo.hop_limit = 64
net.ipv6.conf.lo.keep_addr_on_down = 0
net.ipv6.conf.lo.max_addresses = 16
net.ipv6.conf.lo.max_desync_factor = 600
net.ipv6.conf.lo.mc_forwarding = 0
net.ipv6.conf.lo.mldv1_unsolicited_report_interval = 10000
net.ipv6.conf.lo.mldv2_unsolicited_report_interval = 1000
net.ipv6.conf.lo.mtu = 65536
net.ipv6.conf.lo.ndisc_notify = 0
net.ipv6.conf.lo.optimistic_dad = 0
net.ipv6.conf.lo.proxy_ndp = 0
net.ipv6.conf.lo.regen_max_retry = 3
net.ipv6.conf.lo.router_probe_interval = 60
net.ipv6.conf.lo.router_solicitation_delay = 1
net.ipv6.conf.lo.router_solicitation_interval = 4
net.ipv6.conf.lo.router_solicitations = 3
sysctl: reading key “net.ipv6.conf.lo.stable_secret”
net.ipv6.conf.lo.temp_prefered_lft = 86400
net.ipv6.conf.lo.temp_valid_lft = 604800
net.ipv6.conf.lo.use_optimistic = 0
net.ipv6.conf.lo.use_tempaddr = -1
net.ipv6.fwmark_reflect = 0
net.ipv6.icmp.ratelimit = 1000
net.ipv6.idgen_delay = 1
net.ipv6.idgen_retries = 3
net.ipv6.ip6frag_high_thresh = 4194304
net.ipv6.ip6frag_low_thresh = 3145728
net.ipv6.ip6frag_secret_interval = 600
net.ipv6.ip6frag_time = 60
net.ipv6.ip_nonlocal_bind = 0
net.ipv6.mld_max_msf = 64
net.ipv6.mld_qrv = 2
net.ipv6.neigh.default.anycast_delay = 100
net.ipv6.neigh.default.app_solicit = 0
net.ipv6.neigh.default.base_reachable_time_ms = 30000
net.ipv6.neigh.default.delay_first_probe_time = 5
net.ipv6.neigh.default.gc_interval = 30
net.ipv6.neigh.default.gc_stale_time = 60
net.ipv6.neigh.default.gc_thresh1 = 128
net.ipv6.neigh.default.gc_thresh2 = 512
net.ipv6.neigh.default.gc_thresh3 = 1024
net.ipv6.neigh.default.locktime = 0
net.ipv6.neigh.default.mcast_solicit = 3
net.ipv6.neigh.default.proxy_delay = 80
net.ipv6.neigh.default.proxy_qlen = 64
net.ipv6.neigh.default.retrans_time_ms = 1000
net.ipv6.neigh.default.ucast_solicit = 3
net.ipv6.neigh.default.unres_qlen = 31
net.ipv6.neigh.default.unres_qlen_bytes = 65536
net.ipv6.neigh.ens160.anycast_delay = 100
net.ipv6.neigh.ens160.app_solicit = 0
net.ipv6.neigh.ens160.base_reachable_time_ms = 30000
net.ipv6.neigh.ens160.delay_first_probe_time = 5
net.ipv6.neigh.ens160.gc_stale_time = 60
net.ipv6.neigh.ens160.locktime = 0
net.ipv6.neigh.ens160.mcast_solicit = 3
net.ipv6.neigh.ens160.proxy_delay = 80
net.ipv6.neigh.ens160.proxy_qlen = 64
net.ipv6.neigh.ens160.retrans_time_ms = 1000
net.ipv6.neigh.ens160.ucast_solicit = 3
net.ipv6.neigh.ens160.unres_qlen = 31
net.ipv6.neigh.ens160.unres_qlen_bytes = 65536
net.ipv6.neigh.lo.anycast_delay = 100
net.ipv6.neigh.lo.app_solicit = 0
net.ipv6.neigh.lo.base_reachable_time_ms = 30000
net.ipv6.neigh.lo.delay_first_probe_time = 5
net.ipv6.neigh.lo.gc_stale_time = 60
net.ipv6.neigh.lo.locktime = 0
net.ipv6.neigh.lo.mcast_solicit = 3
net.ipv6.neigh.lo.proxy_delay = 80
net.ipv6.neigh.lo.proxy_qlen = 64
net.ipv6.neigh.lo.retrans_time_ms = 1000
net.ipv6.neigh.lo.ucast_solicit = 3
net.ipv6.neigh.lo.unres_qlen = 31
net.ipv6.neigh.lo.unres_qlen_bytes = 65536
net.ipv6.route.gc_elasticity = 9
net.ipv6.route.gc_interval = 30
net.ipv6.route.gc_min_interval = 0
net.ipv6.route.gc_min_interval_ms = 500
net.ipv6.route.gc_thresh = 1024
net.ipv6.route.gc_timeout = 60
net.ipv6.route.max_size = 16384
net.ipv6.route.min_adv_mss = 1220
net.ipv6.route.mtu_expires = 600
net.ipv6.xfrm6_gc_thresh = 32768
net.netfilter.nf_log.0 = NONE
net.netfilter.nf_log_all_netns = 0
net.unix.max_dgram_qlen = 512
user.max_ipc_namespaces = 31183 //当前用户可以创建的ipc命名空间最大数量
user.max_mnt_namespaces = 31183
user.max_net_namespaces = 31183
user.max_pid_namespaces = 31183
user.max_user_namespaces = 0
user.max_uts_namespaces = 31183 //HOSTNAME和domain的隔离
vm.admin_reserve_kbytes = 8192 //给有cap_sys_admin权限的用户保留的内存数量
vm.block_dump = 0 //块I/O调试
vm.dirty_background_bytes = 0
vm.dirty_background_ratio = 10
vm.dirty_bytes = 0
vm.dirty_expire_centisecs = 3000
vm.dirty_ratio = 20
vm.dirty_writeback_centisecs = 500
vm.drop_caches = 0
vm.extfrag_threshold = 500
vm.hugepages_treat_as_movable = 0
vm.hugetlb_shm_group = 0
vm.laptop_mode = 0
vm.legacy_va_layout = 0
vm.lowmem_reserve_ratio = 256 256 32
vm.max_map_count = 65530
vm.memory_failure_early_kill = 0
vm.memory_failure_recovery = 1
vm.min_free_kbytes = 90112
vm.min_slab_ratio = 5
vm.min_unmapped_ratio = 1
vm.mmap_min_addr = 4096
vm.mmap_rnd_bits = 28
vm.mmap_rnd_compat_bits = 8
vm.nr_hugepages = 0
vm.nr_hugepages_mempolicy = 0
vm.nr_overcommit_hugepages = 0
vm.nr_pdflush_threads = 0
vm.numa_zonelist_order = default
vm.oom_dump_tasks = 1
vm.oom_kill_allocating_task = 0
vm.overcommit_kbytes = 0
vm.overcommit_memory = 0
vm.overcommit_ratio = 50
vm.page-cluster = 3
vm.panic_on_oom = 0
vm.percpu_pagelist_fraction = 0
vm.stat_interval = 1
vm.swappiness = 60
vm.user_reserve_kbytes = 131072
vm.vfs_cache_pressure = 100
vm.zone_reclaim_mode = 0
修改方法:
1 .#echo 1 > /proc/sys/net/ipv4/ip_forward
2.#sysctl -w net.ipv4.ip_forward=1
然后service network restart
永久修改: /etc/sysctl.conf里加上配置
/proc/sys
可直接echo查看参数信息,sysctl修改参数,也可以echo 1 >修改
调整进程优先级
chrt -m //查看当前调度策略
chrt -p 12334 -f 60 zyg //修改进程的调度
nice -n 5 zyg //修改sched_normal的nice值
renice 10 12334
taskset -p 2 12344//修改进程亲和的cpu
当然还可以调整cgroups和虚拟机的cpu亲和力
irqbalance 中断亲和力设置
numa
numactl --cpubind=0 --membind=0,1 12332 //设置numa的cpu node内存亲和力
numactl --preferred=1 //设置偏好node
numactl --localalloc /dev/shm/file //设置内存分配
tcp网络调优
进程资源限制ulimit
ulimit -a
ulimit -n 65535
ulimit -c unlimited
ulimit -t 10 //限制cpu时间
ulimit -f 100 //限制创建文件大小
ksm
/sys/kernel/mm/ksm 手动配置
service ksmtuned restart
I/O调整
fcq电梯算法(idle,best-effort,realtime)或者deadline算法
nr_requests
echo 64 > /sys/block/sdb/queue/nr_requests
read_ahead_kb
echo 256 > /sys/block/sda/queue/read_ahead_kb
ionice -c 3 -p 48998
mount -o data=writeback /dev/sdb1 /data
data=journal //最高一致性
data=ordered(default) //默认设置
data=writeback //写回
网卡配置
ethtool -s eth0 autoneg off speed 1000 duplex full
配置offload
ethtool -K eth0 sg on tso on gso off
iptables
日志分析
/var/log
dmsg
cgroup
cgset -r cpuset.cpus=2 zyg
shell能力
网络监控
流量监控:iftop
网络性能分析:iperf
网络嗅探:nmap
资源管理
perf:linux性能计数器
cpustat