When it comes to the kernel, everyone will feel very mysterious. The adjustment of the kernel parameters is even more like a cloud. In fact, it is not as difficult as everyone thinks, and adjustments to them are rarely used. Maybe you have experience, want to understand the role of some kernel parameters, and then go online to search a lot of documents, the results found that most of them are the same, and no one can say very detailed. Here are a few network-related parameters that I have summarized, and I hope to help you. Of course, I don't guarantee that understanding will be in place. If you have a better understanding, please reply! 1 net.ipv4.tcp_max_tw_buckets For the tcp connection, the state of the server and the client is changed to timewait after the communication is completed. If a server is very busy and the number of connections is particularly large, the number of timewaits will become larger and larger. After all, it also takes up a certain amount of resources, so there should be a maximum value. When this value is exceeded, the system will delete the oldest connection, which is always an order of magnitude. This value is determined by the parameter net.ipv4.tcp_max_tw_buckets. CentOS7 system, you can use sysctl -a | grep tw_buckets to view its value, the default is 32768, you can properly lower it, such as to 8000, after all, too many connections in this state will also consume resources. But you don't want to adjust it to tens or hundreds of times, because the tcp connection in this state is also useful. If the same client communicates with the server again, there is no need to establish a new connection again. Use this old channel. ,save time and energy. 2 net.ipv4.tcp_tw_recycle = 1 The purpose of this parameter is to quickly reclaim the connection in the timewait state. Although it is mentioned above that the system will automatically delete the connection in the timewait state, it is better if you reuse such a connection. So setting this parameter to 1 will allow the connection in the timewait state to be quickly reclaimed. It needs to be used with the following parameters. 3 net.ipv4.tcp_tw_reuse = 1 This parameter is set to 1, and the connection in the timewait state is reused for the new TCP connection, which is used in conjunction with the above parameters. 4 net.ipv4.tcp_syncookies = 1 In the tcp three-way handshake, the client initiates a syn request to the server. After receiving the request, the server also initiates a syn request to the client and simultaneously acknowledges the ack. If the client disconnects directly from the server after sending the request, the service is not received. The server initiates this request and the server will try again. This retry process will continue for a while. When the number of connections in this state is very large, the server will consume a lot of resources, causing embarrassment, normal connection can not enter, this malicious semi-join behavior is actually called syn Flood attack. Set to 1 to enable SYN Cookies, which can prevent the above-mentioned syn flood attacks. After the parameter is enabled, the server receives the ack of the client, and then sends the ack+syn to the client to request the client to respond to a sequence number within a short period of time. If the client cannot provide the sequence number or the sequence number provided is incorrect, the client is considered not to Legitimate, so it will not send ack+syn to the client, and it will not involve retrying. 5 net.ipv4.tcp_max_syn_backlog This parameter defines the maximum number of tcp connections that the system can accept for the maximum semi-join state. The client sends the syn packet to the server. After the server receives it, it will record it. This parameter determines that up to several such connections can be recorded. My CentOS7 system, the default is 256. When there is a syn flood attack, this value is too small, it is easy to cause the server to crash. In fact, the server does not consume too much resources (cpu, memory, etc.), so it can be adjusted appropriately. It, for example, is adjusted to 30,000. 6 net.ipv4.tcp_syn_retries This parameter applies to the client. It defines the maximum number of retries to initiate syn. The default is 5, and the recommendation is changed to 2. 7 net.ipv4.tcp_synack_retries This parameter applies to the server. It defines the maximum number of retries for starting syn+ack. The default is 5, and the recommendation is changed to 2. It can prevent syn flood attacks. 8 net.ipv4.ip_local_port_range This parameter defines the port range. The system defaults to keep the port number 1024 and below. The above part is a custom port. This parameter applies to the client. When the client and the server establish a connection, for example, accessing port 80 of the server, the client randomly opens a port and the server initiates a connection. This parameter defines the range of the random port. The default is 32768 61000, and the recommended adjustment is 1025 61000. 9 net.ipv4.tcp_fin_timeout In the state of the tcp connection, there is a FIN-WAIT-2 state on the client, which is the state before the state transitions to timewait. This parameter defines the timeout period for this connection state that does not belong to any process. The default value is 60, and the recommended adjustment is 6. 10 net.ipv4.tcp_keepalive_time In the tcp connection state, one is the keepalived state, and only in this state, the client and the server can communicate. Under normal circumstances, when the communication is completed, the client or server will tell the other party to close the connection, and the status will become timewait. If the client does not tell the server, and the server does not tell the client to close (for example, The client is disconnected from the network.) This parameter is needed to determine. For example, the client has been disconnected from the network, but the status of the connection on the server is still keepalived. In order to confirm whether the client is disconnected from the network, the server needs to send a probe packet at intervals to confirm whether the other party is online. . This time is determined by this parameter. Its default value is 7200 (in seconds) and is recommended to be set to 30. 11 net.ipv4.tcp_keepalive_intvl The parameter is the same as the above parameter. The server initiates the probe within the specified time to check whether the client is online. If the client does not confirm, the server cannot determine that the other party is not online, but try more. Times. This parameter defines the time to resend the probe, that is, after the first time the other party is found to have a problem, how long it takes to initiate the probe again. The default is 75 seconds (in seconds) and can be changed to 3. 12 net.ipv4.tcp_keepalive_probes The 10th and 11th parameters specify when the probe is initiated and the probe fails to detect again, but it does not define a total number of probes to complete. This parameter defines the number of packets that initiate the probe. The default is 9, it is recommended to set 2. Multi-Port Usb Charger,5V2A Usb Charger,Mobile Phone Charger,Multi Ports Usb-A Charging Hub shenzhen ns-idae technology co.,ltd , https://www.szbestchargers.com