About me‎ > ‎Profiles‎ > ‎Skillmatrix‎ > ‎

TCP Tuning for HTTP

NOTE: This page only contains Linux TCP specific Tunings. nginx specific tunings will be added later in a Gist (most likely), for now just refer to the links at the bottom ;-D

Example /etc/sysct.conf

NOTE: Adjust value to suite your needs / system (some of the values were stolen from XenServer 6.5 SP1 dom0).

# max number of file handles kernel will allocate
fs.file-max = 1024000

# socket listen() backlog
net.core.somaxconn = 65535

# max number of packets queued on the INPUT side
# when the interface receives packets faster than kernel can process
# NIC specific
# To achieve C1M set ti to 65535
net.core.netdev_max_backlog = 1000

# maximum ancillary buffer size allowed per socket
# ancillary data is a sequence of struct cmsghdr structures with appended data
net.core.optmem_max=20480

# default receive / send socket buffer for all protocols
net.core.rmem_default = 16384
net.core.wmem_default = 32768

# max receive / send socket buffer for all protocols
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216

# enable window scaling as defined in RFC1323
net.ipv4.tcp_window_scaling = 1

# low pressure max (in pages)
# net.ipv4.tcp_mem = low pressure max
net.ipv4.tcp_mem = 1572864 1835008 2097152

# min default max size of receive buffer used by TCP
net.ipv4.tcp_rmem = 4096 32768 16777216

# min default max size of send buffer used by TCP
net.ipv4.tcp_wmem = 4096 32768 16777216

# max number of timewait sockets
net.ipv4.tcp_max_tw_buckets = 524288

# maximal number of TCP sockets not attached to any user file handle held by system
If number is exceeded orphaned connections are reset immediately and warning is printed
# only to prevent simple DoS attachs, MUST not rely on it
# each orphan eats up to ~64K of unswappable memory
# net.ipv4.tcp_max_orphans=262144
# net.ipv4.tcp_orphan_retries = 0


# max number of remembered connection requests which have not received an ACK
# from a connecting client
net.ipv4.tcp_max_syn_backlog = 65536
# to achieve C1M
# net.ipv4.tcp_max_sync_backlog = 524288

# prevent SYN flood attach
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_synack_retries = 2 # default 5
net.ipv4.tcp_syn_retries = 2 # default 6

# define local port range for TCP and UDP
net.ipv4.ip_local_port_range = 1024 65000

# length of time an orphaned (no longer referenced by any application) connection
# will remain in the FIN_WAIT_2 state before it is aborted at the local end
net.ipv4.tcp_fin_timeout = 15

# reuse TIME-WAIT sockets for new connections when it is safe from protocol viewpoint
# be careful with NAT
# net.ipv4.tcp_tw_reuse = 0

# congestion control algorithm to be used for new connections
net.ipv4.tcp_congestion_control = cubic

TCP will not cache metrics on closing connections (in route cache)
# reused to set initial conditions for new connections
net.ipv4.tcp_no_metrics_save = 1

# TCP Fast Open enabled by default in 3.13+
net.ipv4.tcp_fastopen = 1

# reduce TIME_WAIT from the 120s default to 30-60s
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 30

# reduce FIN_WAIT from the 120s default to 30-60s
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 30

# TCP Keepalive - try NOT to change unless you know what you are doing
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_time = 120


References


Comments