Author: Yao ye what Xiaoyu Yang help she sees clouds in the tuning LINUX network performance of debugging tools articles "and" tuned LINUX network performance of network configuration file details of two articles, we introduced the route, netstat, tcpdump three network tuning test tools and implements the functionality and content of the Web configuration file, in this article we will introduce from the point of view of the actual network performance tuning.
Next, we'll introduce network performance tuning of the first method: service mode selection. Service mode select network servers due to simultaneously to multiple clients, you must use a way to support this kind of multitasking way of services. In general there are three ways to select, multi-process mode, multi-threaded and asynchronous modes. Among them, many processes in the server on a client to use a process to provide the service, as in the operating system, generate a process requires the process memory copy and other additional expenses, such as customers more time performance decreases. In order to overcome this extra cost of the build process, you can use multiple threads or asynchronous mode. In multithreaded mode, use the process of multiple threads, because the overhead of smaller threads, performance will improve. In fact, does not require any additional overhead or asynchronous mode, it uses non-blocking manner with each customer communications, the server uses a polling of the process. Asynchronous mode, multiple tasks scheduling is determined by the server program itself, but once a place of the entire server problems, not within the scope of the discussion. Increase the number of threads the system: limit the number of threads to a number of factors, mainly in the process number of restrictions, memory size, mutex/semaphore/shm/ipc; generally first enlarged process maximum number, and then expanded memory, increase the maximum number of threads, and increase the maximum number of threads is very simple, only need to change in the two offices to glibc: thread maximum number and size of the thread stack area; the maximum number of threads is to process asynchronous I/O performance, and therefore need to be balanced. Complex profile useful content 1. for the purposes of the database, increasing the shared memory segments and semaphores, on data transmission efficiency play a very important role; method: simply edit the file linux/include/linux/sem.h and Linux/include/asm-i386/shmparam.h. 2. to increase the maximum number of processes, expanded memory, and then increase the maximum number of threads, and increase the maximum number of threads is very simple, only need to change in the two offices to glibc: thread maximum number and size of the thread stack area; 3. the "/etc/inittab file line commented out to prevent use Control-Alt-Delete shut down the computer. If the server is not in a safe place, it is very important. Edit the inittab file (vi/etc/inittab) put this line: ca:: ctrlaltdel:/sbin/shutdown-t3-rnow read: # ca:: ctrlaltdel:/sbin/shutdown-t3-rnow used the following command to make the change take effect: root @ deep] #/sbin/initq 4./etc/host.conf file specifies how to resolve the host name. Linux through the parser library to obtain the host name of the corresponding IP address. The following is an example of "/etc/host.conf": orderbind, hosts: Specifies the host name of the query sequence, here provides first use DNS to resolve the domain name, and then query the/etc/hosts "file (or vice versa). Can the file add the following two sentences: multion: specify host can have more than one address, multiple IP addresses of hosts generally known as a multi-homed hosts. Ospoofon: means not allowed on the server for IP address spoofing, to improve server security. IP spoofing is a way to attack the system security tools, by IP address masquerading as another computer, to obtain the trust of the other computer. Tunable Linux kernel network parameters ICMP related kernel configuration parameter Overview: usually we use icmp packets to probe the other end host protocols (such as tcp and UDP) is available. For example, contains information about the "destinationunreachable" icmp packet is the most common icmp packets. (1) set the contents to icmp_destunreach_rate: "DestinationUnreachable" icmp packets of response rate. Set the value to be an integer. Application example: suppose you have A, B two hosts, first of all we host A following ipchains statement: ipchains-Ainput-picmp-jREJECT here REJECT and DENY, DENY lose qualifying package as if no receiving the package, and REJECT the package will be lost at the same time to request the host to send back an ICMP "DestinationUnreachable". And then host B, host A ping, we will find the "DestinationUnreachable" icmp packet response speed is very timely. Then we perform on A host: echo "1" >/proc/sys/net/ipv4/icmp_destunreach_rate i.e. every 10 seconds to respond to a "DestinatIonUnreachable "ICMP packets. At this time then ping from host b, host a would find "DestinationUnreachable" icmp packet speed of response has been dramatically slow, I am very curious to test a bit, found just one out of every 10 seconds to respond. (2) whether the response icmp_echo_ignore_broadcasts: set icmpecho request broadcast setting value should be a Boolean value of 0 indicates that the response to the request for broadcasting, 1 icmpecho said ignored. Note: the Windows system is not responding icmpecho requests to broadcast. Application example: in my RedHat7 RedHat6.x and the default is 0 on this value, so that when a user ping my server is the network address of the network segment, all of the linux server response, thus allowing the user to get my server's IP address, you can do echo "1" >/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts to turn off this feature. Thereby preventing icmp storm to prevent network congestion. (3) icmp_echoreply_rate: setting the system responds to the icmp packet icmpecho request response speed, set the value to an integer. Application example: suppose you have A, B two hosts, first of all we ping on host b, host A can see responding quite normal, and then executed on the host A echo "1" >/proc/sys/net/ipv4/icmp_echoreply_rate i.e. every 10 seconds to respond to a request packet. icmpecho And then ping host A has the speed of response has been turned into 10 seconds. The best reasonable adjustments to the value of the parameter to prevent the icmp storm. (4) whether icmp_echo_ignore_all: setting the system ignores all icmpecho requests, if you set a non-zero value, the system will ignore all icmpecho requests. In fact, this is an extreme icmp_echoreply_rate. The parameter value to a Boolean value that indicates the ignored, 1: 0: indicates that the response. (5) icmp_paramprob_rate: when the system receives a datagram of damaged the IP or tcp headers, sent to the source that contains the error message of icmp packets. This parameter is used to set the source to send such icmp packets. Of course, normally the IP or tcp header error is rare. The parameter value as an integer. (6) icmp_timeexceed_rate: datagrams transmitted on the network, its time to live (timetolive) fields are declining, when survival time of 0, processing the datagram router discards the datagram and at the same time to the source host sends a "timetoliveexceeded" ICMP packets. This parameter is used to set the icmp packets are sent. Of course, this is typically used to act as a router for the linux host. IP-related kernel configuration parameters of the Linux kernel network parameters about IP configuration parameters are typically used to define or adjust the ip packet of some specific parameters, in addition also defines some network characteristics of the system. (1) ip_default_ttl: set from the native ip packets sent by lifetime parameter value is an integer, range 0-128, the default is 64. In the windows system, the ip packet's survival time usually is 128. If your system has often been "Timetoliveexceeded" ICMP responses may be appropriate to increase the value of the parameter, but not too large, because if you route a bad road, it will increase the system's time and errors. (2) ip_dynaddr: this parameter is typically used to use a dial-up connection, you can enable the system to immediately change the source address of the ip packets to the IP address and interrupt the original tcp dialogue and new address to reissue a syn request package tcp, start a new conversation. IP spoofing is used, this parameter can be changed for masquerade address of the new IP address. The parameter value can be: 1: enable the feature 2: using the verbose mode is enabled, this feature 0: disable the function application examples: using ipchains configuration IP spoofing drive LAN sharing a PPP connection to the Internet, sometimes appear when a connection has just left a site even refresh, and can connect again, this time you can set the value of this parameter is 1, so the address is immediately changed the camouflage of the new IP address, you can resolve these problems. Command: echo "1" > ip_forward/proc/sys/net/ipv4/ip_dynaddr (3): the parameter to enable packet forwarding, so that the system is acting as a router. The parameter value to 1 to enable IP forwarding, 0 banned ip forwarding. Note that we can in a single network adapter or double card host implements ip forwarding. Application example: suppose we use a network card is equipped with a double acting as a firewall linux host, then we must execute the following command to turn on IP forwarding: echo "1" >/proc/sys/net/ipv4/ip_forward (4) ip_local_port_range: set if the local system to initiate TCP or UDP connection request using the port range. Sets the value of two integer, default is "10244999". Application example: echo "14506000" >/proc/sys/net/ipv4/ip_local_port_ranGe tcp related kernel configuration parameters through tcp configuration parameter to control the TCP session all aspects of the process. (1) tcp_fin_timeout: in a tcp session, when a session ends, A first to B sends a fin packet, B ACK confirmation packet, A State of the waiting FINWAIT2 enters the fin packet and then B to B send ack confirmation package. This parameter is used to set A status entry FINWAIT2 awaiting the timeout fin packets. If time is not received by the other's fin packets on the active release of the session. Parameter value is an integer number of seconds, the default is 180 seconds. (2) tcp_syn_retires: set began to establish a tcp session, try sending a syn packet number of connection requests. The parameter value is less than 255, the default value is 10. If your connection is fast, consider reducing this value can improve system response times, even if the connection is very slow for users, the default
No comments:
Post a Comment