当前位置: 游戏平台 > 互联网科技 > 正文

Centos7 内核优化

时间:2019-11-10 15:17来源:互联网科技
暂时停止对mongodb的性能测试 因为前端做负载均衡的nginx性能提升不上去由于经费 还有目前测试条件的限制我们做的性能测试都是在KVM虚拟机里搭建的环境 nginx1.2.6测试工具就是Bpache B

暂时停止对mongodb的性能测试 因为前端做负载均衡的nginx性能提升不上去 由于经费 还有目前测试条件的限制 我们做的性能测试都是在KVM虚拟机里搭建的环境 nginx1.2.6 测试工具就是Bpache Benchmark(ab) 操作系统是CentOS 5.4(好老啊)

一、需求背景

Centos7 内核优化

cat /etc/sysctl.conf

#CTCDN系统优化参数

#关闭ipv6

net.ipv6.conf.all.disable_ipv6 = 1

net.ipv6.conf.default.disable_澳门皇冠金沙网站,ipv6 = 1

# 避免放大攻击

net.ipv4.icmp_echo_ignore_broadcasts = 1

# 开启恶意icmp错误消息保护

net.ipv4.icmp_ignore_bogus_error_responses = 1

#关闭路由转发

net.ipv4.ip_forward = 0

net.ipv4.conf.all.send_redirects = 0

net.ipv4.conf.default.send_redirects = 0

#开启反向路径过滤

net.ipv4.conf.all.rp_filter = 1

net.ipv4.conf.default.rp_filter = 1

#处理无源路由的包

net.ipv4.conf.all.accept_source_route = 0

net.ipv4.conf.default.accept_source_route = 0

#关闭sysrq功能

kernel.sysrq = 0

#core文件名中添加pid作为扩展名

kernel.core_uses_pid = 1

# 开启SYN洪水攻击保护

net.ipv4.tcp_syncookies = 1

#修改消息队列长度

kernel.msgmnb = 65536

kernel.msgmax = 65536

#设置最大内存共享段大小bytes

kernel.shmmax = 68719476736

kernel.shmall = 4294967296

#timewait的数量,默认180000

net.ipv4.tcp_max_tw_buckets = 6000

net.ipv4.tcp_sack = 1

net.ipv4.tcp_window_scaling = 1

net.ipv4.tcp_rmem = 4096 87380 4194304

net.ipv4.tcp_wmem = 4096 16384 4194304

net.core.wmem_default = 8388608

net.core.rmem_default = 8388608

net.core.rmem_max = 16777216

net.core.wmem_max = 16777216

#每个网络接口接收数据包的速率比内核处理这些包的速率快时,允许送到队列的数据包的最大数目

net.core.netdev_max_backlog = 262144

#限制仅仅是为了防止简单的DoS 攻击

net.ipv4.tcp_max_orphans = 3276800

#未收到客户端确认信息的连接请求的最大值

net.ipv4.tcp_max_syn_backlog = 262144

net.ipv4.tcp_timestamps = 0

#内核放弃建立连接之前发送SYNACK 包的数量

net.ipv4.tcp_synack_retries = 1

#内核放弃建立连接之前发送SYN 包的数量

net.ipv4.tcp_syn_retries = 1

#启用timewait 快速回收

net.ipv4.tcp_tw_recycle = 1

#开启重用。允许将TIME-WAIT sockets 重新用于新的TCP 连接

net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_mem = 94500000 915000000 927000000

net.ipv4.tcp_fin_timeout = 1

#当keepalive 起用的时候,TCP 发送keepalive 消息的频度。缺省是2 小时

net.ipv4.tcp_keepalive_time = 30

#允许系统打开的端口范围

net.ipv4.ip_local_port_range = 1024 65000

#修改防火墙表大小,默认65536

#net.netfilter.nf_conntrack_max=655350

#net.netfilter.nf_conntrack_tcp_timeout_established=1200

# 确保无人能修改路由表

net.ipv4.conf.all.accept_redirects = 0

net.ipv4.conf.default.accept_redirects = 0

net.ipv4.conf.all.secure_redirects = 0

net.ipv4.conf.default.secure_redirects = 0

内核优化 cat /etc/sysctl.conf #CTCDN系统优化参数 #关闭ipv6 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 # 避免放大攻击 net.ip...

测试准备:

发现公司好多项目都用到memched。并且都是单点,memched服务器 挂了就会影响业务,于是百度之,发现memched不可以集群,也没有看到有什么高可用方案,但是发现了repcached(memched主从复制),结合LVS的NAT模式不同端口转发实现memched双机HA,本次文章记录本人的部署过程,从属实战,没有文件性的说明,不过大牛们一看就懂了。
 
二、环境:
 
1、系统环境:CentOS release 6.4 (Final)
 
2、网络环境
 
调度机(master):
 
vip:172.28.26.100
 
vip1:172.28.16.100(lvs转发网关  )
 
eth1:172.28.26.101 (内网)
 
eth2:172.28.16.101(lvs转发网段)
 
调度机(backup):
 
eth1:172.28.26.99 (内网)
 
eth2:172.28.16.99(lvs转发网段)
 
memched备节点:
 
eth1:172.28.26.102 (内网)
 
eth2:172.28.16.102(lvs转发网段)
 
memched主节点:  

主要是内核参数调优 常见的dmesg信息就是‘TCP: time wait bucket table overflow’

eth1:172.28.26.103 (内网)
 
eth2:172.28.16.103(lvs转发网段)
 
3、路由策略
 
调度机(master):
 
echo '201      eth1' >> /etc/iproute2/rt_tables
 
echo 'default table eth1 via 172.28.26.1 dev eth1' > /etc/sysconfig/network-scripts/route-eth1
 
echo 'from 172.28.26.101/255.255.255.255 table eth1' > /etc/sysconfig/network-scripts/rule-eth1
 
echo 'from 172.28.26.100/255.255.255.255 table eth1' >> /etc/sysconfig/network-scripts/rule-eth1
 
echo 'from 172.28.16.101/32 table ZW_LVS_LAN' > /etc/sysconfig/network-scripts/rule-eth2
 
memched节点1:
 
echo 'default table ZW_LVS_LAN via 172.28.16.100' > /etc/sysconfig/network-scripts/route-eth2
 echo 'from 172.28.16.0/24 table ZW_LVS_LAN' > /etc/sysconfig/network-scripts/rule-eth2
 echo '202      ZW_LVS_LAN' >> /etc/iproute2/rt_tables
 
memched节点2:
 
echo 'default table ZW_LVS_LAN via 172.28.16.100' > /etc/sysconfig/network-scripts/route-eth2
 echo 'from 172.28.16.0/24 table ZW_LVS_LAN' > /etc/sysconfig/network-scripts/rule-eth2
 echo '202      ZW_LVS_LAN' >> /etc/iproute2/rt_tables
 
4、内核参数
 fs.file-max = 1000000
 kernel.core_uses_pid = 1
 kernel.msgmax = 1048560
 kernel.msgmnb = 1073741824
 kernel.shmall = 4294967296
 kernel.shmmax = 68719476736
 kernel.sysrq = 0
 net.core.netdev_max_backlog = 1048576
 net.core.rmem_default = 2097152
 net.core.rmem_max = 16777216
 net.core.somaxconn = 1048576
 net.core.wmem_default = 2097152
 net.core.wmem_max = 16777216
 net.ipv4.conf.default.accept_source_route = 0
 net.ipv4.conf.default.rp_filter = 1
 net.ipv4.ip_forward = 1
 net.ipv4.ip_local_port_range = 1024    65000
 net.ipv4.neigh.default.gc_thresh1 = 10240
 net.ipv4.neigh.default.gc_thresh2 = 40960
 net.ipv4.neigh.default.gc_thresh3 = 81920
 net.ipv4.tcp_fin_timeout = 1
 net.ipv4.tcp_keepalive_intvl = 15
 net.ipv4.tcp_keepalive_probes = 5
 net.ipv4.tcp_keepalive_time = 30
 net.ipv4.tcp_max_orphans = 3276800
 net.ipv4.tcp_max_syn_backlog = 1048576
 net.ipv4.tcp_max_tw_buckets = 50000
 net.ipv4.tcp_mem = 94500000 915000000 927000000
 net.ipv4.tcp_orphan_retries = 3
 net.ipv4.tcp_reordering = 5
 net.ipv4.tcp_retrans_collapse = 0
 net.ipv4.tcp_retries2 = 5
 net.ipv4.tcp_rmem = 4096        87380  4194304
 net.ipv4.tcp_sack = 1
 net.ipv4.tcp_synack_retries = 1
 net.ipv4.tcp_syncookies = 0
 net.ipv4.tcp_syn_retries = 1
 net.ipv4.tcp_timestamps = 1
 net.ipv4.tcp_tw_recycle = 1
 net.ipv4.tcp_tw_reuse = 1
 net.ipv4.tcp_window_scaling = 1
 net.ipv4.tcp_wmem = 4096        16384  4194304
 net.ipv6.conf.all.disable_ipv6 = 1
 net.ipv6.conf.default.disable_ipv6 = 1
 net.ipv4.conf.eth0.rp_filter = 1 #memched节点不需要
 net.ipv4.conf.eth1.rp_filter = 1 #memched节点不需要
 net.ipv4.conf.eth2.rp_filter = 1 #memched节点不需要
net.ipv4.conf.all.rp_filter = 0    #memched节点不需要

编辑:互联网科技 本文来源:Centos7 内核优化

关键词: