×ðÁú¿­Ê±¹ÙÍøµÇ¼

¸ß²¢·¢ÇéÐÎÏ Linux ϵͳ¼° kernel ²ÎÊýÓÅ»¯

ÖÚËùÖÜÖªÔÚĬÈϲÎÊýÇéÐÎÏÂLinux¶Ô¸ß²¢·¢Ö§³Ö²¢Ç·ºÃ £¬Ö÷ÒªÊÜÏÞÓÚµ¥Àú³Ì×î´ó·­¿ªÎļþÊýÏÞÖÆ¡¢ÄÚºËTCP²ÎÊý·½ÃæºÍIOÊÂÎñ·ÖÅÉ»úÖƵÈ¡£
ÏÂÃæ¾Í´Ó¼¸·½ÃæÀ´µ÷½âʹLinuxϵͳÄܹ»Ö§³Ö¸ß²¢·¢ÇéÐΡ£

IptablesÏà¹Ø

Èç·Ç±ØÐè £¬¹Øµô»òжÔØiptables·À»ðǽ £¬²¢×èÖ¹kernel¼ÓÔØiptablesÄ£¿é¡£ÕâЩÄ£¿é»áÓ°Ïì²¢·¢ÐÔÄÜ¡£

µ¥Àú³Ì×î´ó·­¿ªÎļþÊýÏÞÖÆ

Ò»Ñùƽ³£µÄ¿¯Ðаæ £¬ÏÞÖƵ¥Àú³Ì×î´ó¿ÉÒÔ·­¿ª1024¸öÎļþ £¬ÕâÊÇÔ¶Ô¶²»¿ÉÖª×ã¸ß²¢·¢ÐèÇóµÄ £¬µ÷½âÀú³ÌÈçÏ£ºÔÚ#ºÅÌáÐÑ·ûÏÂÇÃÈ룺

# ulimit¨Cn 65535

µÇ¼ºó¸´ÖÆ

½«rootÆô¶¯µÄ¼òµ¥Àú³ÌµÄ×î´ó¿ÉÒÔ·­¿ªµÄÎļþÊýÉèÖÃΪ65535¸ö¡£ÈôÊÇϵͳ»ØÏÔÀàËÆÓÚ¡°Operation not permitted¡±Ö®ÀàµÄ»° £¬ËµÃ÷ÉÏÊöÏÞÖÆÐÞ¸Äʧ°Ü £¬ÏÖʵÉÏÊÇÓÉÓÚÖ¸¶¨µÄÊýÖµÁè¼ÝÁËLinuxϵͳ¶Ô¸ÃÓû§·­¿ªÎļþÊýµÄÈíÏÞÖÆ»òÓ²ÏÞÖÆ¡£Òò´Ë £¬¾ÍÐèÒªÐÞ¸ÄLinuxϵͳ¶ÔÓû§µÄ¹ØÓÚ·­¿ªÎļþÊýµÄÈíÏÞÖƺÍÓ²ÏÞÖÆ¡£

µÚÒ»²½ £¬ÐÞ¸Älimits.confÎļþ £¬²¢Ìí¼Ó£º

# vim /etc/security/limits.conf
* softnofile 65536
* hard nofile65536

µÇ¼ºó¸´ÖÆ

ÆäÖÐ’*’ºÅÌåÏÖÐÞ¸ÄËùÓÐÓû§µÄÏÞÖÆ£»soft»òhardÖ¸¶¨ÒªÐÞ¸ÄÈíÏÞÖÆÕÕ¾ÉÓ²ÏÞÖÆ£»65536ÔòÖ¸¶¨ÁËÏëÒªÐ޸ĵÄеÄÏÞÖÆÖµ £¬¼´×î´ó·­¿ªÎļþÊý(Çë×¢ÖØÈíÏÞÖÆֵҪСÓÚ»ò¼´ÊÇÓ²ÏÞÖÆ)¡£ÐÞ¸ÄÍêºóÉúÑÄÎļþ¡£µÚ¶þ²½ £¬ÐÞ¸Ä/etc/pam.d/loginÎļþ £¬ÔÚÎļþÖÐÌí¼ÓÈçÏÂÐУº

# vim /etc/pam.d/login
sessionrequired /lib/security/pam_limits.so

µÇ¼ºó¸´ÖÆ

ÕâÊǸæËßLinuxÔÚÓû§Íê³ÉϵͳµÇ¼ºó £¬Ó¦¸ÃŲÓÃpam_limits.soÄ£¿éÀ´ÉèÖÃϵͳ¶Ô¸ÃÓû§¿ÉʹÓõÄÖÖÖÖ×ÊÔ´ÊýÄ¿µÄ×î´óÏÞÖÆ(°üÀ¨Óû§¿É·­¿ªµÄ×î´óÎļþÊýÏÞÖÆ) £¬¶øpam_limits.soÄ£¿é¾Í»á´Ó/etc/security/limits.confÎļþÖжÁÈ¡ÉèÖÃÀ´ÉèÖÃÕâЩÏÞÖÆÖµ¡£ÐÞ¸ÄÍêºóÉúÑÄ´ËÎļþ¡£

µÚÈý²½ £¬Éó²éLinuxϵͳ¼¶µÄ×î´ó·­¿ªÎļþÊýÏÞÖÆ £¬Ê¹ÓÃÈçÏÂÏÂÁ

# cat/proc/sys/fs/file-max
32568

µÇ¼ºó¸´ÖÆ

ÕâÅú×¢Õą̂Linuxϵͳ×î¶àÔÊÐíͬʱ·­¿ª(¼´°üÀ¨ËùÓÐÓû§·­¿ªÎļþÊý×ܺÍ)32568¸öÎļþ £¬ÊÇLinuxϵͳ¼¶Ó²ÏÞÖÆ £¬ËùÓÐÓû§¼¶µÄ·­¿ªÎļþÊýÏÞÖƶ¼²»Ó¦Áè¼ÝÕâ¸öÊýÖµ¡£Í¨³£Õâ¸öϵͳ¼¶Ó²ÏÞÖÆÊÇLinuxϵͳÔÚÆô¶¯Ê±Æ¾Ö¤ÏµÍ³Ó²¼þ×ÊԴ״̬ÅÌËã³öÀ´µÄ×î¼ÑµÄ×î´óͬʱ·­¿ªÎļþÊýÏÞÖÆ £¬ÈôÊÇûÓÐÌØÊâÐèÒª £¬²»Ó¦¸ÃÐ޸ĴËÏÞÖÆ £¬³ý·ÇÏëΪÓû§¼¶·­¿ªÎļþÊýÏÞÖÆÉèÖÃÁè¼Ý´ËÏÞÖƵÄÖµ¡£Ð޸ĴËÓ²ÏÞÖƵÄÒªÁìÊÇÐÞ¸Ä/etc/sysctl.confÎļþÄÚfs.file-max= 131072

ÕâÊÇÈÃLinuxÔÚÆô¶¯Íê³ÉºóÇ¿Ðн«ÏµÍ³¼¶·­¿ªÎļþÊýÓ²ÏÞÖÆÉèÖÃΪ131072¡£ÐÞ¸ÄÍêºóÉúÑÄ´ËÎļþ¡£

Íê³ÉÉÏÊö°ì·¨ºóÖØÆôϵͳ £¬Ò»Ñùƽ³£ÇéÐÎϾͿÉÒÔ½«Linuxϵͳ¶ÔÖ¸¶¨Óû§µÄ¼òµ¥Àú³ÌÔÊÐíͬʱ·­¿ªµÄ×î´óÎļþÊýÏÞÖÆÉèΪָ¶¨µÄÊýÖµ¡£ÈôÊÇÖØÆôºóÓÃulimit-nÏÂÁîÉó²éÓû§¿É·­¿ªÎļþÊýÏÞÖÆÈÔÈ»µÍÓÚÉÏÊö°ì·¨ÖÐÉèÖõÄ×î´óÖµ £¬Õâ¿ÉÄÜÊÇÓÉÓÚÔÚÓû§µÇ¼¾ç±¾/etc/profileÖÐʹÓÃulimit-nÏÂÁîÒѾ­½«Óû§¿Éͬʱ·­¿ªµÄÎļþÊý×öÁËÏÞÖÆ¡£

ÓÉÓÚͨ¹ýulimit-nÐÞ¸Äϵͳ¶ÔÓû§¿Éͬʱ·­¿ªÎļþµÄ×î´óÊýÏÞÖÆʱ £¬ÐÂÐ޸ĵÄÖµÖ»ÄÜСÓÚ»ò¼´ÊÇÉÏ´Îulimit-nÉèÖõÄÖµ £¬Òò´ËÏëÓôËÏÂÁîÔö´óÕâ¸öÏÞÖÆÖµÊDz»¿ÉÄܵÄ¡£ÒÔÊÇ £¬ÈôÊÇÓÐÉÏÊöÎÊÌâ±£´æ £¬¾ÍÖ»ÄÜÈ¥·­¿ª/etc/profile¾ç±¾Îļþ £¬ÔÚÎļþÖвéÕÒÊÇ·ñʹÓÃÁËulimit-nÏÞÖÆÁËÓû§¿Éͬʱ·­¿ªµÄ×î´óÎļþÊýÄ¿ £¬ÈôÊÇÕÒµ½ £¬Ôòɾ³ýÕâÐÐÏÂÁî £¬»òÕß½«ÆäÉèÖõÄÖµ¸ÄΪºÏÊʵÄÖµ £¬È»ºóÉúÑÄÎļþ £¬Óû§Í˳ö²¢ÖØеǼϵͳ¼´¿É¡£

ͨ¹ýÉÏÊö°ì·¨ £¬¾ÍΪ֧³Ö¸ß²¢·¢TCPÅþÁ¬´¦ÀíµÄͨѶ´¦Àí³ÌÐòɨ³ý¹ØÓÚ·­¿ªÎļþÊýÄ¿·½ÃæµÄϵͳÏÞÖÆ¡£

ÄÚºËTCP²ÎÊý·½Ãæ

LinuxϵͳÏ £¬TCPÅþÁ¬¶Ï¿ªºó £¬»áÒÔTIME_WAIT״̬±£´æÒ»¶¨µÄʱ¼ä £¬È»ºó²Å»áÊͷŶ˿Ú¡£µ±²¢·¢ÇëÇó¹ý¶àµÄʱ¼ä £¬¾Í»á±¬·¢´ó×ÚµÄTIME_WAIT״̬µÄÅþÁ¬ £¬ÎÞ·¨ÊµÊ±¶Ï¿ªµÄ»° £¬»áÕ¼Óôó×ڵĶ˿Ú×ÊÔ´ºÍЧÀÍÆ÷×ÊÔ´¡£Õâ¸öʱ¼äÎÒÃÇ¿ÉÒÔÓÅ»¯TCPµÄÄں˲ÎÊý £¬À´ÊµÊ±½«TIME_WAIT״̬µÄ¶Ë¿ÚÕûÀíµô¡£

ÏÂÃæÏÈÈݵÄÒªÁìÖ»¶ÔÓµÓдó×ÚTIME_WAIT״̬µÄÅþÁ¬µ¼ÖÂϵͳ×ÊÔ´ÏûºÄÓÐÓà £¬ÈôÊDz»ÊÇÕâÖÖÇéÐÎÏ £¬Ð§¹û¿ÉÄܲ»ÏÔ×Å¡£¿ÉÒÔʹÓÃnetstatÏÂÁîÈ¥²éTIME_WAIT״̬µÄÅþÁ¬×´Ì¬ £¬ÊäÈëÏÂÃæµÄ×éºÏÏÂÁî £¬Éó²éÄ¿½ñTCPÅþÁ¬µÄ״̬ºÍ¶ÔÓ¦µÄÅþÁ¬ÊýÄ¿£º

# netstat-n | awk ¡®/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}¡¯

µÇ¼ºó¸´ÖÆ

Õâ¸öÏÂÁî»áÊä³öÀàËÆÏÂÃæµÄЧ¹û£º

LAST_ACK16
SYN_RECV348
ESTABLISHED70
FIN_WAIT1229
FIN_WAIT230
CLOSING33
TIME_WAIT18098

µÇ¼ºó¸´ÖÆ

ÎÒÃÇÖ»ÓÃÌåÌùTIME_WAITµÄ¸öÊý £¬ÔÚÕâÀï¿ÉÒÔ¿´µ½ £¬ÓÐ18000¶à¸öTIME_WAIT £¬ÕâÑù¾ÍÕ¼ÓÃÁË18000¶à¸ö¶Ë¿Ú¡£ÒªÖªµÀ¶Ë¿ÚµÄÊýÄ¿Ö»ÓÐ65535¸ö £¬Õ¼ÓÃÒ»¸öÉÙÒ»¸ö £¬»áÑÏÖصÄÓ°Ïìµ½ºó¼ÌµÄÐÂÅþÁ¬¡£ÕâÖÖÇéÐÎÏ £¬ÎÒÃǾÍÓÐÐëÒªµ÷½âÏÂLinuxµÄTCPÄں˲ÎÊý £¬ÈÃϵͳ¸ü¿ìµÄÊÍ·ÅTIME_WAITÅþÁ¬¡£

±à¼­ÉèÖÃÎļþ:/etc/sysctl.conf £¬ÔÚÕâ¸öÎļþÖÐ £¬¼ÓÈëÏÂÃæµÄ¼¸ÐÐÄÚÈÝ£º

# vim /etc/sysctl.conf
net.ipv4.tcp_syncookies= 1
net.ipv4.tcp_tw_reuse= 1
net.ipv4.tcp_tw_recycle= 1
net.ipv4.tcp_fin_timeout= 30

µÇ¼ºó¸´ÖÆ

ÊäÈëÏÂÃæµÄÏÂÁî £¬ÈÃÄں˲ÎÊýÉúЧ£º

# sysctl-p

µÇ¼ºó¸´ÖÆ

¼òÆÓµÄ˵Ã÷ÉÏÃæµÄ²ÎÊýµÄ¼ÄÒ壺

net.ipv4.tcp_syncookies= 1 ÌåÏÖ¿ªÆôSYNCookies¡£µ±·ºÆðSYNÆÚ´ýÐÐÁÐÒç³öʱ £¬ÆôÓÃcookiesÀ´´¦Àí £¬¿ÉÌá·ÀÉÙÁ¿SYN¹¥»÷ £¬Ä¬ÒÔΪ0 £¬ÌåÏֹرÕ£»

net.ipv4.tcp_tw_reuse= 1 ÌåÏÖ¿ªÆôÖØÓá£ÔÊÐí½«TIME-WAITsocketsÖØÐÂÓÃÓÚеÄTCPÅþÁ¬ £¬Ä¬ÒÔΪ0 £¬ÌåÏֹرÕ£»

net.ipv4.tcp_tw_recycle= 1 ÌåÏÖ¿ªÆôTCPÅþÁ¬ÖÐTIME-WAITsocketsµÄ¿ìËÙ½ÓÄÉ £¬Ä¬ÒÔΪ0 £¬ÌåÏֹرÕ£»

net.ipv4.tcp_fin_timeout ÐÞ¸Äϵ½yĬÈϵÄTIMEOUT ʱ¼ä¡£

ÔÚ¾­ÓÉÕâÑùµÄµ÷½âÖ®ºó £¬³ýÁË»á½øÒ»²½ÌáÉýЧÀÍÆ÷µÄ¸ºÔØÄÜÁ¦Ö®Íâ £¬»¹Äܹ»·ÀÓùСÁ÷Á¿Ë®Æ½µÄDoS¡¢CCºÍSYN¹¥»÷¡£

±ðµÄ £¬ÈôÊÇÄãµÄÅþÁ¬Êý×Ô¼º¾ÍÐí¶à £¬ÎÒÃÇ¿ÉÒÔÔÙÓÅ»¯Ò»ÏÂTCPµÄ¿ÉʹÓö˿ڹæÄ£ £¬½øÒ»²½ÌáÉýЧÀÍÆ÷µÄ²¢·¢ÄÜÁ¦¡£ÒÀÈ»ÊÇÍùÉÏÃæµÄ²ÎÊýÎļþÖÐ £¬¼ÓÈëÏÂÃæÕâЩÉèÖãº

net.ipv4.tcp_keepalive_time= 1200
net.ipv4.ip_local_port_range= 1024 65535
net.ipv4.tcp_max_syn_backlog= 8192
net.ipv4.tcp_max_tw_buckets= 5000

µÇ¼ºó¸´ÖÆ

Õ⼸¸ö²ÎÊý £¬½¨ÒéÖ»ÔÚÁ÷Á¿ºÜÊÇ´óµÄЧÀÍÆ÷ÉÏ¿ªÆô £¬»áÓÐÏÔÖøµÄЧ¹û¡£Ò»Ñùƽ³£µÄÁ÷Á¿Ð¡µÄЧÀÍÆ÷ÉÏ £¬Ã»ÓÐÐëҪȥÉèÖÃÕ⼸¸ö²ÎÊý¡£

net.ipv4.tcp_keepalive_time= 1200 ÌåÏÖµ±keepaliveÆðÓõÄʱ¼ä £¬TCP·¢ËÍkeepaliveÐÂÎŵÄƵ¶È¡£È±Ê¡ÊÇ2Сʱ £¬¸ÄΪ20·ÖÖÓ¡£

ip_local_port_range= 1024 65535 ÌåÏÖÓÃÓÚÏòÍâÅþÁ¬µÄ¶Ë¿Ú¹æÄ£¡£È±Ê¡ÇéÐÎϺÜС £¬¸ÄΪ1024µ½65535¡£

net.ipv4.tcp_max_syn_backlog= 8192 ÌåÏÖSYNÐÐÁеij¤¶È £¬Ä¬ÒÔΪ1024 £¬¼Ó´óÐÐÁ㤶ÈΪ8192 £¬¿ÉÒÔÈÝÄɸü¶àÆÚ´ýÅþÁ¬µÄÍøÂçÅþÁ¬Êý¡£

net.ipv4.tcp_max_tw_buckets= 5000 ÌåÏÖϵͳͬʱ¼á³ÖTIME_WAITµÄ×î´óÊýÄ¿ £¬ÈôÊÇÁè¼ÝÕâ¸öÊý×Ö £¬TIME_WAIT½«Á¬Ã¦±»É¨³ý²¢´òÓ¡ÖÒÑÔÐÅÏ¢¡£Ä¬ÒÔΪ180000 £¬¸ÄΪ5000¡£´ËÏî²ÎÊý¿ÉÒÔ¿ØÖÆTIME_WAITµÄ×î´óÊýÄ¿ £¬Ö»ÒªÁè¼ÝÁË¡£ÄÚºËÆäËûTCP²ÎÊý˵Ã÷

net.ipv4.tcp_max_syn_backlog= 65536 ¼Í¼µÄÄÇЩÉÐδÊÕµ½¿Í»§¶ËÈ·ÈÏÐÅÏ¢µÄÅþÁ¬ÇëÇóµÄ×î´óÖµ¡£¹ØÓÚÓÐ128MÄÚ´æµÄϵͳ¶øÑÔ £¬È±Ê¡ÖµÊÇ1024 £¬Ð¡ÄÚ´æµÄϵͳÔòÊÇ128¡£

net.core.netdev_max_backlog= 32768 ÿ¸öÍøÂç½Ó¿ÚÎüÊÕÊý¾Ý°üµÄËÙÂʱÈÄں˴¦ÀíÕâЩ°üµÄËÙÂÊ¿ìʱ £¬ÔÊÐíË͵½ÐÐÁеÄÊý¾Ý°üµÄ×î´óÊýÄ¿¡£

net.core.somaxconn= 32768 ÀýÈçwebÓ¦ÓÃÖÐlistenº¯ÊýµÄbacklogĬÈÏ»á¸øÎÒÃÇÄں˲ÎÊýµÄnet.core.somaxconnÏÞÖƵ½128 £¬¶ønginx½ç˵µÄNGX_LISTEN_BACKLOGĬÒÔΪ511 £¬ÒÔÊÇÓÐÐëÒªµ÷½âÕâ¸öÖµ¡£

net.core.wmem_default= 8388608

net.core.rmem_default= 8388608

net.core.rmem_max= 16777216 #×î´ósocket¶Ábuffer,¿É²Î¿¼µÄÓÅ»¯Öµ:873200

net.core.wmem_max= 16777216 #×î´ósocketдbuffer,¿É²Î¿¼µÄÓÅ»¯Öµ:873200

net.ipv4.tcp_timestsmps= 0 ʱ¼ä´Á¿ÉÒÔ×èÖ¹ÐòÁкŵľíÈÆ¡£Ò»¸ö1GbpsµÄÁ´Â·Ò»¶¨»áÓöµ½ÒÔÇ°ÓùýµÄÐòÁкÅ¡£Ê±¼ä´ÁÄܹ»ÈÃÄں˽ÓÊÜÕâÖÖ¡°Òì³£¡±µÄÊý¾Ý°ü¡£ÕâÀïÐèÒª½«Æä¹Øµô¡£

net.ipv4.tcp_synack_retries= 2 ΪÁË·­¿ª¶Ô¶ËµÄÅþÁ¬ £¬ÄÚºËÐèÒª·¢ËÍÒ»¸öSYN²¢¸½´øÒ»¸ö»ØӦǰÃæÒ»¸öSYNµÄACK¡£Ò²¾ÍÊÇËùνÈý´ÎÎÕÊÖÖеĵڶþ´ÎÎÕÊÖ¡£Õâ¸öÉèÖþöÒéÁËÄں˷ÅÆúÅþÁ¬Ö®Ç°·¢ËÍSYN+ACK°üµÄÊýÄ¿¡£

net.ipv4.tcp_syn_retries= 2 ÔÚÄں˷ÅÆú½¨ÉèÅþÁ¬Ö®Ç°·¢ËÍSYN°üµÄÊýÄ¿¡£

#net.ipv4.tcp_tw_len= 1

net.ipv4.tcp_tw_reuse= 1 ¿ªÆôÖØÓá£ÔÊÐí½«TIME-WAITsocketsÖØÐÂÓÃÓÚеÄTCPÅþÁ¬¡£

net.ipv4.tcp_wmem= 8192 436600 873200 TCPдbuffer,¿É²Î¿¼µÄÓÅ»¯Öµ:8192 436600 873200

net.ipv4.tcp_rmem = 32768 436600 873200 TCP¶Ábuffer,¿É²Î¿¼µÄÓÅ»¯Öµ:32768 436600 873200

net.ipv4.tcp_mem= 94500000 91500000 92700000 ͬÑùÓÐ3¸öÖµ,Òâ˼ÊÇ:

net.ipv4.tcp_mem[0]:µÍÓÚ´ËÖµ £¬TCPûÓÐÄÚ´æѹÁ¦¡£

net.ipv4.tcp_mem[1]:ÔÚ´ËֵϠ£¬½øÈëÄÚ´æѹÁ¦½×¶Î¡£

net.ipv4.tcp_mem[2]:¸ßÓÚ´ËÖµ £¬TCP¾Ü¾ø·ÖÅÉsocket¡£ÉÏÊöÄڴ浥λÊÇÒ³ £¬¶ø²»ÊÇ×Ö½Ú¡£¿É²Î¿¼µÄÓÅ»¯ÖµÊÇ:7864321048576 1572864

net.ipv4.tcp_max_orphans= 3276800 ϵͳÖÐ×î¶àÓм¸¶à¸öTCPÌ×½Ó×Ö²»±»¹ØÁªµ½ÈκÎÒ»¸öÓû§Îļþ¾ä±úÉÏ¡£ÈôÊÇÁè¼ÝÕâ¸öÊý×Ö £¬ÅþÁ¬½«ÂíÉϱ»¸´Î»²¢´òÓ¡³öÖÒÑÔÐÅÏ¢¡£Õâ¸öÏÞÖƽö½öÊÇΪÁ˱ÜÃâ¼òÆÓµÄDoS¹¥»÷ £¬²»¿ÉÌ«¹ýÒÀÀµËü»òÕßÈËΪµØ¼õСÕâ¸öÖµ £¬ ¸üÓ¦¸ÃÔöÌíÕâ¸öÖµ(ÈôÊÇÔöÌíÁËÄÚ´æÖ®ºó)¡£

net.ipv4.tcp_fin_timeout= 30 ÈôÊÇÌ×½Ó×ÖÓɱ¾¶ËÒªÇó¹Ø±Õ £¬Õâ¸ö²ÎÊý¾öÒéÁËËü¼á³ÖÔÚFIN-WAIT-2״̬µÄʱ¼ä¡£¶Ô¶Ë¿ÉÒÔÍÉ»¯²¢ÓÀÔ¶²»¹Ø±ÕÅþÁ¬ £¬ÉõÖÁÒâÍâµ±»ú¡£È±Ê¡ÖµÊÇ60Ãë¡£2.2 Äں˵Äͨ³£ÖµÊÇ180Ãë £¬Äã¿ÉÒÔ°´Õâ¸öÉèÖà £¬µ«Òª¼Ç×ŵÄÊÇ £¬×ÝÈ»ÄãµÄ»úеÊÇÒ»¸öÇáÔصÄWEBЧÀÍÆ÷ £¬Ò²ÓÐÓÉÓÚ´ó×ÚµÄËÀÌ×½Ó×Ö¶øÄÚ´æÒç³öµÄΣº¦ £¬FIN-WAIT-2µÄΣÏÕÐÔ±ÈFIN-WAIT-1ҪС £¬ÓÉÓÚËü×î¶àÖ»ÄܳԵô1.5KÄÚ´æ £¬¿ÉÊÇËüÃǵÄÉúÑÄÆÚ³¤Ð©¡£

ͬʱ»¹Éæ¼°µ½Ò»¸öTCP ÓµÈûËã·¨µÄÎÊÌâ £¬Äã¿ÉÒÔÓÃÏÂÃæµÄÏÂÁîÉó²é±¾»úÌṩµÄÓµÈûËã·¨¿ØÖÆÄ£¿é£º

sysctl net.ipv4.tcp_available_congestion_control

¹ØÓÚ¼¸ÖÖËã·¨µÄÆÊÎö £¬ÏêÇé¿ÉÒԲο¼Ï£ºTCPÓµÈû¿ØÖÆËã·¨µÄÓÅÈõµã¡¢ÊÊÓÃÇéÐΡ¢ÐÔÄÜÆÊÎö £¬ºÃ±È¸ßÑÓʱ¿ÉÒÔÊÔÓÃhybla £¬ÖеÈÑÓʱ¿ÉÒÔÊÔÓÃhtcpËã·¨µÈ¡£

ÈôÊÇÏëÉèÖÃTCP ÓµÈûË㷨Ϊhybla net.ipv4.tcp_congestion_control=hybla

ÌØÁíÍâ £¬¹ØÓÚÄں˰æ¸ßÓÚÓÚ3.7.1µÄ £¬ÎÒÃÇ¿ÉÒÔ¿ªÆôtcp_fastopen£ºnet.ipv4.tcp_fastopen= 3

IOÊÂÎñ·ÖÅÉ»úÖÆ

ÔÚLinuxÆôÓø߲¢·¢TCPÅþÁ¬ £¬±ØÐèÈ·ÈÏÓ¦ÓóÌÐòÊÇ·ñʹÓÃÁ˺ÏÊʵÄÍøÂçI/OÊÖÒÕºÍI/OÊÂÎñ·ÖÅÉ»úÖÆ¡£¿ÉÓõÄI/OÊÖÒÕÓÐͬ²½I/O £¬·ÇÛÕ±Õʽͬ²½I/O £¬ÒÔ¼°Òì²½I/O¡£ÔÚ¸ßTCP²¢·¢µÄÇéÐÎÏ £¬ÈôÊÇʹÓÃͬ²½I/O £¬Õâ»áÑÏÖØÛÕ±Õ³ÌÐòµÄÔËת £¬³ý·ÇΪÿ¸öTCPÅþÁ¬µÄI/O½¨ÉèÒ»¸öÏ̡߳£¿ÉÊÇ £¬¹ý¶àµÄÏß³ÌÓÖ»áÒòϵͳ¶ÔÏ̵߳ĵ÷ÀíÔì³ÉÖØ´ó¿ªÏú¡£Òò´Ë £¬ÔÚ¸ßTCP²¢·¢µÄÇéÐÎÏÂʹÓÃͬ²½I/OÊDz»¿ÉÈ¡µÄ £¬Õâʱ¿ÉÒÔ˼Á¿Ê¹Ó÷ÇÛÕ±Õʽͬ²½I/O»òÒì²½I/O¡£·ÇÛÕ±Õʽͬ²½I/OµÄÊÖÒÕ°üÀ¨Ê¹ÓÃselect() £¬poll() £¬epollµÈ»úÖÆ¡£Òì²½I/OµÄÊÖÒÕ¾ÍÊÇʹÓÃAIO¡£

´ÓI/OÊÂÎñ·ÖÅÉ»úÖÆÀ´¿´ £¬Ê¹ÓÃselect()ÊDz»¶ÔÊʵÄ £¬ÓÉÓÚËüËùÖ§³ÖµÄ²¢·¢ÅþÁ¬ÊýÓÐÏÞ(ͨ³£ÔÚ1024¸öÒÔÄÚ)¡£ÈôÊÇ˼Á¿ÐÔÄÜ £¬poll()Ò²ÊDz»¶ÔÊʵÄ £¬Ö»¹ÜËü¿ÉÒÔÖ§³ÖµÄ½Ï¸ßµÄTCP²¢·¢Êý £¬¿ÉÊÇÓÉÓÚÆä½ÓÄÉ¡°ÂÖѯ¡±»úÖÆ £¬µ±²¢·¢Êý½Ï¸ßʱ £¬ÆäÔËÐÐЧÂÊÏ൱µÍ £¬²¢¿ÉÄܱ£´æI/OÊÂÎñ·ÖÅɲ»¾ù £¬µ¼Ö²¿·ÖTCPÅþÁ¬ÉϵÄI/O·ºÆð¡°¼¢¶ö¡±Õ÷Ï󡣶øÈôÊÇʹÓÃepoll»òAIO £¬ÔòûÓÐÉÏÊöÎÊÌâ(ÔçÆÚLinuxÄں˵ÄAIOÊÖÒÕʵÏÖÊÇͨ¹ýÔÚÄÚºËÖÐΪÿ¸öI/OÇëÇó½¨ÉèÒ»¸öÏß³ÌÀ´ÊµÏÖµÄ £¬ÕâÖÖʵÏÖ»úÖÆÔڸ߲¢·¢TCPÅþÁ¬µÄÇéÐÎÏÂʹÓÃ×ÅʵҲÓÐÑÏÖصÄÐÔÄÜÎÊÌâ¡£µ«ÔÚ×îеÄLinuxÄÚºËÖÐ £¬AIOµÄʵÏÖÒѾ­»ñµÃË¢ÐÂ)¡£

×ÛÉÏËùÊö £¬ÔÚ¿ª·¢Ö§³Ö¸ß²¢·¢TCPÅþÁ¬µÄLinuxÓ¦ÓóÌÐòʱ £¬Ó¦Ö»¹ÜʹÓÃepoll»òAIOÊÖÒÕÀ´ÊµÏÖ²¢·¢µÄTCPÅþÁ¬ÉϵÄI/O¿ØÖÆ £¬Õ⽫ΪÌáÉý³ÌÐò¶Ô¸ß²¢·¢TCPÅþÁ¬µÄÖ§³ÖÌṩÓÐÓõÄI/O°ü¹Ü¡£

¾­ÓÉÕâÑùµÄÓÅ»¯ÉèÖÃÖ®ºó £¬Ð§ÀÍÆ÷µÄTCP²¢·¢´¦ÀíÄÜÁ¦»áÏÔÖøÌá¸ß¡£ÒÔÉÏÉèÖýö¹©²Î¿¼ £¬ÓÃÓÚÉú²úÇéÐÎÇëƾ֤×Ô¼ºµÄÏÖÕæÏàÐε÷½âÊÓ²ìÔÙµ÷½â¡£

ÒÔÉϾÍÊǸ߲¢·¢ÇéÐÎÏ Linux ϵͳ¼° kernel ²ÎÊýÓÅ»¯µÄÏêϸÄÚÈÝ £¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡

ÃâÔð˵Ã÷£ºÒÔÉÏչʾÄÚÈÝȪԴÓÚÏàÖúýÌå¡¢ÆóÒµ»ú¹¹¡¢ÍøÓÑÌṩ»òÍøÂçÍøÂçÕûÀí £¬°æȨÕùÒéÓë±¾Õ¾ÎÞ¹Ø £¬ÎÄÕÂÉæ¼°¿´·¨Óë¿´·¨²»´ú±í×ðÁú¿­Ê±¹ÙÍøµÇ¼ÂËÓÍ»úÍø¹Ù·½Ì¬¶È £¬Çë¶ÁÕß½ö×ö²Î¿¼¡£±¾ÎĽӴýתÔØ £¬×ªÔØÇë˵Ã÷À´ÓÉ¡£ÈôÄúÒÔΪ±¾ÎÄÇÖÕ¼ÁËÄúµÄ°æȨÐÅÏ¢ £¬»òÄú·¢Ã÷¸ÃÄÚÈÝÓÐÈκÎÉæ¼°ÓÐÎ¥¹«µÂ¡¢Ã°·¸Ö´·¨µÈÎ¥·¨ÐÅÏ¢ £¬ÇëÄúÁ¬Ã¦ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼ʵʱÐÞÕý»òɾ³ý¡£

Ïà¹ØÐÂÎÅ

ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼

18523999891

¿É΢ÐÅÔÚÏß×Éѯ

ÊÂÇéʱ¼ä£ºÖÜÒ»ÖÁÖÜÎå £¬9:30-18:30 £¬½ÚãåÈÕÐÝÏ¢

QR code
ÍøÕ¾µØͼ