4285ch04.fm Draft Document for Review May 4, 2007 11:35 am
132 Linux Performance and Tuning Guidelines
should be changed only after careful monitoring, as there is a risk of overflowing memory
because of the number of dead sockets:
sysctl -w net.ipv4.tcp_fin_timeout=30
One of the problems found in servers with many simultaneous TCP connections is the
large number of connections that are open but unused. TCP has a keepalive function that
probes these connections and, by default, drops them after 7200 seconds (2 hours). This
length of time may be too long for your server and may result in excess memory usage
and a decrease in server performance.
Setting it to 1800 seconds (30 minutes), for example, may be more appropriate:
sysctl -w net.ipv4.tcp_keepalive_time=1800
When the server is heavily loaded or has many clients with bad connections with high
latency, it can result in an increase in half-open connections. This is common for Web
servers, especially when there are many dial-up users. These half-open connections are
stored in the backlog connections queue. You should set this value to at least 4096. (The
default is 1024.)
Setting this value is useful even if your server does not receive this kind of connection, as
it can still be protected from a DoS (syn-flood) attack.
sysctl -w net.ipv4.tcp_max_syn_backlog=4096
While TCP SYN cookies are helpful in protecting the server from syn-flood attacks, both
denial-of-service (DoS) or distributed denial-of-service (DDoS), they may have an adverse
effect on performance. We suggest enabling TCP SYN cookies only when there is a clear
need for them.
sysctl -w net.ipv4.tcp_syncookies=1
Tuning TCP optionsSelective acknowledgments are a way of optimizing TCP traffic considerably. However.
SACKs and DSACKs may adversely affect performance on Gigabit networks. While
enabled by default, tcp_sack and tcp_dsack oppose optimal TCP/IP performance in
high-speed networks and should be disabled.
sysctl -w net.ipv4.tcp_sack=0
sysctl -w net.ipv4.tcp_dsack=0
Every time an Ethernet frame is forwarded to the network stack of the Linux kernel, it
receives a time stamp. This behavior is useful and necessary for edge systems such as
firewalls and Web servers, but backend systems may benefit from disabling the TCP time
stamps by reducing some overhead. TCP timestamps can be disabled via this call:
sysctl -w net.ipv4.tcp_timestamps=0
We have also learned that window scaling may be an option to enlarge the transfer
window. However, benchmarks have shown that window scaling is not suited for systems
experiencing very high network load. Additionally, some network devices do not follow the
RFC guidelines and may cause window scaling to malfunction. We suggest disabling
window scaling and manually setting the window sizes.
sysctl -w net.ipv4.tcp_window_scaling=0
Note: This command is valid only when the kernel is compiled with
CONFIG_SYNCOOKIES.