细分通用场景下的内核参数优化清单?
细分通用场景下的内核参数优化清单。针对所有应用场景的参数优化,其实很难形成一套较为通用的内核参数规范,是否能针对云底座、容器底座、裸金属等维度,或按照CPU、内存、磁盘IO等资源使用强度差异的维度,提供分场景下的内核参数优化规范。
收起查看其它 2 个回答Ciao的回答
| 编号 | 设置值 | 说明 |
| 1 | net.ipv4.conf.all.arp_ignore = 0net.ipv4.conf.default.arp_ignore = 0 | 不允许ignore arp(只有LVS时才需要此选项)默认 |
| 2 | net.ipv4.conf.all.arp_filter = 0net.ipv4.conf.default.arp_filter = 0 | 不允许ignore arp filter(只有LVS时才需要此选项)默认 |
| 3 | net.ipv4.conf.all.rp_filter = 0 | 不开启rp_filter(防止ip欺骗)默认1 |
| 4 | net.ipv4.conf.all.log_martians =0net.ipv4.conf.default.log_martians = 0 | 不记录探测包,源路由包,重定向包 默认 |
| 5 | net.ipv4.conf.all.promote_secondaries = 1 | 禁止删除primary ip,当secondary ip地址与primary ip地址属于同一个网段时,删除primary ip地址时也会删除secondary ip地址 默认 |
| 6 | net.ipv4.ip_no_pmtu_disc = 1 | 禁用ip path mtu discover 默认1 |
| 7 | net.ipv4.icmp_echo_ignore_broadcasts = 1 | 禁止响应目的地为广播地址类型为echo的icmp包。默认 |
| 8 | net.ipv4.conf.all.accept_source_route = 0net.ipv4.conf.default.accept_source_route = 0 | 禁用源地址路由 默认对于redis和mongodb环境,需启用源地址路由:net.ipv4.conf.all.accept_source_route = 1 |
| 10 | net.ipv4.conf.all.accept_redirects = 0net.ipv4.conf.default.accept_redirects = 0 | 拒绝路由重定向包 默认 |
| 11 | net.ipv4.conf.all.secure_redirects = 0 | 也不允许网关发送的路由重定向包 默认 |
| 12 | net.ipv4.tcp_timestamps = 1 | 开启tcp时间戳选项 默认 |
| 13 | net.ipv4.icmp_ignore_bogus_error_responses = 1 | 某些路由器忽略RFC1122规定的包,发送假的错误消息给源主机,导致源主机记录大量错误信息到日志中 默认 |
| 14 | net.ipv4.conf.all.proxy_arp = 0net.ipv4.conf.default.proxy_arp = 0 | 关闭arp代理 默认 |
| 15 | net.core.somaxconn = 65535net.ipv4.tcp_max_syn_backlog = 838860 | 最大的syn包队列设置,加大tcp会话等待数对于需要支撑高并发的业务服务器,可以根据压力测试情况,将该值增大。 |
| 16 | net.ipv4.tcp_syncookies = 1 | 防止客户端使用syn包打开半链接进行拒绝攻击,默认 |
| 17 | net.ipv4.tcp_fin_timeout = 60 | 本端关闭的链接从FIN_WAIT_2到TIME_WAIT状态设置为60 默认 |
| 18 | net.ipv4.conf.all.send_redirects = 0 | 禁止发送重定向报文 默认 |
| 19 | net.ipv4.tcp_keepalive_time = 150net.ipv4.tcp_keepalive_probes = 5net.ipv4.tcp_keepalive_intvl = 6 | TCP keepalive设置 |
| 20 | net.ipv4.conf.all.forwarding = 0net.ipv4.conf.default.forwarding = 0net.ipv4.ip_forward = 0 | 禁用ip转发 默认openshift容器集群环境,需开启IP转发功能:net.ipv4.conf.all.forwarding = 1net.ipv4.conf.default.forwarding = 1net.ipv4.ip_forward = 1 |
浏览82