Transmission Control Protocol and Internet Protocol (TCP/IP) is a standard set of protocols used by every network-enabled device. TCP/IP defines the standards to communicate over a network. TCP/IP is a set of protocols and is divided in two parts: TCP and IP. IP defines the rules for IP addressing and routing packets over network and provides an identity IP address to each host on the network. TCP deals with the interconnection between two hosts and enables them to exchange data over network. TCP is a connection-oriented protocol and controls the ordering of packets, retransmission, error detection, and other reliability tasks.
TCP stack is designed to be very general in nature so that it can be used by anyone for any network conditions. Servers use the same TCP/IP stack as used by their clients. For this reason, the default values are configured for general uses and not optimized for high-load server environments. New Linux kernel provides a tool called sysctl
that can be used to modify kernel parameters at runtime without recompiling the entire kernel. We can use sysctl
to modify and TCP/IP parameters to match our needs.
In this article, we will look at various kernel parameters that control the network. It is not required to modify all parameters listed here. You can choose ones that are required and suitable for your system and network environment.
It is advisable to test these modifications on local systems before doing any changes on live environment. A lot of these parameters directly deal with network connections and related CPU and memory uses. This can result in connection drops and/or sudden increases in resource use. Make sure that you have read the documentation for the parameter before you change anything.
Also, it is a good idea to set benchmarks before and after making any changes to sysctl
parameters. This will give you a base to compare improvements, if any. Again, benchmarks may not reveal all the effects of parameter changes. Make sure that you have read the respective documentation.
You will need root access.
Note down basic performance metrics with the tool of your choice.
Follow these steps to tune the TCP stack:
- Set the maximum open files limit:
[et_pb_dmb_code_snippet code=”JCB1bGltaXQgLW4gIyBjaGVjayBleGlzdGluZyBsaW1pdHMgZm9yIGxvZ2dlZCBpbiB1c2VyIAojIHVsaW1pdCAtbiA2NTUzNSAjIHJvb3QgY2hhbmdlIHZhbHVlcyBhYm92ZSBoYXJkIGxpbWl0cw==” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]JCB1bGltaXQgLW4gIyBjaGVjayBleGlzdGluZyBsaW1pdHMgZm9yIGxvZ2dlZCBpbiB1c2VyIAojIHVsaW1pdCAtbiA2NTUzNSAjIHJvb3QgY2hhbmdlIHZhbHVlcyBhYm92ZSBoYXJkIGxpbWl0cw==[/et_pb_dmb_code_snippet]
- To permanently set limits for a user, open
/etc/security/limits.conf
and add the following lines at end of the file. Make sure to replace values in brackets, <>
:
[et_pb_dmb_code_snippet code=”PHVzZXJuYW1lPiBzb2Z0IG5vZmlsZSA8dmFsdWU+ICMgc29mdCBsaW1pdHMgCjx1c2VybmFtZT4gaGFyZCBub2ZpbGUgPHZhbHVlPiAjIGhhcmQgbGltaXRz” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]PHVzZXJuYW1lPiBzb2Z0IG5vZmlsZSA8dmFsdWU+ICMgc29mdCBsaW1pdHMgCjx1c2VybmFtZT4gaGFyZCBub2ZpbGUgPHZhbHVlPiAjIGhhcmQgbGltaXRz[/et_pb_dmb_code_snippet]
[et_pb_dmb_code_snippet code=”IyBzeXNjdGwgLWE=” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]IyBzeXNjdGwgLWE=[/et_pb_dmb_code_snippet]
- Set the TCP default read-write buffer:
[et_pb_dmb_code_snippet code=”IyBlY2hvICduZXQuY29yZS5ybWVtX2RlZmF1bHQ9NjU1MzYnID4+IC9ldGMvc3lzY3RsLmNvbmYgCiMgZWNobyAnbmV0LmNvcmUud21lbV9kZWZhdWx0PTY1NTM2JyA+PiAvZXRjL3N5c2N0bC5jb25m” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]IyBlY2hvICduZXQuY29yZS5ybWVtX2RlZmF1bHQ9NjU1MzYnID4+IC9ldGMvc3lzY3RsLmNvbmYgCiMgZWNobyAnbmV0LmNvcmUud21lbV9kZWZhdWx0PTY1NTM2JyA+PiAvZXRjL3N5c2N0bC5jb25m[/et_pb_dmb_code_snippet]
- Set the TCP read and write buffers to 8 MB:
[et_pb_dmb_code_snippet code=”IyBlY2hvICduZXQuY29yZS5ybWVtX21heD04Mzg4NjA4JyA+PiAvZXRjL3N5c2N0bC5jb25mIAojIGVjaG8gJ25ldC5jb3JlLndtZW1fbWF4PTgzODg2MDgnID4+IC9ldGMvc3lzY3RsLmNvbmY=” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]IyBlY2hvICduZXQuY29yZS5ybWVtX21heD04Mzg4NjA4JyA+PiAvZXRjL3N5c2N0bC5jb25mIAojIGVjaG8gJ25ldC5jb3JlLndtZW1fbWF4PTgzODg2MDgnID4+IC9ldGMvc3lzY3RsLmNvbmY=[/et_pb_dmb_code_snippet]
- Increase the maximum TCP orphans:
[et_pb_dmb_code_snippet code=”IyBlY2hvICduZXQuaXB2NC50Y3BfbWF4X29ycGhhbnM9NDA5NicgPj4gL2V0Yy9zeXNjdGwuY29uZg==” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]IyBlY2hvICduZXQuaXB2NC50Y3BfbWF4X29ycGhhbnM9NDA5NicgPj4gL2V0Yy9zeXNjdGwuY29uZg==[/et_pb_dmb_code_snippet]
- Disable slow start after being idle:
[et_pb_dmb_code_snippet code=”IyBlY2hvICduZXQuaXB2NC50Y3Bfc2xvd19zdGFydF9hZnRlcl9pZGxlPTAnID4+IC9ldGMvc3lzY3RsLmNvbmY=” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]IyBlY2hvICduZXQuaXB2NC50Y3Bfc2xvd19zdGFydF9hZnRlcl9pZGxlPTAnID4+IC9ldGMvc3lzY3RsLmNvbmY=[/et_pb_dmb_code_snippet]
- Minimize TCP connection retries:
[et_pb_dmb_code_snippet code=”IyBlY2hvICduZXQuaXB2NC50Y3Bfc3luYWNrX3JldHJpZXM9MycgPj4gL2V0Yy9zeXNjdGwuY29uZiAKIyBlY2hvICduZXQuaXB2NC50Y3Bfc3luX3JldHJpZXMgPTMnID4+IC9ldGMvc3lzY3RsLmNvbmY=” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]IyBlY2hvICduZXQuaXB2NC50Y3Bfc3luYWNrX3JldHJpZXM9MycgPj4gL2V0Yy9zeXNjdGwuY29uZiAKIyBlY2hvICduZXQuaXB2NC50Y3Bfc3luX3JldHJpZXMgPTMnID4+IC9ldGMvc3lzY3RsLmNvbmY=[/et_pb_dmb_code_snippet]
- Set the TCP window scaling:
[et_pb_dmb_code_snippet code=”IyBlY2hvICduZXQuaXB2NC50Y3Bfd2luZG93X3NjYWxpbmc9MScgPj4gL2V0Yy9zeXNjdGwuY29uZg==” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]IyBlY2hvICduZXQuaXB2NC50Y3Bfd2luZG93X3NjYWxpbmc9MScgPj4gL2V0Yy9zeXNjdGwuY29uZg==[/et_pb_dmb_code_snippet]
[et_pb_dmb_code_snippet code=”IyBlY2hvICduZXQuaXB2NC50Y3BfdGltZXN0YW1wPTEnID4+IC9ldGMvc3lzY3RsLmNvbmY=” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]IyBlY2hvICduZXQuaXB2NC50Y3BfdGltZXN0YW1wPTEnID4+IC9ldGMvc3lzY3RsLmNvbmY=[/et_pb_dmb_code_snippet]
- Enable selective acknowledgements:
[et_pb_dmb_code_snippet code=”IyBlY2hvICduZXQuaXB2NC50Y3Bfc2Fjaz0wJyA+PiAvZXRjL3N5c2N0bC5jb25m” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]IyBlY2hvICduZXQuaXB2NC50Y3Bfc2Fjaz0wJyA+PiAvZXRjL3N5c2N0bC5jb25m[/et_pb_dmb_code_snippet]
- Set the maximum number of times the IPV4 packet can be reordered in the TCP packet stream:
[et_pb_dmb_code_snippet code=”IyBlY2hvICduZXQuaXB2NC50Y3BfcmVvcmRlcmluZz0zJyA+PiAvZXRjL3N5c2N0bC5jb25m” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]IyBlY2hvICduZXQuaXB2NC50Y3BfcmVvcmRlcmluZz0zJyA+PiAvZXRjL3N5c2N0bC5jb25m[/et_pb_dmb_code_snippet]
- Send data in the opening SYN packet:
[et_pb_dmb_code_snippet code=”IyBlY2hvICduZXQuaXB2NC50Y3BfZmFzdG9wZW49MScgPj4gL2V0Yy9zeXNjdGwuY29uZg==” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]IyBlY2hvICduZXQuaXB2NC50Y3BfZmFzdG9wZW49MScgPj4gL2V0Yy9zeXNjdGwuY29uZg==[/et_pb_dmb_code_snippet]
- Set the number of opened connections to be remembered before receiving acknowledgement:
[et_pb_dmb_code_snippet code=”IyBlY2hvICd0Y3BfbWF4X3N5bl9iYWNrbG9nPTE1MDAnID4+IC9ldGMvc3lzY3RsLmNvbmY=” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f”]IyBlY2hvICd0Y3BfbWF4X3N5bl9iYWNrbG9nPTE1MDAnID4+IC9ldGMvc3lzY3RsLmNvbmY=[/et_pb_dmb_code_snippet]
- Set the number of TCP keep-alive probes to send before deciding the connection is broken:
[et_pb_dmb_code_snippet code=”IyBlY2hvICd0Y3Bfa2VlcGFsaXZlX3Byb2Jlcz01JyA+PiAvZXRjL3N5c2N0bC5jb25m” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]IyBlY2hvICd0Y3Bfa2VlcGFsaXZlX3Byb2Jlcz01JyA+PiAvZXRjL3N5c2N0bC5jb25m[/et_pb_dmb_code_snippet]
- Set the keep-alive time, which is a timeout value after the broken connection is killed:
[et_pb_dmb_code_snippet code=”IyBlY2hvICd0Y3Bfa2VlcGFsaXZlX3RpbWU9MTgwMCcgPj4gL2V0Yy9zeXNjdGwuY29uZg==” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]IyBlY2hvICd0Y3Bfa2VlcGFsaXZlX3RpbWU9MTgwMCcgPj4gL2V0Yy9zeXNjdGwuY29uZg==[/et_pb_dmb_code_snippet]
- Set intervals to send keep-alive packets:
[et_pb_dmb_code_snippet code=”IyBlY2hvICd0Y3Bfa2VlcGFsaXZlX2ludHZsPTYwJyA+PiAvZXRjL3N5c2N0bC5jb25m” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]IyBlY2hvICd0Y3Bfa2VlcGFsaXZlX2ludHZsPTYwJyA+PiAvZXRjL3N5c2N0bC5jb25m[/et_pb_dmb_code_snippet]
- Set to reuse or recycle connections in the wait state:
[et_pb_dmb_code_snippet code=”IyBlY2hvICduZXQuaXB2NC50Y3BfdHdfcmV1c2U9MScgPj4gL2V0Yy9zeXNjdGwuY29uZiAKIyBlY2hvICduZXQuaXB2NC50Y3BfdHdfcmVjeWNsZT0xJyA+PiAvZXRjL3N5c2N0bC5jb25m” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]IyBlY2hvICduZXQuaXB2NC50Y3BfdHdfcmV1c2U9MScgPj4gL2V0Yy9zeXNjdGwuY29uZiAKIyBlY2hvICduZXQuaXB2NC50Y3BfdHdfcmVjeWNsZT0xJyA+PiAvZXRjL3N5c2N0bC5jb25m[/et_pb_dmb_code_snippet]
- Increase the maximum number of connections:
[et_pb_dmb_code_snippet code=”IyBlY2hvICduZXQuaXB2NC5pcF9sb2NhbF9wb3J0X3JhbmdlPTMyNzY4IDY1NTM1JyA+PiAvZXRjL3N5c2N0bC5jb25m” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]IyBlY2hvICduZXQuaXB2NC5pcF9sb2NhbF9wb3J0X3JhbmdlPTMyNzY4IDY1NTM1JyA+PiAvZXRjL3N5c2N0bC5jb25m[/et_pb_dmb_code_snippet]
[et_pb_dmb_code_snippet code=”IyBlY2hvICd0Y3BfZmluX3RpbWVvdXQ9NjAnID4+IC9ldGMvc3lzY3RsLmNvbmY=” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]IyBlY2hvICd0Y3BfZmluX3RpbWVvdXQ9NjAnID4+IC9ldGMvc3lzY3RsLmNvbmY=[/et_pb_dmb_code_snippet]
The behavior of Linux kernel can be fine tuned with the help of various Linux kernel parameters. These are the options passed to the kernel in order to control various aspects of the system. These parameters can be passed while compiling the kernel, at boot time, or at runtime using the /proc
filesystem and tools such as sysctl.
In this recipe, we have used sysctl to configure network-related kernel parameters to fine tune network settings. Again, you need to cross check each configuration to see if it’s working as expected.
Along with network parameters, tons of other kernel parameters can be configured with the sysctl
command. The -a
flag to sysctl will list all the available parameters:
[et_pb_dmb_code_snippet code=”JCBzeXNjdGwgLWE=” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ copy_button=”on” sticky_enabled=”0″]JCBzeXNjdGwgLWE=[/et_pb_dmb_code_snippet]
All these configurations are stored in a filesystem at the /proc
directory, grouped in their respective categories. You can directly read/write these files or use the sysctl
command:
[et_pb_dmb_code_snippet code=”dWJ1bnR1QHVidW50dTp+JCBzeXNjdGwgZnMuZmlsZS1tYXggCmZzLmZpbGUtbWF4ID0gOTg4NjkgCnVidW50dUB1YnVudHU6fiQgY2F0IC9wcm9jL3N5cy9mcy9maWxlLW1heCAKOTg4Njk=” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]dWJ1bnR1QHVidW50dTp+JCBzeXNjdGwgZnMuZmlsZS1tYXggCmZzLmZpbGUtbWF4ID0gOTg4NjkgCnVidW50dUB1YnVudHU6fiQgY2F0IC9wcm9jL3N5cy9mcy9maWxlLW1heCAKOTg4Njk=[/et_pb_dmb_code_snippet]
0 Comments