CentOS7 解决TIME_WAIT过多的内核参数调整

centos7

默认情况下,我们会消除对操作系统施加的各种限制,以充分发挥硬件的性能。
主要的方法就是打开文件数的上限,启动进程数的上限,TCP/IP端口数的上限,促进TCP连接的重用,针对TCP欺诈的一些对策,以及通过禁用IPv6来提高资源效率等。

以下是具体方法,但是修改正式业务以前请务必进行彻底测试!!!

一、更改操作系统文件的最大数量和用户启动进程的最大数量
打开/etc/systemd/system.conf并更改以下内容
DefaultLimitNOFILE = 1048576
DefaultLimitNPROC = 1048576

二、打开/etc/sysctl.conf并更改以下内容
#kernel.threads-max = 29990
kernel.threads-max = 1060863

#fs.file-max = 379862
fs.file-max = 5242880

#net.ipv4.ip_local_port_range = 32768 60999
net.ipv4.ip_local_port_range = 1024 65535

#net.core.somaxconn = 128
net.core.somaxconn = 65535

#net.ipv4.tcp_max_syn_backlog = 128
net.ipv4.tcp_max_syn_backlog = 65535

#net.core.netdev_max_backlog = 1000
net.core.netdev_max_backlog = 16384

#net.ipv4.tcp_tw_reuse = 0
net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_tw_recycle = 0
#net.ipv4.tcp_fin_timeout = 60
net.ipv4.tcp_fin_timeout=10

#net.ipv4.tcp_slow_start_after_idle = 1
net.ipv4.tcp_slow_start_after_idle = 0

net.ipv4.conf.all.rp_filter = 1

#net.ipv4.tcp_rfc1337 = 0
net.ipv4.tcp_rfc1337 = 1

#net.ipv6.conf.all.disable_ipv6=1
#net.ipv6.conf.default.disable_ipv6=1

#net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_syncookies = 0

三、生效的相关命令:
敲入以下命令使之生效:sysctl -p
查看生效后的参数命令:sysctl -a
最好重新启动系统。
确认我们修改后的系统参数:
# ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 14995
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 1048576
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 1048576
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited