Some suggestions for Linux system optimization (kernel optimization)

Disable swap

If the server is running a database service or a message middleware service, please disable the swap partition.

echo "vm.swappiness = 0" >> /etc/sysctl.conf
sysctl -p

OOM Killer

Generally, our Linux services are co-located services, and the physical memory requested by each program is shared. For example, if the physical memory is only 1 GB, it is possible to start two programs and request 1 GB each. Linux uses this over-allocation method to fully utilize the memory. When the actual memory used by the program exceeds the physical memory, the system will kill some programs according to their priority to ensure the normal operation of other programs. In order to avoid the killing of core services, the process file can be set to the highest priority.

# The smaller the value, the less likely it is to be killed echo -17 > /proc/$pid/oom_score_adj

TCP

Because the database and some message middleware services we provide all work on the intranet, we can optimize the TCP parameters for the intranet.

• net.ipv4.tcp_syn_retries

The default value is 6 and the reference value is 2. When the host acts as a client and initiates a TCP connection to the outside world, which is the first step of the three-way handshake, the kernel sends the SYN message and retries the number of times. If this number is exceeded, the connection is abandoned. The intranet environment has good communication, so this value can be appropriately reduced

• net.ipv4.tcp_synack_retries

The default value is 5 and the reference value is 2. When the host acts as a server and accepts a TCP connection, in the second step of the three-way handshake, it sends a SYN+ACK message to the client and tries again, and then abandons the connection after this number of retries. This value can be appropriately reduced in the intranet environment

• net.ipv4.tcp_timestamps

Whether to enable timestamp. If enabled, RTT can be calculated more accurately. Some other features also rely on the timestamp field.

• net.ipv4.tcp_tw_reuse

The default value is 0 and the recommended value is 1. Whether to allow sockets in TIME_WAIT state to be used for new TCP connections. This is very effective in reducing the number of TIME_WAIT. This parameter takes effect only when tcp_timestamps is enabled.

• net.ipv4.tcp_tw_recycle

Whether to enable fast recycling of TIME_WAIT sockets, which is a more radical method than tcp_tw_reuse, and it also depends on the tcp_timestamps option. It is strongly recommended not to enable tcp_tw_recycle for two reasons. First, TIME_WAIT is a necessary state to avoid confusion between the data of the closing connection and the newly established connection. Second, the tcp_tw_recycle option will cause some new connections to be rejected in a NAT environment. Because each host has a time difference under NAT, this is reflected in the timestamp field in the socket. The server will find that the timestamp on a certain IP that should have been incremented has decreased, and the message with a relatively decreased timestamp will be discarded.

• net.core.somaxconn

The default value is 128 and the reference value is 2048. Defines the maximum listening queue length on each port in the system. When the server listens to a port, the operating system completes the three-way handshake for the client's connection request. These established connections are stored in a queue, waiting to be taken away by an accept call. This option defines the length of the queue. Increasing this value can reduce the number of server-side rejects in high-concurrency scenarios.

• net.ipv4.tcp_max_syn_backlog

The client's request is managed by two queues on the server side. One is a queue where connections are established with the client and waiting for acceptance. The length of this queue is controlled by the somaxconn parameter. The other is a separate queue where connections that are being established but not completed are stored. The length of this queue is controlled by tcp_max_syn_backlog; the default is 128 and can be adjusted to 8192.

• net.ipv4.tcp_max_tw_buckets

The default value is 4096 and the reference value is 100000. Defines the maximum number of TIME_WAIT sockets that the system can maintain at the same time. If this number is exceeded, the TIME_WAIT sockets will be cleared immediately and a warning message will be printed. If the system is troubled by excessive TIME_WAIT, you can adjust the three options tcp_max_tw_buckets, tcp_tw_reuse, and tcp_timestamps to alleviate the problem. The TIME_WAIT state occurs when the end that actively closes the TCP session is closed. If you want to solve the problem fundamentally, let the client actively close the connection instead of the server.

page cache

Page cache is the system dirty page, which is the system's IO cache. Before data is written to disk, it is first written to the page cache and then asynchronously flushed to disk. Write cache can improve IO access speed, but it also increases the risk of data loss.

There are three opportunities to flush from page cache to disk:

• To free up free memory for the system when the available physical memory falls below a certain threshold;
• To prevent dirty pages from staying in memory indefinitely, when the dirty page residency time exceeds a certain threshold;
• Triggered by a sync() or fsync() call from the user.
  

There are two writing strategies for flushing performed by the system:

• Asynchronous execution of disk flushing without blocking user I/O;
• The flush is performed synchronously, and the user I/O is blocked until the dirty pages fall below a certain threshold.
  

In general, the system executes the first strategy first. When the amount of dirty page data is too large and the asynchronous execution cannot complete the disk flush in time, it switches to the synchronous mode.

We can adjust the dirty data flushing threshold through kernel parameters:

• vm.dirty_background_ratio, default value is 10. This parameter defines a percentage. When the dirty data in memory exceeds this percentage, the system uses asynchronous method to flush the data to disk.
• vm.dirty_ratio, default value is 30. A percentage is also defined. When the dirty data in the memory exceeds this percentage, the system flushes the disk synchronously and the write request is blocked until the dirty data is lower than the dirty_ratio. If it is still higher than dirty_background_ratio, switch to asynchronous disk flushing. Therefore dirty_ratio should be higher than dirty_background_ratio.
  

In addition to percentage control, you can also specify an expiration time: vm.dirty_expire_centisecs. The default value is 3000 (30 seconds), and the unit is 1 hundredth of a second. After this time, dirty data is asynchronously flushed to disk.

You can view the current number of dirty pages in the system by using the following command:

cat /proc/vmstat |egrep "dirty|writeback"
nr_dirty 951
nr_writeback 0
nr_writeback_temp 0
#The output shows that there are 951 dirty pages waiting to be written to disk. The default page size is 4KB. In addition, you can also see this information in the /proc/meminfo file.

If the data security requirement is not that high and you want to "cache" more data to make it easier for reads to hit the cache, you can increase the dirty data ratio and expiration time:

vm.dirty_background_ratio = 30
vm.dirty_ratio = 60
vm.dirty_expire_centisecs = 6000

Similarly, if you do not want io to be blocked due to disk flushing, you can appropriately reduce the value of asynchronous disk flushing, which will make io smoother:

vm.dirty_background_ratio = 5
vm.dirty_ratio = 60

The above are some detailed suggestions for Linux system optimization (kernel optimization). For more information about Linux system optimization, please pay attention to other related articles on 123WORDPRESS.COM!