|
|
楼主 |
发表于 2022-7-16 07:26:40
|
显示全部楼层
sysctl.conf文件配置详解
) H" h4 U3 v: r临时生效
2 O N; n6 U3 r, k' ?7 Z# g#修改后,马上生效,重启或者service network restart失效
- f( e- }: r7 `8 w; |sysctl -w fs.file-max=999999& N+ `# t( Z# [9 o* ~6 L3 B% c7 m, G
2 }6 b* e9 A7 m# H6 q
永久生效% F# |8 B6 ?- M m! C- B
#vim /etc/sysctl.conf2 M6 n5 W# E5 U; x1 K7 a! |2 J
fs.file-max=999999
! M' o& f2 _# d! u! i$ ?#保存后,执行sysctl -p 或者重启服务器生效
' d' S$ I) w7 Z9 x: b) \查看配置& U1 [3 W2 t7 w9 [. i
sysctl -a #消失全部配置
- y4 Q, w. |, Q' ^sysctl fs.file-max #显示fs.file-max的值
: Z# b9 V! k5 x" o) w. h# sysctl -a | grep file #模糊查找1 N y( i* Y" j$ ?% }3 W
参考资料:Linux Tcp参数设置
' E7 F- Q8 Z$ _4 @1 @: @ e4 Q. y4 Q7 h- V7 E6 C& {
kernel.sched_child_runs_first = 0
+ t2 z b$ K( w& P/ J: u7 R
1 o- }9 w/ t4 C* N' g% {& I( J- |kernel.sched_min_granularity_ns = 3000000
8 U: U+ }) h. ^kernel.sched_latency_ns = 15000000 C* `0 y! ]9 B1 n
kernel.sched_wakeup_granularity_ns = 3000000 P5 r- R5 O6 x, X
kernel.sched_tunable_scaling = 1
& o! H2 {3 Q2 \! t. j- k, c6 B$ X9 C& Q/ W$ K; ]
kernel.sched_features = 3183
# Y, B) m3 A5 e+ w0 ]+ }! N' b8 wkernel.sched_migration_cost = 500000
/ u8 }* P# p$ k) ^kernel.sched_nr_migrate = 32. j& x% F! @# Z7 _5 {7 M2 n
kernel.sched_time_avg = 1000! H, w* Z9 X1 ] n3 m4 d/ C9 X
kernel.sched_shares_window = 100000009 ~+ V0 K, g- _; y
kernel.timer_migration = 14 F9 F3 `% U( E$ ~1 c
kernel.sched_rt_period_us = 1000000
$ |( ], C. B% V8 a; l' z3 Skernel.sched_rt_runtime_us = 950000
! p! l+ L E' W3 H: `" @0 B7 akernel.sched_compat_yield = 0
* F) z+ m; h* H7 `; Dkernel.sched_rr_timeslice_ms = 1000 g& ?" i2 ^- I) `% P
kernel.sched_autogroup_enabled = 0
9 A' }* ]0 J# H: f) [7 vkernel.sched_cfs_bandwidth_slice_us = 50005 M/ n7 {/ \; r- s0 g) M
kernel.panic = 0
9 T$ E; Q; H- f1 mkernel.exec-shield = 1! c+ X; j& ^! a3 m( S
kernel.core_uses_pid = 1
' r. g+ J' ~* s' v& @kernel.core_pattern = |/usr/libexec/abrt-hook-ccpp %s %c %p %u %g %t e
/ Q0 c) r# G2 `9 Lkernel.core_pipe_limit = 44 u) n" {5 T3 s9 T5 l- Q
kernel.tainted = 0
7 Y$ _% N1 q+ G3 x. R' Ykernel.real-root-dev = 0
* x7 ]" Z: z- O" n! Zkernel.print-fatal-signals = 0& I' T" D7 |! K) u) b2 }$ |
kernel.ctrl-alt-del = 0: S2 s, Q. o. n* o
kernel.ftrace_enabled = 1
0 L7 U& W, B" Z, \ Z3 \7 Okernel.stack_tracer_enabled = 0
: `; }& O' Z+ f, Q, ?kernel.ftrace_dump_on_oops = 0
' Q" y* ~5 }6 V6 T' v% Akernel.modprobe = /sbin/modprobe# ^0 H& M/ Z d5 A& {+ I
kernel.modules_disabled = 0
" X. f& q. _: W; h$ ?' mkernel.kexec_load_disabled = 0
2 V9 y) ~) N8 |- x0 K- qkernel.hotplug =2 q( j' r M* P" k$ K% D7 q3 {. O
kernel.acct = 4 2 30
2 g* ^' [) f* ~+ W6 o! G+ Xkernel.sysrq = 0# X! U, Y9 Y$ E
kernel.cad_pid = 1
7 X* {- S+ G8 {9 L3 g' h1 ekernel.threads-max = 60719, ~; y* \ o9 U. ~5 ~- q6 b
kernel.random.poolsize = 4096
2 d# s' o! I2 R* b% |kernel.random.entropy_avail = 455. N) r' V- f! W% b' v: Y
kernel.random.read_wakeup_threshold = 64
$ C& z; l/ M. n+ ?! e9 a9 `kernel.random.write_wakeup_threshold = 128$ q/ [) R* e3 W7 `5 ]" |
kernel.random.boot_id = 7ed1dbbb-9671-4ee2-8d81-58c58ba824ac& Q3 l7 y' A4 C! W+ G
kernel.random.uuid = d1f372bb-bca8-4338-9d48-b9855a4ec41a
1 u+ m: T6 T5 D5 x/ }kernel.usermodehelper.bset = 4294967295 4294967295$ d0 H, D1 \" g+ m) L
kernel.usermodehelper.inheritable = 4294967295 42949672958 c a" m2 x/ a: Z* `) [! m
kernel.overflowuid = 65534' N, g$ X/ o$ I6 L) w
kernel.overflowgid = 65534% z& ?7 Q& M( x* x; V& X
kernel.pid_max = 131072
' X1 ?2 \% }! f, t- Kkernel.panic_on_oops = 1& |& o/ k7 Y& U# H, E8 m2 _7 p
kernel.printk = 4 4 1 7* s( z/ N7 U1 `( F- {1 U$ n/ D! O
kernel.printk_ratelimit = 5& I5 G" a9 a1 r1 J
kernel.printk_ratelimit_burst = 10
( g `' D; R6 B( G( [8 |, m9 ~kernel.printk_delay = 0; p) R7 u# l5 f$ L6 S9 O; ^
kernel.dmesg_restrict = 0 d, l9 H4 @( {
kernel.kptr_restrict = 18 }( O2 h) K V" H
kernel.ngroups_max = 65536! L8 M& ~& p! G: d# ^( i; X! m
kernel.watchdog = 1
; K% m, f( W; {9 Skernel.watchdog_thresh = 60
* n3 g" g5 t8 J8 P8 ~8 n4 g- Ikernel.softlockup_panic = 0
+ p/ Y$ x7 o1 ?0 R i9 wkernel.nmi_watchdog = 1! U4 n( a l2 ]' v
kernel.unknown_nmi_panic = 0' k- }4 l0 Z r( w" r6 A
kernel.panic_on_unrecovered_nmi = 0
7 Y- P) H# R0 tkernel.panic_on_io_nmi = 0
. }# G$ ~1 X1 jkernel.bootloader_type = 113
. ]/ u3 F; `7 v( r* b* j1 r7 Ekernel.bootloader_version = 1
* w# J" |# k* S0 x8 O5 Okernel.kstack_depth_to_print = 12
4 p9 h7 e0 g& A$ J+ G& Wkernel.io_delay_type = 0. c, u; b6 _: C. m
kernel.randomize_va_space = 2
* i7 r' P# l) X9 ]8 U! Z& y% Dkernel.acpi_video_flags = 0. f" {3 @* }! \# {9 ^6 M
kernel.hung_task_panic = 0
O- o2 k* v3 f' V6 H& kkernel.hung_task_check_count = 4194304, L0 q* b8 s: d) N7 d6 g
kernel.hung_task_timeout_secs = 120+ f) S$ |0 [1 T" X
kernel.hung_task_warnings = 10; V: }1 I) g; t4 d- ^0 I# U6 Z
kernel.compat-log = 1
- N4 U& P) F1 {0 W8 c. I; fkernel.max_lock_depth = 1024/ Y$ K; S" _5 r. @1 x
kernel.poweroff_cmd = /sbin/poweroff, {0 _, h# u+ S" E
kernel.keys.maxkeys = 200" z' ~+ H$ C; k V$ x% e
kernel.keys.maxbytes = 20000
2 C4 v# }. _4 ckernel.keys.root_maxkeys = 1000000
z4 `3 ]* Y4 r1 O+ R) Ckernel.keys.root_maxbytes = 25000000: Y( ?8 d4 t7 F8 p4 C4 N
kernel.keys.gc_delay = 300
' g8 c; r) v# H u: [kernel.slow-work.min-threads = 26 O- C/ j& c+ a! L; ~5 v2 Z/ ?/ d
kernel.slow-work.max-threads = 1281 B8 S* t& Y2 H
kernel.slow-work.vslow-percentage = 507 S3 E( P! W6 U# [1 \6 E1 y/ |
kernel.perf_event_paranoid = 1: ^( C: b- R. u
kernel.perf_event_mlock_kb = 516
( L' w; J4 L/ J3 |, {( S% akernel.perf_event_max_sample_rate = 100000
1 W, {9 k& U. Y* n9 f) v7 _/ ?: T; |kernel.blk_iopoll = 1
) \9 Q1 }/ P1 V! W1 Ekernel.sched_domain.cpu0.domain0.min_interval = 16 o1 ?7 _2 ^. p L, g
kernel.sched_domain.cpu0.domain0.max_interval = 4! Y6 S7 p; H- U8 P! p& y/ P
kernel.sched_domain.cpu0.domain0.busy_idx = 2
: V. i( V) Q3 H: M, p/ Fkernel.sched_domain.cpu0.domain0.idle_idx = 1
) W) B) C; ^0 r: @9 t; n: }% qkernel.sched_domain.cpu0.domain0.newidle_idx = 0$ o9 P5 P8 j2 H% Q
kernel.sched_domain.cpu0.domain0.wake_idx = 0
# F; T+ M# s5 L- C# \- k+ b3 [kernel.sched_domain.cpu0.domain0.forkexec_idx = 0
. K0 {+ p* R% V2 f( B) Hkernel.sched_domain.cpu0.domain0.busy_factor = 64
" k. f6 b1 j5 V; Tkernel.sched_domain.cpu0.domain0.imbalance_pct = 125
1 \- g- `: T0 J, X0 o$ Gkernel.sched_domain.cpu0.domain0.cache_nice_tries = 1: N( p/ B0 B! R+ k1 _
kernel.sched_domain.cpu0.domain0.flags = 4143
* d1 H1 ?( W0 Mkernel.sched_domain.cpu0.domain0.name = CPU
+ ^' n+ q$ R( Xkernel.sched_domain.cpu1.domain0.min_interval = 1- c i0 q% g6 U& X) e6 o( Q6 j9 s- Z
kernel.sched_domain.cpu1.domain0.max_interval = 4
. @3 `# t x; Mkernel.sched_domain.cpu1.domain0.busy_idx = 22 _& b0 n s5 L$ M% f$ Z, Q
kernel.sched_domain.cpu1.domain0.idle_idx = 1
. o% K# h/ D% z0 [4 Vkernel.sched_domain.cpu1.domain0.newidle_idx = 03 z# `% G4 q! u5 z$ p
kernel.sched_domain.cpu1.domain0.wake_idx = 00 ^4 ?8 e7 F* w4 n
kernel.sched_domain.cpu1.domain0.forkexec_idx = 0
W5 W) d8 C- L& qkernel.sched_domain.cpu1.domain0.busy_factor = 643 V2 y$ `: R) y
kernel.sched_domain.cpu1.domain0.imbalance_pct = 125
4 c6 _/ | k# G% A2 ckernel.sched_domain.cpu1.domain0.cache_nice_tries = 15 g' ]- x/ X1 H( y9 v
kernel.sched_domain.cpu1.domain0.flags = 4143
( O4 \$ \' {: }8 w2 d5 c- \kernel.sched_domain.cpu1.domain0.name = CPU
. `2 i% {7 [% d0 U- B3 X. lkernel.sched_domain.cpu2.domain0.min_interval = 1% w2 f9 J2 B4 ?: u) l8 T- ]* T% r$ V
kernel.sched_domain.cpu2.domain0.max_interval = 46 P' }5 f# w- |& g8 H; U" R0 p2 a
kernel.sched_domain.cpu2.domain0.busy_idx = 2
% U' }. X. J# p% n, c' _kernel.sched_domain.cpu2.domain0.idle_idx = 1' [# ^8 w3 ^0 u E) y# G
kernel.sched_domain.cpu2.domain0.newidle_idx = 0
5 N0 j% u2 ] w' ykernel.sched_domain.cpu2.domain0.wake_idx = 0" d# b/ r9 e9 Y
kernel.sched_domain.cpu2.domain0.forkexec_idx = 0
+ W; F- u* ^+ m f% mkernel.sched_domain.cpu2.domain0.busy_factor = 642 f& d- k1 k. H) Z/ I
kernel.sched_domain.cpu2.domain0.imbalance_pct = 125
4 w e. X7 n8 h0 Q' g# I5 pkernel.sched_domain.cpu2.domain0.cache_nice_tries = 1/ A5 ?' e6 v2 a. o+ C! m {
kernel.sched_domain.cpu2.domain0.flags = 4143
3 ~) ~2 K, c% Y) j7 ykernel.sched_domain.cpu2.domain0.name = CPU
, |+ J7 }: |' ?kernel.sched_domain.cpu3.domain0.min_interval = 13 r( U, u/ C) n
kernel.sched_domain.cpu3.domain0.max_interval = 4
6 P/ ?" S" L& hkernel.sched_domain.cpu3.domain0.busy_idx = 2& n H, r' k y: x4 U
kernel.sched_domain.cpu3.domain0.idle_idx = 1" N4 B- x- O8 ^0 Q
kernel.sched_domain.cpu3.domain0.newidle_idx = 0* k) }6 Z3 R% [$ S3 G8 \ w. x0 p
kernel.sched_domain.cpu3.domain0.wake_idx = 0
0 S& e8 J6 y6 p$ i7 Q7 ^( Rkernel.sched_domain.cpu3.domain0.forkexec_idx = 0+ j4 L2 N5 ~+ I
kernel.sched_domain.cpu3.domain0.busy_factor = 64* l( ^( J d/ f" ~9 W" B" t$ p
kernel.sched_domain.cpu3.domain0.imbalance_pct = 125
% w. H- [- G' x. O" a% |) \: w% okernel.sched_domain.cpu3.domain0.cache_nice_tries = 1
P" }0 x; Q$ b% _: f& f7 zkernel.sched_domain.cpu3.domain0.flags = 4143
. o3 ~, t" _4 A; b' I+ B" Dkernel.sched_domain.cpu3.domain0.name = CPU+ h7 @1 S3 T0 b( R# T6 J
kernel.vsyscall64 = 1( z$ f! O2 s8 \) A* r% j6 I
kernel.ostype = Linux
+ T8 @" K3 u6 l& \kernel.osrelease = 2.6.32-504.el6.x86_648 }" h' _% c% `6 v0 [# E
kernel.version = #1 SMP Wed Oct 15 04:27:16 UTC 2014) ]7 d4 z& N( H7 p8 I2 A W7 p
kernel.hostname = xapi.128.com# ?% G5 }% r3 p5 D$ J# f9 }
kernel.domainname = (none)
' H+ a* h3 U0 o" G% x) Ekernel.pty.max = 40966 ]) J6 Z1 G$ [/ Y" M+ y3 O0 \" ~
kernel.pty.nr = 1
# A3 {+ o* r% m. j6 w: Lkernel.shmmax = 68719476736
/ Y- N8 ]* }1 Y3 D& Z8 pkernel.shmall = 4294967296" t+ H0 H3 |. j2 R
kernel.shmmni = 4096
+ p/ ^9 e+ ?; z1 ^% |kernel.shm_rmid_forced = 0
% K, m2 J/ d5 fkernel.msgmax = 65536
, c( j1 }+ K9 G, w: Bkernel.msgmni = 76272 a1 a3 k( Q0 y& r% K8 H
kernel.msgmnb = 655360 V! A5 m7 E- s' Z1 c
kernel.sem = 250 32000 32 128. m+ u p7 s9 A8 b4 r
kernel.auto_msgmni = 14 G: a) X. `9 r
vm.overcommit_memory = 0
, H8 d% W! F, bvm.panic_on_oom = 0 f" P& w1 N* z3 H2 x- e4 \7 A
vm.oom_kill_allocating_task = 0! s# q$ m/ l7 q2 Q
vm.extfrag_threshold = 500
! {% [) W: S) C; B3 t% x: D0 Pvm.oom_dump_tasks = 1
( u4 F! e& I B/ d7 @vm.would_have_oomkilled = 0
7 q8 o) W, q9 Ovm.overcommit_ratio = 507 ], s' d; v- }) J! ]
vm.overcommit_kbytes = 0
" j$ j7 q9 K- W& ]0 Nvm.page-cluster = 3/ b' ]3 S# ^9 B! P
vm.dirty_background_ratio = 10
]; F0 H# G4 r" Dvm.dirty_background_bytes = 0
; b2 W7 e9 s; \7 R; dvm.dirty_ratio = 20
3 m+ b; L4 T' \$ vvm.dirty_bytes = 0
7 z# X9 w! ?5 ivm.dirty_writeback_centisecs = 500. R! h" G8 x( s; Q
vm.dirty_expire_centisecs = 3000. b8 a5 @, l9 i* ?
vm.nr_pdflush_threads = 0
( S* @' ?! i% ]vm.swappiness = 60
9 Z* n' Q. h& Pvm.nr_hugepages = 0
" {/ F W' ~; L( n+ _8 d) L( Lvm.nr_hugepages_mempolicy = 0/ M+ z1 N" d2 ~- P8 o
vm.hugetlb_shm_group = 03 h, `2 V! Y- F0 N
vm.hugepages_treat_as_movable = 00 @1 I! w" F$ J3 g/ x) i
vm.nr_overcommit_hugepages = 0
: Z; @/ \' C5 N* e4 A! ~4 uvm.lowmem_reserve_ratio = 256 256 32
8 u1 |' m( n7 \! R( Kvm.drop_caches = 0
, H; o7 e* \5 vvm.min_free_kbytes = 67584( ?9 h1 C1 d* v5 W4 J
vm.extra_free_kbytes = 0# t6 _$ {: H# N6 @
vm.unmap_area_factor = 0
) ]; t C% m, K% N: Cvm.meminfo_legacy_layout = 13 j- ]" G0 O) G! b2 G
vm.percpu_pagelist_fraction = 06 b6 {; ^8 V/ a" F
vm.max_map_count = 65530
+ ~5 M# V8 Z# F; ^ _. yvm.laptop_mode = 0, @6 q# q8 j H6 y
vm.block_dump = 0
+ C. f5 T7 |! B/ b8 ovm.vfs_cache_pressure = 100
% M9 }2 Z+ b( ~8 o3 \# l8 F7 ~vm.legacy_va_layout = 0
* e+ |3 k" B+ H! c1 L; o( E% j3 t/ ?vm.zone_reclaim_mode = 0$ c; X5 n" m, P
vm.min_unmapped_ratio = 10 ?4 a8 O% l) s$ O+ _; e$ E
vm.min_slab_ratio = 5
" _' z; ?4 v/ B" Q: T- Pvm.stat_interval = 14 Y6 V! G5 Z- s4 Q" H
vm.mmap_min_addr = 4096
. A4 F! g3 ]# _( D8 ~. O- N/ vvm.numa_zonelist_order = default4 Z x# R- {' d9 Q5 r
vm.scan_unevictable_pages = 0
" m9 V/ M4 I1 [! b# {. X: cvm.memory_failure_early_kill = 0
. |7 i l" @$ f. M- \" t- evm.memory_failure_recovery = 1
4 u$ D( _7 \ W' y4 ~fs.inode-nr = 14659 243
, }; P& K- w% u: N/ lfs.inode-state = 14659 243 0 0 0 0 0
* H8 u' G ?% Ffs.file-nr = 1216 0 385492
/ K! A) {. d2 a5 i
0 ?' W# K) ^. i' }" T/ F, ?# a#【nginx】这个参数表示系统(所有)可以同时打开的最大句柄数,这个参数直接限制最大并发连接数,需根据实际情况配置。wd=811515; A6 _0 v1 v6 `7 z* ]
# file-max与ulimit的区别
; c3 f7 y, }3 c' Lfs.file-max = 385492
5 V0 d- r- e/ K* v) X2 S: a) M1 h o) X! Z* h. c7 X
fs.nr_open = 1048576
' t! }4 u) c+ m" B6 |fs.dentry-state = 15088 6375 45 0 0 0
3 H ^; K L! E. S! Vfs.overflowuid = 65534
9 ^4 z4 Z# o3 _; n; o7 [fs.overflowgid = 65534
( N' z0 s$ [! t; Y0 _fs.leases-enable = 1 q" C( f$ X" F: R$ e
fs.dir-notify-enable = 18 ?1 G9 ]- T$ Z8 V
fs.lease-break-time = 45
& M5 {9 _8 N( e6 z1 d: r0 Z) nfs.aio-nr = 0- T2 |5 }/ F* g* \& T V
fs.aio-max-nr = 65536
- l$ q4 N. _, G% Gfs.inotify.max_user_instances = 128
! n4 R* V( N+ i% \5 Zfs.inotify.max_user_watches = 8192
]% ?5 g1 n& G6 d$ g0 c! Rfs.inotify.max_queued_events = 16384# k+ |# Y/ T: a0 _- q
fs.epoll.max_user_watches = 795852
; B d5 g+ Q2 r, C: ^9 L4 Mfs.suid_dumpable = 0
3 @( i% ?! }8 ^# Rfs.binfmt_misc.status = enabled* H: N% p$ l" @' A" C" l' Y/ ~: J) l
fs.quota.lookups = 0, `# u) _+ A0 _& _. {: E# J
fs.quota.drops = 0% t5 c7 ]8 T) @; r
fs.quota.reads = 0
8 z7 W# A: O6 K f( Dfs.quota.writes = 0
$ R0 k7 u* }7 J, Nfs.quota.cache_hits = 0: ~! ~ G( ^7 ]7 q/ _ r
fs.quota.allocated_dquots = 0
. O: r( E: z$ ]; [7 Kfs.quota.free_dquots = 0
# u7 z* [9 o* g& w& o, ^, _0 Ffs.quota.syncs = 4. Y3 b) o$ M8 K9 @
fs.quota.warnings = 1+ T. S0 g: m; N1 [- P$ T
fs.mqueue.queues_max = 256
+ N5 w# W, P9 K# R. qfs.mqueue.msg_max = 10
3 D \; y o( B; f* B, d) B( @fs.mqueue.msgsize_max = 8192
4 M! ~2 n' A$ s& S+ |fs.mqueue.msg_default = 10
" M, `0 U6 h; n. j/ j0 l4 n T2 ofs.mqueue.msgsize_default = 8192
' K2 O6 E h9 `% H3 o7 p# k. Vdebug.exception-trace = 1! b t. @. q# w' ]# f* v. F
debug.kprobes-optimization = 1
% Z- {8 O; e5 E$ Vdev.scsi.logging_level = 0
* o$ [0 a# m/ J( [7 _' kdev.raid.speed_limit_min = 1000
, P# d2 {- z# L7 d2 Kdev.raid.speed_limit_max = 200000. B2 ~( z9 R- \8 j! a6 b
dev.hpet.max-user-freq = 648 ^7 N! O- c/ w/ e1 ?
dev.mac_hid.mouse_button_emulation = 0
5 ?2 r+ i- t& m" Sdev.mac_hid.mouse_button2_keycode = 97$ M: ^' d. P, @0 k
dev.mac_hid.mouse_button3_keycode = 1006 ]/ L: h p* L" x8 j
dev.cdrom.info = CD-ROM information, Id: cdrom.c 3.20 2003/12/17; H2 T0 b4 I' O# L4 {+ a6 p
dev.cdrom.info =+ R( g6 r( z, x9 b& \
dev.cdrom.info = drive name: sr0
, B1 o, X8 D. c, L% z& n( _4 x: m4 fdev.cdrom.info = drive speed: 306
6 W( ^0 [4 F8 [2 g/ Pdev.cdrom.info = drive # of slots: 11 ]+ u5 `' Y3 [6 H. r
dev.cdrom.info = Can close tray: 15 P( S: ^# E% b. P: i* e8 q
dev.cdrom.info = Can open tray: 1' L: n% ^* B3 j k* N' z2 r
dev.cdrom.info = Can lock tray: 1# u! ~, A; o) W( B A2 D7 M
dev.cdrom.info = Can change speed: 11 p1 R' t7 H& a; ^/ [ n/ _3 z. F& ~
dev.cdrom.info = Can select disk: 0. k( B1 b3 m! q7 [3 i! {
dev.cdrom.info = Can read multisession: 18 {9 n6 H6 ^# w% V
dev.cdrom.info = Can read MCN: 1- T3 l% l# S& I" P& h1 t
dev.cdrom.info = Reports media changed: 1% ]4 g( u0 g) m7 P5 W3 M
dev.cdrom.info = Can play audio: 1' d7 i- h7 b; B
dev.cdrom.info = Can write CD-R: 0
& e: w; [* M2 d, _; jdev.cdrom.info = Can write CD-RW: 0! |& p! s8 s7 d$ _- G# h# i3 L* l
dev.cdrom.info = Can read DVD: 1
3 d. ^+ _/ i) ], {( R/ P& K# Z$ zdev.cdrom.info = Can write DVD-R: 0
$ N9 }% y1 k& w* {dev.cdrom.info = Can write DVD-RAM: 0
5 m* ?9 S0 A' ^- M" M. s$ C& xdev.cdrom.info = Can read MRW: 16 ~3 i4 _3 j# P4 h- A) E
dev.cdrom.info = Can write MRW: 1
3 Z8 L+ L; R6 @7 z' J1 E$ [dev.cdrom.info = Can write RAM: 1" v$ q1 |( W9 J4 _' t) b( H' j
dev.cdrom.info =# M T* m: m4 t/ K
dev.cdrom.info =
* D& n$ _- q- \7 x: E, Edev.cdrom.autoclose = 1& j- t8 s4 ~1 R- u
dev.cdrom.autoeject = 0+ \4 w! q/ x/ B8 L \
dev.cdrom.debug = 0( c% E* \. Y' V
dev.cdrom.lock = 1
7 W& V$ i7 C, M1 u2 a7 p; i0 Idev.cdrom.check_media = 0" S5 v% ?1 H3 _: F& ]" h. T
net.netfilter.nf_log.0 = NONE7 A. i- W" L* s. g$ s9 q
net.netfilter.nf_log.1 = NONE: U0 P! T2 k8 z3 y5 f" Z( F
net.netfilter.nf_log.2 = NONE, _1 ]7 ]" D! w ^
net.netfilter.nf_log.3 = NONE" n, C: Z3 b' d- _0 x6 d
net.netfilter.nf_log.4 = NONE5 o @6 _0 [ f1 S+ L
net.netfilter.nf_log.5 = NONE8 h2 Q2 B% X) v
net.netfilter.nf_log.6 = NONE
! R2 ^9 Q2 i8 S# _) Mnet.netfilter.nf_log.7 = NONE
$ U4 a2 W0 T* S2 B) _net.netfilter.nf_log.8 = NONE/ \" ^7 m7 j$ d
net.netfilter.nf_log.9 = NONE0 T* i( a5 g) u: [1 q! }
net.netfilter.nf_log.10 = NONE
. |% f& J: H6 S( Ynet.netfilter.nf_log.11 = NONE' Z' t0 p |! L
net.netfilter.nf_log.12 = NONE* p3 E7 S* L& R. u8 C
net.netfilter.nf_conntrack_generic_timeout = 6004 n0 d4 b l& q/ ` A5 n& n. `$ f
net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 120: H3 k, d0 N5 E: q+ r
net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 609 c( S l. _$ @7 r* G' e! T$ ~- z
net.netfilter.nf_conntrack_tcp_timeout_established = 432000
- N, g5 r: f! }4 w& I! Xnet.netfilter.nf_conntrack_tcp_timeout_fin_wait = 1207 M: P( H- b% N# S# `
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
+ p: H; i3 }7 y! onet.netfilter.nf_conntrack_tcp_timeout_last_ack = 30
. T% p* d& f3 y8 ]- C1 Nnet.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
5 G6 a9 k2 ~. z& Qnet.netfilter.nf_conntrack_tcp_timeout_close = 10
( r t1 `. ?( F+ K/ Fnet.netfilter.nf_conntrack_tcp_timeout_max_retrans = 300. e+ b, s8 r: O1 k0 b6 ~! c8 [
net.netfilter.nf_conntrack_tcp_timeout_unacknowledged = 300
+ D8 B" B. v! A/ ^) k# xnet.netfilter.nf_conntrack_tcp_loose = 1
# `" x4 E% O/ t: C6 ~( Bnet.netfilter.nf_conntrack_tcp_be_liberal = 0% H a/ D g) Z1 T) R% A
net.netfilter.nf_conntrack_tcp_max_retrans = 3
' B, c0 Q7 a% J/ @net.netfilter.nf_conntrack_udp_timeout = 30' |8 Z/ p, g8 \. G" I# n; t
net.netfilter.nf_conntrack_udp_timeout_stream = 180# |. k+ d3 j0 L
net.netfilter.nf_conntrack_icmpv6_timeout = 30
1 I1 F' |, W& ~/ Wnet.netfilter.nf_conntrack_acct = 0
( G" F; N2 F! N$ E( Vnet.netfilter.nf_conntrack_events = 14 K8 j6 s% [) s8 p: w# `
net.netfilter.nf_conntrack_events_retry_timeout = 15
/ E3 N) H/ V W+ N% knet.netfilter.nf_conntrack_max = 65536
) x! }9 ~% F4 b% G4 M znet.netfilter.nf_conntrack_count = 0
1 h" ?# E9 h: |8 D* s, Vnet.netfilter.nf_conntrack_buckets = 16384; K/ L) F; \2 c1 }5 e
net.netfilter.nf_conntrack_checksum = 14 M' Z4 Y6 w$ T$ v$ i
net.netfilter.nf_conntrack_log_invalid = 0
& S1 J! A" J9 U0 e$ S6 s4 Tnet.netfilter.nf_conntrack_expect_max = 256
" b, N* u$ @/ ]- z% I% J" unet.core.somaxconn = 128( }, f' ]$ E1 c( L; c$ w8 N& W, d
net.core.xfrm_aevent_etime = 10
/ z7 p, I! u+ R) h, F* qnet.core.xfrm_aevent_rseqth = 2" A O' D& A5 A! x, H' B
net.core.xfrm_larval_drop = 1
" t2 a4 S1 J' n" Anet.core.xfrm_acq_expires = 302 A2 u6 o% M5 X6 f2 W
/ d/ O. {& a- S* h
#【nginx】这个参数表示内核套接字发送缓存区的最大大小。
: _, @/ V# y5 f1 k* E6 U5 Y#【nginx】这个参数表示内核套接字接收缓存区的最大大小。/ @- V G; }2 f- i; O2 P
#【nginx】这个参数表示内核套接字发送缓存区默认的大小。- a. R6 C1 N6 ^0 Y7 C( o
#【nginx】这个参数表示内核套接字接收缓存区默认的大小。
; V2 @' H* v1 Z+ c$ V, K( I& Y8 q( J#注意 滑动窗口的大小与套接字缓存区会在一定程度上影响并发连接的数目。每个TCP连接都会为维护TCP滑动窗口而消耗内存,这个窗口会根据服务器的处理速度收缩或扩张。. W/ j$ o4 J1 q, E) p
参数wmem_max的设置,需要平衡物理内存的总大小、Nginx并发处理的最大连接数量(由nginx.conf中的worker_processes和worker_connections参数决定)而确定。当然,如果仅仅为了提高并发量使服务器不出现Out Of Memory问题而去降低滑动窗口大小,那么并不合适,因为滑动窗口过小会影响大数据量的传输速度。rmem_default、wmem_default、rmem_max、wmem_max…
) i& n6 ~' }2 c# u5 U t8 I#参考:可靠传输的实现
8 \# _) W% m. t! t7 Snet.core.wmem_max = 124928 //wd=124928
- N& ? ]5 ]0 V7 b% ~net.core.rmem_max = 124928 //wd=124928% _) H' n" Z5 s7 b8 J0 C2 L
net.core.wmem_default = 124928 //wd=124928
5 m3 w+ H5 @! L+ `. {, C7 Y8 {net.core.rmem_default = 124928//wd=124928% L. @. L; j* l, S5 q( J2 e' z
' t4 M, R5 A0 m0 v$ jnet.core.dev_weight = 64/ |- g( a! _4 l
( V5 J5 B! }% r% ~#【nginx】当网卡接收数据包的速度大于内核处理的速度时,会有一个队列保存这些数据包。这个参数表示该队列的最大值。wd=32768
% t, W" U9 C" W8 c- H8 Cnet.core.netdev_max_backlog = 1000
+ a% b v, s4 k: I) U, Dnet.core.message_cost = 5
& g% X, j2 |2 j7 v u$ |! D' y* Znet.core.message_burst = 10
* |; n3 W1 N2 Q0 W! H7 inet.core.optmem_max = 20480) ]3 a9 Y/ h* ?, \ X
net.core.rps_sock_flow_entries = 0
$ c, v1 W V5 U" p6 xnet.core.busy_poll = 0
9 y/ f/ Q* U1 a1 v8 a; i0 vnet.core.busy_read = 0
+ z8 \" r, @6 Y6 {$ Nnet.core.netdev_budget = 300( w) s$ G) n2 Y O3 {
net.core.warnings = 1
1 u. t3 a9 J3 Unet.ipv4.route.gc_thresh = 131072
/ ~3 Q3 j3 L, c2 f: Qnet.ipv4.route.max_size = 2097152
0 |, s& t' U) q/ w$ q Tnet.ipv4.route.gc_min_interval = 0& v8 a& H* g/ ]- k
net.ipv4.route.gc_min_interval_ms = 500 q& P5 }7 m' O+ H+ x
net.ipv4.route.gc_timeout = 300
( j$ H; x; L; [4 f( W; s4 ?$ [net.ipv4.route.gc_interval = 60: q) G) [! G- F$ m
net.ipv4.route.redirect_load = 20
$ z2 g, Z# N1 Q7 [ d/ P U) M. xnet.ipv4.route.redirect_number = 9
0 Z* n: L( I) Ynet.ipv4.route.redirect_silence = 20480. f( W. Y! }, }2 H( u
net.ipv4.route.error_cost = 1000
( Z, g+ }4 C1 I& l1 F5 h" K: D3 Mnet.ipv4.route.error_burst = 5000
$ E. ]5 h$ \' Knet.ipv4.route.gc_elasticity = 8! x/ T6 X! ]- r/ U4 V
net.ipv4.route.mtu_expires = 6001 Y6 v: {5 m9 u% v" _( N
net.ipv4.route.min_pmtu = 5522 Q! y8 e" k/ _2 @
net.ipv4.route.min_adv_mss = 256* L6 J/ D; l9 ^) G/ u' g0 q- S/ [
net.ipv4.route.secret_interval = 6004 l4 G$ g7 w4 I6 w0 | E
net.ipv4.neigh.default.mcast_solicit = 3# D7 n/ ?& m Z# M. d1 o8 V
net.ipv4.neigh.default.ucast_solicit = 32 i& G7 |$ `) B0 d t, g& h0 S
net.ipv4.neigh.default.app_solicit = 0$ k( |, b! k# Q( a- F, w
net.ipv4.neigh.default.retrans_time = 992 v J9 \1 [3 f0 [
net.ipv4.neigh.default.base_reachable_time = 30
# q& N8 P" T# f" ]net.ipv4.neigh.default.delay_first_probe_time = 5
9 J6 L: P# y) c' k, ?0 J" t8 `0 L% onet.ipv4.neigh.default.gc_stale_time = 60+ x! v) Z/ E! g: r$ J |8 `$ b8 W
net.ipv4.neigh.default.unres_qlen = 3
/ h9 _$ I& s3 ~8 |' ~net.ipv4.neigh.default.proxy_qlen = 64
/ ]$ d' o0 B* @3 o. L7 i0 Snet.ipv4.neigh.default.anycast_delay = 99
_5 x: }( u* C* Unet.ipv4.neigh.default.proxy_delay = 79
5 L5 s# k2 j* g; D1 t8 r. i, Cnet.ipv4.neigh.default.locktime = 99
6 y8 o7 g! w3 ^, z/ R3 d7 snet.ipv4.neigh.default.retrans_time_ms = 1000) a" W4 k9 }! p! u" e& ?, y) e
net.ipv4.neigh.default.base_reachable_time_ms = 30000
* ]) ~' v; h- Hnet.ipv4.neigh.default.gc_interval = 305 u, d- N6 x2 p( M7 Q6 V. f
net.ipv4.neigh.default.gc_thresh1 = 128
' B2 Q1 N4 |1 A$ jnet.ipv4.neigh.default.gc_thresh2 = 512
0 P' |) {' _& H; n9 nnet.ipv4.neigh.default.gc_thresh3 = 1024, R" _; f6 C& \; E$ L. t
net.ipv4.neigh.lo.mcast_solicit = 3
! L7 ~+ \! }9 m. r- p8 p& I \; lnet.ipv4.neigh.lo.ucast_solicit = 3
Z' R( _& s3 p& H9 ~- Onet.ipv4.neigh.lo.app_solicit = 0
% S. y. \8 Q6 v7 O1 V1 Gnet.ipv4.neigh.lo.retrans_time = 99" S8 h7 q5 A" Z! M o6 x4 K- F) f
net.ipv4.neigh.lo.base_reachable_time = 30# I' N. v$ \5 t2 g6 H
net.ipv4.neigh.lo.delay_first_probe_time = 5
9 q8 ^" m6 @" P; J2 Y q- }) m* bnet.ipv4.neigh.lo.gc_stale_time = 60
' e' Y. l* x4 I% k" ]" j' lnet.ipv4.neigh.lo.unres_qlen = 3: F( W4 K8 ]; A
net.ipv4.neigh.lo.proxy_qlen = 648 c8 V# W) ?2 z; q
net.ipv4.neigh.lo.anycast_delay = 99. A6 b5 ^: }1 e( K0 n9 t* R R' }
net.ipv4.neigh.lo.proxy_delay = 795 L/ g, n U0 w l) D1 J
net.ipv4.neigh.lo.locktime = 99: `6 ?: c5 c0 u$ S
net.ipv4.neigh.lo.retrans_time_ms = 1000$ R: w! G3 E l6 X: l2 N2 `
net.ipv4.neigh.lo.base_reachable_time_ms = 30000
" u3 W9 g, A0 m3 j) \net.ipv4.neigh.eth0.mcast_solicit = 3
' g: g4 o9 x1 K ?9 W0 Q+ Rnet.ipv4.neigh.eth0.ucast_solicit = 36 X i. m' s. [( y4 R
net.ipv4.neigh.eth0.app_solicit = 0
/ D- \3 }& `8 t' Y4 s) ?; k7 Knet.ipv4.neigh.eth0.retrans_time = 99
% {) i) D' N6 V B) Bnet.ipv4.neigh.eth0.base_reachable_time = 30" q# L% R& E0 J; e: _; w( \$ @
net.ipv4.neigh.eth0.delay_first_probe_time = 5
" ?8 W- g! S! |3 ~/ h9 @net.ipv4.neigh.eth0.gc_stale_time = 60
1 d. `) Z. A& g- j' u Unet.ipv4.neigh.eth0.unres_qlen = 37 G2 i) T6 I" L( }4 r
net.ipv4.neigh.eth0.proxy_qlen = 643 \" T. S5 _. a u; X
net.ipv4.neigh.eth0.anycast_delay = 99
1 _: S* m0 K% P" ^# i |net.ipv4.neigh.eth0.proxy_delay = 79 p9 |4 f8 y- q- |
net.ipv4.neigh.eth0.locktime = 99
4 c( D; m7 n7 B C0 g/ M+ tnet.ipv4.neigh.eth0.retrans_time_ms = 1000
, P3 p0 a8 ^2 p v( j- {net.ipv4.neigh.eth0.base_reachable_time_ms = 30000
$ G2 _$ \1 J2 ~' t" ?4 s) m& Cnet.ipv4.neigh.pan0.mcast_solicit = 3
2 V. z9 _; m! s: v5 e& c& c+ H- \% `net.ipv4.neigh.pan0.ucast_solicit = 39 H, ^) @: w+ O& L9 m
net.ipv4.neigh.pan0.app_solicit = 0
: N6 I4 ~( D! X. O3 w N$ [net.ipv4.neigh.pan0.retrans_time = 993 v- f2 f$ x$ J3 k
net.ipv4.neigh.pan0.base_reachable_time = 30- w$ P) K( t8 G% [
net.ipv4.neigh.pan0.delay_first_probe_time = 5
" }/ s2 {! W9 anet.ipv4.neigh.pan0.gc_stale_time = 604 c2 a. s$ s9 o
net.ipv4.neigh.pan0.unres_qlen = 36 A( O0 A) i7 D4 D, }* `
net.ipv4.neigh.pan0.proxy_qlen = 64
1 Q Z7 H4 a+ L/ j: znet.ipv4.neigh.pan0.anycast_delay = 99
; p- ?0 S6 w4 T. m) b1 V4 R! O; vnet.ipv4.neigh.pan0.proxy_delay = 79# a0 z) C8 q4 Q+ r
net.ipv4.neigh.pan0.locktime = 99& \$ k/ Z; k! A" ~) Z
net.ipv4.neigh.pan0.retrans_time_ms = 10009 a' ]: _: `% I7 [; g3 n
net.ipv4.neigh.pan0.base_reachable_time_ms = 30000
$ i6 P; E- |0 ?* ^% Znet.ipv4.tcp_timestamps = 1+ o* I# D# u; r, @+ y7 v4 n
net.ipv4.tcp_window_scaling = 1
- ]: F- ^1 T& M% ]6 e$ ynet.ipv4.tcp_sack = 1
3 O7 n/ Z) p) ^3 I2 T* [net.ipv4.tcp_retrans_collapse = 1( p ^ G# a6 D$ R) S4 t, X( ~- L
net.ipv4.ip_default_ttl = 64
G4 A( U" A- _/ h$ T+ Anet.ipv4.ip_no_pmtu_disc = 05 g3 o, {" a' O- t& F/ ]7 P. Q
net.ipv4.ip_nonlocal_bind = 0* L# r8 x: l4 u: D9 i. b' t
net.ipv4.tcp_syn_retries = 5) j7 ^ q& @# v0 ?+ [; g9 s7 l: E
net.ipv4.tcp_synack_retries = 5
, d) f( y+ g+ s7 W3 I) bnet.ipv4.tcp_max_orphans = 262144
( C& b1 w j* H' x/ M( n7 `- A- R* `2 |' C, n
* q& U- F: c; a8 U1 k0 E- n+ f7 z3 L `3 G ?/ i, O I
#【nginx】这个参数表示操作系统允许TIME_WAIT套接字数量的最大值,如果超过这个数字,TIME_WAIT套接字将立刻被清除并打印警告信息。该参数默认为180 000,过多的TIME_WAIT套接字会使Web服务器变慢。wd=10000- k. b8 s, w. p# y8 |* d, u
net.ipv4.tcp_max_tw_buckets = 2621446 ?7 X# W, e" e; u. d" m2 I" s
5 I- K' S# \ j3 D7 Y3 t: cnet.ipv4.ip_dynaddr = 0$ i) z f: l/ B/ ~5 \+ ?1 u2 y
3 Q& p/ }/ p5 y( {7 _0 B$ B#【nginx】这个参数表示当keepalive启用时,TCP发送keepalive消息的频度。默认是2小时,若将其设置得小一些,可以更快地清理无效的连接。单位:秒 默认值:2小时。wd=300
6 ^( a6 m8 i- \) Y0 E" ~8 }net.ipv4.tcp_keepalive_time = 72003 M7 _- X8 M$ A5 Q
/ O# @, o7 G8 Y2 f( Y! J4 B0 g
net.ipv4.tcp_keepalive_probes = 9: W/ F2 s8 c. e5 N3 @2 e
net.ipv4.tcp_keepalive_intvl = 75
u/ o6 P5 V1 gnet.ipv4.tcp_retries1 = 3$ {* F: G& o4 O( p% c, E
net.ipv4.tcp_retries2 = 150 V. v' K# A; `
O! _% o3 V+ X6 G
#【nginx】这个参数表示当服务器主动关闭连接时,socket保持在FIN-WAIT-2状态的最大时间,单位:秒 wd=30
& ?* G- g+ W8 F, U0 i# y# T3 `( y#参考:tcp参数详解之tcp_fin_timeout
/ m3 K" O1 c7 k0 |: n8 h" onet.ipv4.tcp_fin_timeout = 60
5 d2 e) p1 b4 L0 F. k
8 A+ m& E; x1 X; G#【nginx】参数与性能无关,用于解决TCP的SYN攻击。 wd= 15 U1 V/ F* Y6 b: O) ]
net.ipv4.tcp_syncookies = 1
0 r2 j: o& C- M% C8 @
* x5 n5 \: B6 [net.ipv4.tcp_tw_recycle = 0" U. G: g3 ]; h) [) f+ c
net.ipv4.tcp_abort_on_overflow = 0: d- s7 `9 h/ |9 s
net.ipv4.tcp_stdurg = 0
, }& U9 I( h8 z, i: e5 X k6 unet.ipv4.tcp_rfc1337 = 0! i$ W" L( S0 `+ F% S! x
; I9 I5 g; }- b#【nginx】这个参数表示TCP三次握手建立阶段接收SYN请求队列的最大长度,默认为1024,将其设置得大一些可以使出现Nginx繁忙来不及accept新连接的情况时,Linux不至于丢失客户端发起的连接请求,wd=2048
, ] K W8 c) v4 d# J' u& ~$ h4 {- Bnet.ipv4.tcp_max_syn_backlog = 2048* q9 c4 b' S; Q4 m0 ^
1 y' O: |' J5 S- ] ; z, e8 a% ^" J9 ^
- Q7 ]$ [4 d' h6 f a
#【nginx】这个参数定义了在UDP和TCP连接中本地(不包括连接的远端)端口的取值范围。wd = 10240 65535, f: W/ t4 f7 }- Z
net.ipv4.ip_local_port_range = 32768 61000
' p E0 D2 T9 L) U/ ~. R i4 _, `% {4 I" E
; P5 f5 `; J; X8 h5 xnet.ipv4.ip_local_reserved_ports =
Z$ n& P/ a" ?& p2 H: f$ Xnet.ipv4.igmp_max_memberships = 20. Y+ z4 h- p& S3 L, ^- @( ^
net.ipv4.igmp_max_msf = 10
( T3 x0 u$ p/ i" h8 @' R% G3 fnet.ipv4.inet_peer_threshold = 65664
8 @) V: h0 Y P6 c' F2 Mnet.ipv4.inet_peer_minttl = 1208 R$ D5 e1 r4 m& a
net.ipv4.inet_peer_maxttl = 600
C5 s% q4 O; K* u enet.ipv4.inet_peer_gc_mintime = 10- a! T# P- X, ?9 f/ N" D
net.ipv4.inet_peer_gc_maxtime = 1204 ]/ d$ ` f% c+ j7 [! ^, U* Z
net.ipv4.tcp_orphan_retries = 0
3 z* ]% x5 v; |2 @7 dnet.ipv4.tcp_fack = 1% m+ ^. u1 u6 {1 P* l- l5 \ g
net.ipv4.tcp_reordering = 3: C( u9 d. D7 ]: k8 D8 @0 @
net.ipv4.tcp_ecn = 2' T4 b5 B5 Y; a. q3 G8 r
net.ipv4.tcp_dsack = 1
3 c$ \: r, C2 G4 f+ Qnet.ipv4.tcp_mem = 364224 485632 728448, ^) R P* N6 f
3 d5 s) b1 u9 J' {3 H3 a% m$ @! `#【nginx】这个参数定义了TCP发送缓存(用于TCP发送滑动窗口)的最小值、默认值、最大值。wd=4096 87380 4194304* {+ @3 _; n& N3 h/ N
net.ipv4.tcp_wmem = 4096 16384 4194304; `4 U' k! P+ {* H! ^+ F0 Q
- ?) |5 @7 ~0 R' F" k& v( h" I
#【nginx】这个参数定义了TCP接收缓存(用于TCP接收滑动窗口)的最小值、默认值、最大值。wd=4096 87380 4194304
) A" H! _3 ], T9 knet.ipv4.tcp_rmem = 4096 87380 4194304
1 H# w4 K. i+ U% @/ \/ ?$ H) [. } E! b+ Z
net.ipv4.tcp_app_win = 311 m4 R9 F* f( Y. ^
net.ipv4.tcp_adv_win_scale = 2" W9 [* X7 r, f4 t$ e
5 Q+ k& x' ]2 w2 W#【nginx】tw是time wait的简称,表示允许将time-wait状态的socket重新用于新的tcp连接,这对于服务器来说很有意义,因为服务器上总会有大量的time-wait状态的连接。wd=1" |5 e- r7 x# ~( B. ^
net.ipv4.tcp_tw_reuse = 02 P9 b. b2 @3 p y) q3 K- Z
- J6 `9 g- @+ M5 m$ p
net.ipv4.tcp_frto = 2/ Z2 @+ I, u; k3 e
net.ipv4.tcp_frto_response = 06 f0 j( _1 Q Y/ O4 C B' }3 H
net.ipv4.tcp_low_latency = 0" `; \- S- X2 x& b2 k
net.ipv4.tcp_no_metrics_save = 0* H" v9 O/ Y4 V- s
net.ipv4.tcp_moderate_rcvbuf = 1
9 r& J- n+ h' M( L) L% ~net.ipv4.tcp_tso_win_divisor = 36 E( H3 N5 u9 L e
net.ipv4.tcp_congestion_control = cubic4 @. I, N6 W% K# N, T" k
net.ipv4.tcp_abc = 0* D0 e. H/ T& D5 I0 c9 z4 T5 v. B
net.ipv4.tcp_mtu_probing = 0
+ J- o/ n) m! X& @3 cnet.ipv4.tcp_base_mss = 512% \) M9 ]6 X7 u: G- F
net.ipv4.tcp_workaround_signed_windows = 0
, e! `! M2 a. Unet.ipv4.tcp_challenge_ack_limit = 100. z7 @/ i( K+ z2 X8 h# X/ g5 t
net.ipv4.tcp_limit_output_bytes = 131072" }% t9 |" k3 q
net.ipv4.tcp_dma_copybreak = 4096 A! U& _, I) P7 f
net.ipv4.tcp_slow_start_after_idle = 1* Q5 X; p' @# t) r
net.ipv4.cipso_cache_enable = 1
1 v3 T+ o1 F' E5 x) U! s1 snet.ipv4.cipso_cache_bucket_size = 10: _! p' Y( E6 S/ z* ^
net.ipv4.cipso_rbm_optfmt = 0) \ F* n0 D; ^ |& k1 E
net.ipv4.cipso_rbm_strictvalid = 1
% C) @0 Y9 n0 F8 Qnet.ipv4.tcp_available_congestion_control = cubic reno
9 u3 n7 @3 O5 V3 tnet.ipv4.tcp_allowed_congestion_control = cubic reno0 ]. ^' k' D+ V/ N' j# Z
net.ipv4.tcp_max_ssthresh = 0
( y, o i1 w0 x0 o9 v& d7 r& W1 M2 xnet.ipv4.tcp_thin_linear_timeouts = 0
u1 _0 z. v$ ^5 w! x0 vnet.ipv4.tcp_thin_dupack = 0% E. z: c' H1 E/ \/ L+ ]
net.ipv4.tcp_min_tso_segs = 2
, V5 s6 X0 j+ ~, k) _2 ~net.ipv4.udp_mem = 364224 485632 728448
) Z8 r4 c2 x9 X: pnet.ipv4.udp_rmem_min = 4096
5 l& [2 q& Z3 Bnet.ipv4.udp_wmem_min = 4096
7 q1 ^: _1 o6 B6 D1 |net.ipv4.conf.all.forwarding = 0
7 Q0 f+ p3 Q: ?! p" u$ Fnet.ipv4.conf.all.mc_forwarding = 0
5 a2 `% R; v7 d: R: n0 b/ q$ Snet.ipv4.conf.all.accept_redirects = 1
7 h& g7 E9 k! `& l! V6 M! T& H* Mnet.ipv4.conf.all.secure_redirects = 1
1 |2 q7 i3 [. I! m- q0 |. `net.ipv4.conf.all.shared_media = 1
5 h" ?" p [2 y3 L# dnet.ipv4.conf.all.rp_filter = 0- K1 ?" B# d% |8 B8 a
net.ipv4.conf.all.send_redirects = 1
, P2 m: v# v, L" i Y/ ^) znet.ipv4.conf.all.accept_source_route = 0
" k$ d4 f/ b8 P- n/ Ynet.ipv4.conf.all.src_valid_mark = 0
8 \) B- ?1 C5 z" Z! [net.ipv4.conf.all.proxy_arp = 0' C% J# ^# {1 I: \* ]7 F
net.ipv4.conf.all.medium_id = 0
9 |& d/ t; P# T: l( ^8 Unet.ipv4.conf.all.bootp_relay = 0
, O3 k4 ~$ K( B3 Q# }! |7 Tnet.ipv4.conf.all.log_martians = 0
4 h/ D6 s8 F8 C1 onet.ipv4.conf.all.tag = 0
' i& Y, Z- T; C* Y5 s; p3 Znet.ipv4.conf.all.arp_filter = 0" I/ R) D: w6 q! H
net.ipv4.conf.all.arp_announce = 09 P! _- Y& @* v* |
net.ipv4.conf.all.arp_ignore = 0
2 A; E. @3 R. Y& @+ d" Z7 Z" Inet.ipv4.conf.all.arp_accept = 0
! N( s! R! Q) A- c* Jnet.ipv4.conf.all.arp_notify = 02 n2 _3 l w- r2 p4 J/ l# i Y
net.ipv4.conf.all.proxy_arp_pvlan = 05 ^. @$ l7 ]! W4 X) v& B" A4 ^9 K3 e
net.ipv4.conf.all.disable_xfrm = 0. X" b) p3 {; L6 k+ A7 a3 k) s* c
net.ipv4.conf.all.disable_policy = 0
5 A) i4 e" ^) O Qnet.ipv4.conf.all.force_igmp_version = 0& C# D- w0 l) G2 D9 L1 [
net.ipv4.conf.all.promote_secondaries = 0* F. K2 \( g& i: N
net.ipv4.conf.all.accept_local = 07 Z$ C3 |! P0 L; g
net.ipv4.conf.all.route_localnet = 0
" x8 Y$ b Z) N# e: qnet.ipv4.conf.default.forwarding = 0
% T0 ?: O* R) qnet.ipv4.conf.default.mc_forwarding = 0
. P# o- g6 s: c3 w- {* m1 x4 hnet.ipv4.conf.default.accept_redirects = 1
A" A! S! f; Fnet.ipv4.conf.default.secure_redirects = 1) R5 `% R3 q' C
net.ipv4.conf.default.shared_media = 18 {7 \: V1 c$ q6 y# l, A, C4 d2 d
net.ipv4.conf.default.rp_filter = 1$ b0 x a+ q5 S' L3 D
net.ipv4.conf.default.send_redirects = 1* y; P! Z( w$ X! Y9 D! D+ ]- T
net.ipv4.conf.default.accept_source_route = 0
" W$ O5 P5 S. [, W' \net.ipv4.conf.default.src_valid_mark = 0. q( E; Z7 n: w [* i
net.ipv4.conf.default.proxy_arp = 0
8 `, d- }- Q: e% I% l) Lnet.ipv4.conf.default.medium_id = 0
% L7 |1 x4 x$ x9 B- f. ^; D2 m% Pnet.ipv4.conf.default.bootp_relay = 0. i- U# n8 k( H; h0 j' i5 \
net.ipv4.conf.default.log_martians = 0: M, B3 g6 q3 t* ^7 y; I7 I
net.ipv4.conf.default.tag = 0
5 J0 v9 t) K9 }* @. G3 X* g) vnet.ipv4.conf.default.arp_filter = 03 o$ M$ k6 n$ W: y, e
net.ipv4.conf.default.arp_announce = 0
; {% ?$ m7 j7 C# Xnet.ipv4.conf.default.arp_ignore = 0' K9 V* P* z! P m4 ^: Z- ~" s3 c
net.ipv4.conf.default.arp_accept = 0# z3 P3 h: Q2 n( E
net.ipv4.conf.default.arp_notify = 0; t. B& a; j @6 C/ d
net.ipv4.conf.default.proxy_arp_pvlan = 0; ]2 i7 h/ t {( L1 H
net.ipv4.conf.default.disable_xfrm = 0
' a4 I8 l% s0 X4 P% s5 H! x( Gnet.ipv4.conf.default.disable_policy = 0( V: T4 t" a$ G1 z2 s$ ~
net.ipv4.conf.default.force_igmp_version = 0
; z; @ e# `% h3 `# Mnet.ipv4.conf.default.promote_secondaries = 0
- G( s( F" V0 l, ?$ wnet.ipv4.conf.default.accept_local = 0
; C, L \- Q6 C3 C% r% j [net.ipv4.conf.default.route_localnet = 0
$ m0 b5 a" A- ?; Z7 R, [net.ipv4.conf.lo.forwarding = 07 z& c( }& t3 f! V- |
net.ipv4.conf.lo.mc_forwarding = 0
6 r2 s# |- A6 ?1 |. t: Enet.ipv4.conf.lo.accept_redirects = 1
8 \( o6 W' `4 M% K. F8 Ynet.ipv4.conf.lo.secure_redirects = 1
+ [9 n& _4 H' Y- \! M/ o4 J+ j/ e' rnet.ipv4.conf.lo.shared_media = 1
0 ^/ ?5 |+ n% ^: n+ Dnet.ipv4.conf.lo.rp_filter = 1
8 x" m: M- X3 z. ^net.ipv4.conf.lo.send_redirects = 1) V" Q! B( u5 T$ J8 S: J. Y
net.ipv4.conf.lo.accept_source_route = 0; N; m7 \" p) s& [; S& `/ z V
net.ipv4.conf.lo.src_valid_mark = 02 p; W ^4 O' g$ H- g" Q* S% \
net.ipv4.conf.lo.proxy_arp = 0
5 }' ~5 @: l3 R3 Q6 i' ~% Rnet.ipv4.conf.lo.medium_id = 0
8 l- k2 F3 g1 M' C2 `- F2 b3 Cnet.ipv4.conf.lo.bootp_relay = 0
& E2 q* _: s$ w ?5 h0 Jnet.ipv4.conf.lo.log_martians = 0
+ F0 A% N$ X# |' ?8 Nnet.ipv4.conf.lo.tag = 0& \ h: j- B3 D; C* R) c. h$ F4 z
net.ipv4.conf.lo.arp_filter = 0
$ b: E9 z/ B% D- r, A# Unet.ipv4.conf.lo.arp_announce = 0( a7 P6 ]3 G' Q$ I- i- M, h; F& F a
net.ipv4.conf.lo.arp_ignore = 0$ c/ I* h; k" Y
net.ipv4.conf.lo.arp_accept = 05 f3 o6 i0 U9 \( Q4 p; R, c' D
net.ipv4.conf.lo.arp_notify = 06 _: ^: T: B+ r" q+ |4 z6 C
net.ipv4.conf.lo.proxy_arp_pvlan = 0" [( [& H* R3 `& z; ~; V
net.ipv4.conf.lo.disable_xfrm = 1
2 j8 R8 J& e& Ynet.ipv4.conf.lo.disable_policy = 1
. E* _5 Y$ J1 E% G4 Dnet.ipv4.conf.lo.force_igmp_version = 0' J: Y8 X: c: ^2 S* B, Q7 T
net.ipv4.conf.lo.promote_secondaries = 0# O2 R. r0 ?. r: b) g4 P. j
net.ipv4.conf.lo.accept_local = 0. j, i( N9 X$ K& u7 E" i; K
net.ipv4.conf.lo.route_localnet = 0
. z I8 b& d* v! y4 W8 bnet.ipv4.conf.eth0.forwarding = 00 ?" ]9 L# n8 f" B; r; o+ R
net.ipv4.conf.eth0.mc_forwarding = 0
+ s/ x8 y* O# q+ W# o* h$ rnet.ipv4.conf.eth0.accept_redirects = 1: R1 |" `; X+ J% o! q
net.ipv4.conf.eth0.secure_redirects = 1- z) `/ l+ D( R W5 O/ t' _0 f
net.ipv4.conf.eth0.shared_media = 16 G( u$ A* ~. U/ F; t) j) W: F. E. e
net.ipv4.conf.eth0.rp_filter = 1# e+ b- _' F6 e1 N( S1 b
net.ipv4.conf.eth0.send_redirects = 1
" P- a; A' [1 D& T8 Knet.ipv4.conf.eth0.accept_source_route = 0+ F( X7 @% w7 a0 S. ^
net.ipv4.conf.eth0.src_valid_mark = 0
1 h6 `. g2 j4 Z: p% g, v& vnet.ipv4.conf.eth0.proxy_arp = 04 ^0 y1 M5 |$ v- s+ [! s, |4 U. X
net.ipv4.conf.eth0.medium_id = 0& Z1 A# J" r" [- s+ l
net.ipv4.conf.eth0.bootp_relay = 0& I' d1 i1 M0 x5 ?
net.ipv4.conf.eth0.log_martians = 0
% |( I! k7 L Z7 jnet.ipv4.conf.eth0.tag = 0% [8 K, ?2 C D
net.ipv4.conf.eth0.arp_filter = 0+ E9 X# u! \7 q5 J/ |
net.ipv4.conf.eth0.arp_announce = 0( b0 i, o2 P% m$ p
net.ipv4.conf.eth0.arp_ignore = 0
5 A! L! b! s8 ? F: l* w; pnet.ipv4.conf.eth0.arp_accept = 01 W; U6 ?+ {$ P* a) p* O! J& l8 X
net.ipv4.conf.eth0.arp_notify = 03 z' a3 @5 I- e/ ]: [5 @
net.ipv4.conf.eth0.proxy_arp_pvlan = 0
. q" b7 G1 y* R& P7 Pnet.ipv4.conf.eth0.disable_xfrm = 0
% _" M" ?0 z, w9 cnet.ipv4.conf.eth0.disable_policy = 0
2 b: T! n% }7 u! \net.ipv4.conf.eth0.force_igmp_version = 0* w$ n5 [* g9 R' E& f$ Y
net.ipv4.conf.eth0.promote_secondaries = 0; R/ }/ r4 w3 E4 ~
net.ipv4.conf.eth0.accept_local = 0
* E. a0 K7 J1 Znet.ipv4.conf.eth0.route_localnet = 0. g5 F9 e4 X# r& ?. v
net.ipv4.conf.pan0.forwarding = 04 I h; } q7 k* K( n1 [! ?; r
net.ipv4.conf.pan0.mc_forwarding = 0
3 L; q" f' S+ z& T# p: {net.ipv4.conf.pan0.accept_redirects = 1
3 z# f9 I! k4 G3 B& qnet.ipv4.conf.pan0.secure_redirects = 1
/ Q& E; c- r# I, s2 ?4 c! anet.ipv4.conf.pan0.shared_media = 1
0 H6 o1 ~6 ~# [- ~" a$ g- t( [net.ipv4.conf.pan0.rp_filter = 1" d( w5 Z( D( D4 v8 v) Q
net.ipv4.conf.pan0.send_redirects = 1! _* i% i0 r& C+ J
net.ipv4.conf.pan0.accept_source_route = 0" L' g- y% `* q6 b0 P% x, Q' m
net.ipv4.conf.pan0.src_valid_mark = 0
1 v" k) G; l4 K3 V" [8 o' ?net.ipv4.conf.pan0.proxy_arp = 0- C7 u: K1 w0 G0 d
net.ipv4.conf.pan0.medium_id = 0' D6 B! ~& f9 |+ Q9 j
net.ipv4.conf.pan0.bootp_relay = 0: s/ Z5 n" e" [6 G) Y" |
net.ipv4.conf.pan0.log_martians = 07 M3 y3 G" x' |6 o! R
net.ipv4.conf.pan0.tag = 0- L4 k. R& D' D; r `. z w" v
net.ipv4.conf.pan0.arp_filter = 0
; F/ \( Q% q l6 |) ?) ~6 x: knet.ipv4.conf.pan0.arp_announce = 0
6 h8 v8 W+ m3 r. o% K) Jnet.ipv4.conf.pan0.arp_ignore = 0
+ i4 f' _3 v. W, F4 tnet.ipv4.conf.pan0.arp_accept = 0
+ V% |6 q# R" r9 n- a9 N( `net.ipv4.conf.pan0.arp_notify = 0
9 v/ p$ F; d6 A% nnet.ipv4.conf.pan0.proxy_arp_pvlan = 0
0 u7 G! Z' H! O" b- @net.ipv4.conf.pan0.disable_xfrm = 0
! \5 R- \ O8 C' W. _1 unet.ipv4.conf.pan0.disable_policy = 0# |3 q8 t& I( P' z
net.ipv4.conf.pan0.force_igmp_version = 06 ~6 P% p+ T4 h% R0 f+ Y0 |
net.ipv4.conf.pan0.promote_secondaries = 04 e4 l7 p# Q$ f7 n/ p. |6 {9 V& f# a
net.ipv4.conf.pan0.accept_local = 0
- U4 ^2 P% E: d/ [: {net.ipv4.conf.pan0.route_localnet = 0/ s& T' Y/ e U& v; v X
3 ] P) T6 I; p) l% R#是否开启ip转发功能,设置为路由服务器,必需开启此项
3 _) b( i. a! S& _# tnet.ipv4.ip_forward = 0
w# |: s% c% e6 G# Inet.ipv4.xfrm4_gc_thresh = 1048576/ |+ }% g2 ]5 P& M
net.ipv4.ipfrag_high_thresh = 41943040 R2 G, n5 @+ J0 q; t( M. m
net.ipv4.ipfrag_low_thresh = 3145728
5 W: u% ]& t" m8 `! y# y& r) p& z2 b4 Enet.ipv4.ipfrag_time = 308 E* E; T9 S! d2 ^1 u3 ^( Z8 r
net.ipv4.icmp_echo_ignore_all = 00 _9 Z2 U+ U+ R, c! S. M! k
net.ipv4.icmp_echo_ignore_broadcasts = 1" f7 P' N2 [% H7 [
net.ipv4.icmp_ignore_bogus_error_responses = 1
3 ]& |" `$ L' \net.ipv4.icmp_errors_use_inbound_ifaddr = 0
8 B. M5 a4 S7 U! Z: i0 u v* knet.ipv4.icmp_ratelimit = 1000
3 K1 |& E& j% F" }: w4 g( ~6 S- inet.ipv4.icmp_ratemask = 61683 v/ F6 w7 u) ~8 O n
net.ipv4.rt_cache_rebuild_count = 4
8 p- E( M0 Y. @' S7 Knet.ipv4.ping_group_range = 1 0
x1 w% Q4 I# X. ]net.ipv4.ipfrag_secret_interval = 6002 O; k. R( q& D& j1 H% w$ d
net.ipv4.ipfrag_max_dist = 648 K7 S" ~1 a4 i9 c4 C5 A
net.ipv6.neigh.default.mcast_solicit = 3
( {+ W( y) W o7 t# ]- e( }net.ipv6.neigh.default.ucast_solicit = 3" T$ n/ @; ], m9 ?9 u3 X# d' k( h
net.ipv6.neigh.default.app_solicit = 0* M) L0 o* i) \$ j, p) U. p* f
net.ipv6.neigh.default.delay_first_probe_time = 5
5 j7 j3 Q: M. [# ^ dnet.ipv6.neigh.default.gc_stale_time = 60! [# X/ K- P# H9 C* g
net.ipv6.neigh.default.unres_qlen = 3* E8 f1 n! J* q8 ~# i
net.ipv6.neigh.default.proxy_qlen = 645 B& `; t7 I. U
net.ipv6.neigh.default.anycast_delay = 99, a+ C$ g& ~; `$ Y) O
net.ipv6.neigh.default.proxy_delay = 79
! l( ]; ?2 Q! K, G; v W$ onet.ipv6.neigh.default.locktime = 0
7 Q4 ~# C i' H4 Anet.ipv6.neigh.default.retrans_time_ms = 1000* n y7 ~+ ^) O- m
net.ipv6.neigh.default.base_reachable_time_ms = 30000
) R+ d+ g3 F7 hnet.ipv6.neigh.default.gc_interval = 303 K6 d4 f8 V2 R3 o- p4 G5 T; ~
net.ipv6.neigh.default.gc_thresh1 = 128. ?, z m4 H1 y! [0 K2 u8 f/ b
net.ipv6.neigh.default.gc_thresh2 = 5129 f: U6 a1 ^: ^ a
net.ipv6.neigh.default.gc_thresh3 = 1024
6 t: F: p" t; I) Knet.ipv6.neigh.lo.mcast_solicit = 3$ d( }, g6 T) j* S# l7 V/ C
net.ipv6.neigh.lo.ucast_solicit = 3
" A9 _2 |* Z, j1 F+ |9 |- l/ Znet.ipv6.neigh.lo.app_solicit = 0" C2 `6 D! x2 }" r
net.ipv6.neigh.lo.delay_first_probe_time = 5
N+ Z" f9 t* X* L% K8 _net.ipv6.neigh.lo.gc_stale_time = 60# w! C5 ~3 N6 m$ r+ b) A
net.ipv6.neigh.lo.unres_qlen = 37 s4 Z# Y+ c9 T4 D
net.ipv6.neigh.lo.proxy_qlen = 64
. N! y0 \* P8 N! {. L. unet.ipv6.neigh.lo.anycast_delay = 99# s& g6 C5 z2 L$ H9 X# O2 v& U
net.ipv6.neigh.lo.proxy_delay = 792 y/ M/ T" A9 W1 w0 ~' Q3 V
net.ipv6.neigh.lo.locktime = 0
8 S' G/ Z: l& V5 R8 M$ |: Rnet.ipv6.neigh.lo.retrans_time_ms = 10005 X$ @* w7 p4 h$ A7 L6 `2 w) i! v
net.ipv6.neigh.lo.base_reachable_time_ms = 30000; u+ v: Z- [5 \. _
net.ipv6.neigh.eth0.mcast_solicit = 3. l0 `* e V6 L6 W
net.ipv6.neigh.eth0.ucast_solicit = 3
; o) m" e6 v1 b7 p5 u) @% [net.ipv6.neigh.eth0.app_solicit = 0
6 }( f- T+ T% e/ }- Mnet.ipv6.neigh.eth0.delay_first_probe_time = 5
2 g d) {2 d: J @* B inet.ipv6.neigh.eth0.gc_stale_time = 60$ \! @: k- k& ~
net.ipv6.neigh.eth0.unres_qlen = 3
0 z& W8 y4 _9 o0 w7 P- znet.ipv6.neigh.eth0.proxy_qlen = 64$ r6 O! W+ x7 ~
net.ipv6.neigh.eth0.anycast_delay = 99
( I2 W- n* l7 \$ a! ?5 H5 E& Knet.ipv6.neigh.eth0.proxy_delay = 79
; T X( ^* S$ Q6 f% j% e6 \; O9 ^net.ipv6.neigh.eth0.locktime = 03 e- o( Z5 }& \- Y3 {
net.ipv6.neigh.eth0.retrans_time_ms = 1000 J. I1 J( Y' _1 t, S
net.ipv6.neigh.eth0.base_reachable_time_ms = 30000* c& h; K3 D% b( M8 o7 Z1 c& H
net.ipv6.neigh.pan0.mcast_solicit = 3
; r/ G( V7 G7 @, lnet.ipv6.neigh.pan0.ucast_solicit = 3
2 Q' Z: l$ m; e+ y5 gnet.ipv6.neigh.pan0.app_solicit = 0
' R8 n0 \; L7 k( f0 B3 x/ Lnet.ipv6.neigh.pan0.delay_first_probe_time = 5
; r q8 |$ A( V4 G' I! [- H; V" Tnet.ipv6.neigh.pan0.gc_stale_time = 601 B& J: w' y0 M$ a
net.ipv6.neigh.pan0.unres_qlen = 3
8 V/ t* F+ b6 a5 \6 a- }7 r( enet.ipv6.neigh.pan0.proxy_qlen = 64
t1 }- Z# v w. Hnet.ipv6.neigh.pan0.anycast_delay = 993 f) ` ?/ x7 y
net.ipv6.neigh.pan0.proxy_delay = 797 f4 k/ Y! _6 e7 S' m3 \
net.ipv6.neigh.pan0.locktime = 0/ t$ [+ l0 C# [
net.ipv6.neigh.pan0.retrans_time_ms = 10002 d8 M2 u' p2 W4 r; H; t Q
net.ipv6.neigh.pan0.base_reachable_time_ms = 30000
' R0 T. l4 w0 k: ]5 c- A. ?net.ipv6.xfrm6_gc_thresh = 2048
4 ]# k9 R5 g, c4 Z2 xnet.ipv6.conf.all.forwarding = 0
' W# U% W) B8 h( g y/ Rnet.ipv6.conf.all.hop_limit = 645 y3 J* p1 R: o$ r- r
net.ipv6.conf.all.mtu = 1280, ?$ z& ^2 ~7 v L
net.ipv6.conf.all.accept_ra = 1
{1 p5 s2 k8 V" M. U9 n! anet.ipv6.conf.all.accept_redirects = 1
, L; A6 o+ A. @+ L" E0 g( Bnet.ipv6.conf.all.autoconf = 1' v$ I- b/ o( E/ E) w9 Q
net.ipv6.conf.all.dad_transmits = 1$ \; R/ p# t9 R$ m- _; l
net.ipv6.conf.all.router_solicitations = 35 B4 ?' Q2 |% y8 @
net.ipv6.conf.all.router_solicitation_interval = 4! i0 L1 e: V) e* ?. \. d3 W/ y. C
net.ipv6.conf.all.router_solicitation_delay = 1+ b" t* I, a- a8 J
net.ipv6.conf.all.force_mld_version = 0% m- ]+ S! W) L. s- \
net.ipv6.conf.all.use_tempaddr = 0
# f: S2 v' x8 T3 onet.ipv6.conf.all.temp_valid_lft = 6048000 o+ e7 T9 f7 k1 {# o
net.ipv6.conf.all.temp_prefered_lft = 86400
$ D+ f/ `% u; E) Q4 A* S3 w) F8 Inet.ipv6.conf.all.regen_max_retry = 5 L! f( L8 y, ~& b
net.ipv6.conf.all.max_desync_factor = 600
" \6 F3 M) z) G/ o; Gnet.ipv6.conf.all.max_addresses = 16
) x9 d! D' D, p* J( w& Dnet.ipv6.conf.all.accept_ra_defrtr = 1
' Z# O. [! k! _- U0 Q; v# b: b( @net.ipv6.conf.all.accept_ra_pinfo = 1
+ C5 {* D5 D1 H7 h6 Y0 e7 K: Lnet.ipv6.conf.all.accept_ra_rtr_pref = 1
* v5 l, n5 b# @$ S3 O/ J! Snet.ipv6.conf.all.router_probe_interval = 60
* M9 A" c4 c, F5 C" C8 y; x4 Jnet.ipv6.conf.all.accept_ra_rt_info_max_plen = 0
4 u; L8 c6 Y* T9 onet.ipv6.conf.all.proxy_ndp = 0
1 D V' I* d+ J. Q2 A4 Fnet.ipv6.conf.all.accept_source_route = 05 V* t% f; W7 ]2 v' C% J1 ~! I
net.ipv6.conf.all.optimistic_dad = 0
% D9 U, W) f& }5 E+ rnet.ipv6.conf.all.mc_forwarding = 0
) \2 `; m' R. inet.ipv6.conf.all.disable_ipv6 = 0
: k7 X( L$ n- Z% O& ] snet.ipv6.conf.all.accept_dad = 14 k; x( Y2 O% L; P1 ^9 F6 x6 i6 S p
net.ipv6.conf.default.forwarding = 0% z6 A' [( m. X8 |# L- y4 W5 e
net.ipv6.conf.default.hop_limit = 64
; L' b7 W1 a; Knet.ipv6.conf.default.mtu = 1280
0 s# [$ D0 Z. B, G: K1 z8 S4 @net.ipv6.conf.default.accept_ra = 1
% ?# {' D5 ?/ }( cnet.ipv6.conf.default.accept_redirects = 11 f. `2 J/ n4 v [7 I) {; R( x
net.ipv6.conf.default.autoconf = 1 o3 s4 n+ k% y6 Q1 M; _( W% ~1 N
net.ipv6.conf.default.dad_transmits = 1: _0 p8 _8 |5 u; `- q5 H" _' t
net.ipv6.conf.default.router_solicitations = 3
, U& V- l# L g% k1 H+ |net.ipv6.conf.default.router_solicitation_interval = 4
) C8 o! Q0 g9 B( Q6 R1 a; Rnet.ipv6.conf.default.router_solicitation_delay = 1
% |0 p9 u Z7 | ^net.ipv6.conf.default.force_mld_version = 0
( v' v" y& _& F c& T( ~, Wnet.ipv6.conf.default.use_tempaddr = 0
. g+ V) G* x3 n3 p' N+ fnet.ipv6.conf.default.temp_valid_lft = 604800
& F) r, Y' ^+ nnet.ipv6.conf.default.temp_prefered_lft = 86400
# r$ l& _3 I! {0 _% Snet.ipv6.conf.default.regen_max_retry = 5# z+ P) D+ o: Z& e( e
net.ipv6.conf.default.max_desync_factor = 600
( }" ~* j1 O" t. k/ ^. V; }& Jnet.ipv6.conf.default.max_addresses = 16, Z6 O- a9 S. s) i" N
net.ipv6.conf.default.accept_ra_defrtr = 1" M5 ]7 F7 [0 O5 {+ F
net.ipv6.conf.default.accept_ra_pinfo = 12 `& D; x% w3 `) V1 { | ]
net.ipv6.conf.default.accept_ra_rtr_pref = 1
$ F `* e" s& f" L+ n9 p( D* Anet.ipv6.conf.default.router_probe_interval = 60! x% C* p& T U* m1 i1 G
net.ipv6.conf.default.accept_ra_rt_info_max_plen = 0
) r4 U# l$ r4 Q4 r, S# jnet.ipv6.conf.default.proxy_ndp = 0+ V. X6 _5 W% [4 Z8 E; U
net.ipv6.conf.default.accept_source_route = 0
) M E" |/ B9 N' d6 bnet.ipv6.conf.default.optimistic_dad = 06 v6 J, }1 Z0 W e1 T7 m: i
net.ipv6.conf.default.mc_forwarding = 0, [2 C' I0 m% Z- [1 D
net.ipv6.conf.default.disable_ipv6 = 0) k( k& `1 D( E
net.ipv6.conf.default.accept_dad = 1
; U( x1 Y/ J/ @) ~net.ipv6.conf.lo.forwarding = 0
0 v4 E% @5 `4 }% C+ E0 n/ E+ Jnet.ipv6.conf.lo.hop_limit = 64
- P6 q$ m% r I1 pnet.ipv6.conf.lo.mtu = 65536
) I/ L2 A; x% Q& Y1 E8 Dnet.ipv6.conf.lo.accept_ra = 1
1 V F8 _; g3 K) v3 J( b! I2 s \net.ipv6.conf.lo.accept_redirects = 1. M! R* z8 w2 a! U* l' n( `
net.ipv6.conf.lo.autoconf = 1& m) c F2 o# z6 E. {
net.ipv6.conf.lo.dad_transmits = 1
1 ~2 V0 H: J8 r9 b& ]3 D9 m, Vnet.ipv6.conf.lo.router_solicitations = 3
+ Q$ `. j) e0 ~9 a$ w4 u2 Inet.ipv6.conf.lo.router_solicitation_interval = 4& z" x N/ C& ]5 t; X
net.ipv6.conf.lo.router_solicitation_delay = 10 r6 M0 r8 {: }0 S; v3 S, z
net.ipv6.conf.lo.force_mld_version = 0! W7 n$ j( x6 s/ v- @5 a
net.ipv6.conf.lo.use_tempaddr = -17 _( I/ J$ s. }; [
net.ipv6.conf.lo.temp_valid_lft = 604800
1 N! k; D& d0 u- n# Q3 @net.ipv6.conf.lo.temp_prefered_lft = 86400: n" P! p4 S- w! P! w9 y
net.ipv6.conf.lo.regen_max_retry = 5
, A7 H/ T3 j2 G) ]1 h" snet.ipv6.conf.lo.max_desync_factor = 6005 o7 j! q/ p L
net.ipv6.conf.lo.max_addresses = 16) n% j* S5 a# Q9 K- ~4 Q
net.ipv6.conf.lo.accept_ra_defrtr = 10 z& Z# w a7 y! M: L1 S" c3 v2 a
net.ipv6.conf.lo.accept_ra_pinfo = 1
- d) [3 o9 l! j; jnet.ipv6.conf.lo.accept_ra_rtr_pref = 1
5 y( h2 P, i mnet.ipv6.conf.lo.router_probe_interval = 60
/ n3 L$ f* q6 o& E9 J' unet.ipv6.conf.lo.accept_ra_rt_info_max_plen = 0! c! q- o- i, Y$ ?1 t
net.ipv6.conf.lo.proxy_ndp = 0
0 _) q/ o& Z0 Enet.ipv6.conf.lo.accept_source_route = 0* F; H0 V `1 A) T
net.ipv6.conf.lo.optimistic_dad = 0% y" T m1 }( m( t7 m
net.ipv6.conf.lo.mc_forwarding = 09 V5 e6 a& \7 F" y$ j) @+ S
net.ipv6.conf.lo.disable_ipv6 = 0
8 N3 X' g: R% ~- ], E# znet.ipv6.conf.lo.accept_dad = -1
+ K. }$ ?! _- Wnet.ipv6.conf.eth0.forwarding = 0
, f f% M1 j+ w) q1 [net.ipv6.conf.eth0.hop_limit = 64 D4 |% n* ^3 D% q6 x
net.ipv6.conf.eth0.mtu = 15001 i4 V* [$ J4 u/ ]9 F
net.ipv6.conf.eth0.accept_ra = 11 }, e9 W V: t K# r8 m% S
net.ipv6.conf.eth0.accept_redirects = 15 J# j4 ]% J) [+ C, R" n
net.ipv6.conf.eth0.autoconf = 14 I& X5 v; |) F" t- C1 B
net.ipv6.conf.eth0.dad_transmits = 1
3 u8 ]. V: U, b* D% m/ W: rnet.ipv6.conf.eth0.router_solicitations = 3
" N- a( c" ]2 k9 }! H Y: ~net.ipv6.conf.eth0.router_solicitation_interval = 43 Z9 x y# [1 h" l' \$ Y
net.ipv6.conf.eth0.router_solicitation_delay = 1
9 W( L: Y7 |$ q# `net.ipv6.conf.eth0.force_mld_version = 0
* i0 n8 ?- Z7 d# @net.ipv6.conf.eth0.use_tempaddr = 0
& ]& o, p, I7 d& K b; Z; c" V" tnet.ipv6.conf.eth0.temp_valid_lft = 604800
! F, p8 _2 L6 |7 a6 w7 j3 z1 y) Tnet.ipv6.conf.eth0.temp_prefered_lft = 864009 z* x9 ~, t! f7 S+ {7 }& `( Y
net.ipv6.conf.eth0.regen_max_retry = 5* p" x" F7 e' J8 }9 L
net.ipv6.conf.eth0.max_desync_factor = 600/ P z5 D( C* y1 r- _$ S m
net.ipv6.conf.eth0.max_addresses = 16
, f4 g; i4 Y! O0 Z/ u Enet.ipv6.conf.eth0.accept_ra_defrtr = 1
8 }5 |# j* f( z& B, O7 W! Fnet.ipv6.conf.eth0.accept_ra_pinfo = 1
% s9 x: w9 p' Y5 `7 D# G/ P) Dnet.ipv6.conf.eth0.accept_ra_rtr_pref = 1# g3 E, i5 G* X& A/ \0 \( c1 ]1 ~
net.ipv6.conf.eth0.router_probe_interval = 60
$ l( [9 G, G# I+ E( B7 R9 R8 snet.ipv6.conf.eth0.accept_ra_rt_info_max_plen = 0. r$ T. u! l% |, r! I& L* m
net.ipv6.conf.eth0.proxy_ndp = 0
- ]$ [# K; V. L4 u4 Z, ^net.ipv6.conf.eth0.accept_source_route = 0
( G% {( z" K' m: u! @1 G; |net.ipv6.conf.eth0.optimistic_dad = 06 Y2 A9 C: E$ ?! z8 o' L0 `, I* G. P2 W
net.ipv6.conf.eth0.mc_forwarding = 0
$ `( p, O; P- o% C9 snet.ipv6.conf.eth0.disable_ipv6 = 0
% {: D) y# T* J4 K% E9 ~8 }net.ipv6.conf.eth0.accept_dad = 1; }5 T( U5 N( U, b L1 L, T% l; h
net.ipv6.conf.pan0.forwarding = 0 v" f1 ?2 J, p. ^7 U- L5 W" p% }
net.ipv6.conf.pan0.hop_limit = 64- {. |+ f; v& f) j' ]4 ?: n
net.ipv6.conf.pan0.mtu = 1500
2 `8 R6 e' c6 X) w; ^: Y+ snet.ipv6.conf.pan0.accept_ra = 12 ?4 A' w/ @( e1 w9 ]
net.ipv6.conf.pan0.accept_redirects = 1
2 |) @/ r# ^- a1 pnet.ipv6.conf.pan0.autoconf = 1. T' `! X+ T1 f5 T4 w: [
net.ipv6.conf.pan0.dad_transmits = 1
; o* B2 F6 o8 }" znet.ipv6.conf.pan0.router_solicitations = 3 H! M; L2 T4 l* ]9 _) @
net.ipv6.conf.pan0.router_solicitation_interval = 41 i) U8 Q; ~- I. H
net.ipv6.conf.pan0.router_solicitation_delay = 1$ T; n. C. H( F& Q# {
net.ipv6.conf.pan0.force_mld_version = 0, e- w: c3 e0 A a5 v
net.ipv6.conf.pan0.use_tempaddr = 0
0 G5 ^7 C+ X! ], Snet.ipv6.conf.pan0.temp_valid_lft = 604800% K$ m. g: i N! `
net.ipv6.conf.pan0.temp_prefered_lft = 86400
. X6 N, J( V+ m. h$ b/ `net.ipv6.conf.pan0.regen_max_retry = 59 w% b0 p: \1 N0 N x0 P" }
net.ipv6.conf.pan0.max_desync_factor = 600! ?5 [$ p! m9 r( y9 t. D: T/ G
net.ipv6.conf.pan0.max_addresses = 16& a) }: R- N/ x9 I$ ~
net.ipv6.conf.pan0.accept_ra_defrtr = 1
" F0 r! A. [, j% i& ~net.ipv6.conf.pan0.accept_ra_pinfo = 1# e& E/ {* g4 p7 @7 w
net.ipv6.conf.pan0.accept_ra_rtr_pref = 1
; `% `" w" W; y8 unet.ipv6.conf.pan0.router_probe_interval = 60
/ Y/ I/ J3 C% S0 z4 L E( Bnet.ipv6.conf.pan0.accept_ra_rt_info_max_plen = 0
, l6 l8 d" y4 T# enet.ipv6.conf.pan0.proxy_ndp = 0
! e+ }2 b1 D3 V+ M5 ]' Rnet.ipv6.conf.pan0.accept_source_route = 0
$ x8 J; \- ]/ bnet.ipv6.conf.pan0.optimistic_dad = 0* H1 o% ?4 `5 _( ~+ ^4 ~7 h Q
net.ipv6.conf.pan0.mc_forwarding = 07 I+ u O% F7 i9 v1 V
net.ipv6.conf.pan0.disable_ipv6 = 0
! Q n- C/ L b7 `" c9 b$ xnet.ipv6.conf.pan0.accept_dad = 1) Z6 b, {& x3 |. | @- U! G' |
net.ipv6.ip6frag_high_thresh = 4194304) F# l _. Z5 P4 ?, q: U* m. V m8 L
net.ipv6.ip6frag_low_thresh = 3145728+ u0 C: `. s! t0 T- J$ V7 S0 B
net.ipv6.ip6frag_time = 60
) W% |, `( }7 U7 a$ V* M+ j0 Ynet.ipv6.route.gc_thresh = 1024, t5 j Q, \, W6 o% ^
net.ipv6.route.max_size = 4096
, o- i& h* Q9 m$ jnet.ipv6.route.gc_min_interval = 0
4 ?1 s6 L) g6 fnet.ipv6.route.gc_timeout = 60$ q2 A% G9 ~3 E. N
net.ipv6.route.gc_interval = 309 Y7 Z" U/ t$ Y; h/ U1 ^
net.ipv6.route.gc_elasticity = 08 w) P, r& S& F& Z; G' r
net.ipv6.route.mtu_expires = 6007 Q0 }! V# N8 H) N; ~
net.ipv6.route.min_adv_mss = 1
3 _" g N3 c0 ^5 B R4 dnet.ipv6.route.gc_min_interval_ms = 500
3 k7 k$ E0 n+ I; snet.ipv6.icmp.ratelimit = 1000; `# X6 \/ e* ]' m
net.ipv6.bindv6only = 0
7 r3 B. S' ~' U; K4 p. K7 d! ^net.ipv6.nf_conntrack_frag6_timeout = 60
* @* L6 k9 e0 }" }/ jnet.ipv6.nf_conntrack_frag6_low_thresh = 3145728& p. w: c( w6 V6 Y' z
net.ipv6.nf_conntrack_frag6_high_thresh = 4194304( ~7 L% p8 @4 Y
net.ipv6.ip6frag_secret_interval = 600' C( w0 m0 t |& v, [5 [
net.ipv6.mld_max_msf = 64! E5 L: i% R" e# W
net.nf_conntrack_max = 65536
- x$ X+ E8 @* t1 r: l1 u0 H' wnet.bridge.bridge-nf-call-arptables = 1' B, f7 `; x0 _% _3 K
net.bridge.bridge-nf-call-iptables = 19 R) ~' i' v: e$ v7 Y
net.bridge.bridge-nf-call-ip6tables = 1
0 p' K. ]" h+ X7 r2 pnet.bridge.bridge-nf-filter-vlan-tagged = 0
) H1 m9 J6 b* P0 d& C4 Pnet.bridge.bridge-nf-filter-pppoe-tagged = 0
5 @9 C6 u7 n% d9 {& x( y3 M* x. {# Y+ gnet.unix.max_dgram_qlen = 10
* o) T' C% {* ^3 J/ k1 q$ F% `abi.vsyscall32 = 1
8 [4 }4 U! S" G0 Bcrypto.fips_enabled = 0 |
|
发表于 2022-7-16 07:25:10