|
|
楼主 |
发表于 2022-7-16 07:26:40
|
显示全部楼层
sysctl.conf文件配置详解- U9 J. Q1 O; a$ M- s7 g
临时生效
. w+ k' E; s- A" I#修改后,马上生效,重启或者service network restart失效" N3 E6 P* Z0 \, x2 I! A( E
sysctl -w fs.file-max=999999
! I: L4 C; D2 c( x/ e1 p
# z- M0 g1 G+ t4 S! n永久生效: ? H. z7 c, d& C, f' U1 _
#vim /etc/sysctl.conf
/ A: S6 ? {+ g1 _- qfs.file-max=999999
* k3 w* n: V* o; |5 }( u) c- V#保存后,执行sysctl -p 或者重启服务器生效4 F8 o8 Y0 q6 i$ \$ E! T$ G
查看配置9 }( d5 R8 ~! q1 Y% F m
sysctl -a #消失全部配置
# q+ f: R1 Q8 P3 Lsysctl fs.file-max #显示fs.file-max的值$ r. t# H/ G4 O' K
# sysctl -a | grep file #模糊查找- F' K; ^+ Z8 e5 a$ v- v# M( [
参考资料:Linux Tcp参数设置& X( s5 h1 T* C+ r
. m& Q# r+ l2 X2 A. |. [4 F) T
kernel.sched_child_runs_first = 0" x# S6 i( [! P/ k6 A
6 ?+ s, ]( i7 l T8 X
kernel.sched_min_granularity_ns = 3000000
# r' a: e! |$ Ikernel.sched_latency_ns = 15000000
) H! i1 u; x% V1 Z- }kernel.sched_wakeup_granularity_ns = 30000002 E) U- ?( A q
kernel.sched_tunable_scaling = 1
) [4 h$ F: G( U% D: W
: K" Y1 a' {3 n. _kernel.sched_features = 31837 M" h. ]" H+ q4 q; C
kernel.sched_migration_cost = 500000) `; m8 Y4 }% p* w6 v
kernel.sched_nr_migrate = 32
% W; C/ ^8 k ` I8 Nkernel.sched_time_avg = 1000, y1 x! R; i3 m s8 U
kernel.sched_shares_window = 10000000
6 h" |' l$ F8 Z+ [kernel.timer_migration = 15 T1 b6 W3 Q' ^ ?+ N# c8 P
kernel.sched_rt_period_us = 1000000% n1 O. T1 e' f! B) k5 L
kernel.sched_rt_runtime_us = 950000* |/ Y; ]+ g7 {4 Y9 l" A
kernel.sched_compat_yield = 0
4 M- V9 R9 v( f1 n/ e/ Hkernel.sched_rr_timeslice_ms = 100; h, C/ l7 E3 l: P1 ?7 R7 e
kernel.sched_autogroup_enabled = 0# D% M, n! }* M3 v' |
kernel.sched_cfs_bandwidth_slice_us = 5000
( f6 a* \2 G0 T- n1 B/ ^3 Wkernel.panic = 0
" \8 N( Z7 K' r; z/ e# q9 y2 ]kernel.exec-shield = 1; H6 h4 W. _0 G0 D$ Y9 V
kernel.core_uses_pid = 1
* Q$ Q$ C; b5 Dkernel.core_pattern = |/usr/libexec/abrt-hook-ccpp %s %c %p %u %g %t e
* R$ L/ @- x, J# @kernel.core_pipe_limit = 4' J6 U+ C% Z A3 M2 L. n% M
kernel.tainted = 0# W( b3 h W( Y) I; p, s0 x7 D% Z
kernel.real-root-dev = 0
+ {. ]% ~ K% K% H& ]4 F% W+ ~kernel.print-fatal-signals = 0% z D n: R. @* {
kernel.ctrl-alt-del = 0
( ]% h8 O) z, M9 ]& D( ]kernel.ftrace_enabled = 1% j. ~7 c _9 k6 i
kernel.stack_tracer_enabled = 0
9 j7 Q# K5 O5 X) U" Zkernel.ftrace_dump_on_oops = 0# n8 L" n- \) u8 y/ m
kernel.modprobe = /sbin/modprobe1 P. q2 l( L/ {+ _; `; M. q
kernel.modules_disabled = 0
) t$ F X+ a' R5 A9 z/ gkernel.kexec_load_disabled = 0% n- G* b& J5 o* r" h7 n( @8 o
kernel.hotplug =+ q2 Z" J9 D" }4 w4 \. U
kernel.acct = 4 2 301 t4 ?5 t4 E4 f8 S
kernel.sysrq = 0
0 o+ }' ]# ~5 j, Okernel.cad_pid = 1, s0 O# i9 ?3 j
kernel.threads-max = 60719
3 _- d: m( j- Wkernel.random.poolsize = 40966 d0 `6 ~- }( B: I/ q
kernel.random.entropy_avail = 4553 _! [" A$ o. P/ F" y M
kernel.random.read_wakeup_threshold = 64' m L9 ? Y- O8 V7 H
kernel.random.write_wakeup_threshold = 128% v$ y6 o7 a: B. ~
kernel.random.boot_id = 7ed1dbbb-9671-4ee2-8d81-58c58ba824ac
: Y6 b, d+ {' n5 A6 Y, B! wkernel.random.uuid = d1f372bb-bca8-4338-9d48-b9855a4ec41a
- x% V6 w, o! Pkernel.usermodehelper.bset = 4294967295 4294967295
2 j# ^' H: t2 t+ z; `, p1 Vkernel.usermodehelper.inheritable = 4294967295 4294967295
: B5 _# W* e; ^% O. \3 pkernel.overflowuid = 655342 J" N9 O) \( v# n) c
kernel.overflowgid = 65534$ ~; W! b2 r# c4 q+ h' z. m. z4 i
kernel.pid_max = 131072
" k! K, D' R* f- ^" ]+ ~( m; okernel.panic_on_oops = 1
' l) i! V, Z) U+ B ?* @4 g; }kernel.printk = 4 4 1 7
! A9 Y6 E5 U P" Q3 Ekernel.printk_ratelimit = 5; d" I) O) X, e$ z
kernel.printk_ratelimit_burst = 10
' m1 Z+ |5 k5 L; P+ `5 Hkernel.printk_delay = 0
( ?- Y5 B0 a) Bkernel.dmesg_restrict = 0
) J7 t0 Y- R' ], o' V7 f2 qkernel.kptr_restrict = 1
) j! E$ N. W" K9 A; [0 [$ V8 \kernel.ngroups_max = 65536- B$ {+ y" P# `
kernel.watchdog = 1
9 r$ R% A3 [* |kernel.watchdog_thresh = 60
% u( R3 X. R, O9 Pkernel.softlockup_panic = 01 y8 ~4 }+ J$ V6 \0 P$ H4 d/ Z: h
kernel.nmi_watchdog = 1
, A) s! @8 \$ a. e$ A. I" j% qkernel.unknown_nmi_panic = 0
7 m% i7 G0 [! `: f2 Ukernel.panic_on_unrecovered_nmi = 0
2 z2 ~+ v9 Z- V9 Z' K' S& lkernel.panic_on_io_nmi = 0
* u* D$ _% R' ^( g3 p* Kkernel.bootloader_type = 113
/ A' F" W0 e7 |- b) E: Y7 b; p3 kkernel.bootloader_version = 1
: i' R3 p5 T& ?9 H9 a3 Mkernel.kstack_depth_to_print = 12
1 g9 Z4 A- r7 P5 Mkernel.io_delay_type = 0, E7 G5 ?: S$ g+ Y
kernel.randomize_va_space = 2- Q' _7 d/ E+ c) _9 l- b$ G j
kernel.acpi_video_flags = 0
9 ~4 R, ?0 E; lkernel.hung_task_panic = 0
) g& `% y5 r3 N8 c6 ?( c8 l5 `kernel.hung_task_check_count = 41943045 L @% e$ C4 j; a. i
kernel.hung_task_timeout_secs = 120; q4 C. T. N( C6 K9 d
kernel.hung_task_warnings = 10
& `# K4 c6 M, _" }kernel.compat-log = 1
$ [. W. @# J$ e; @kernel.max_lock_depth = 1024
" r5 \4 q3 [- ^4 c3 v# Z4 Ykernel.poweroff_cmd = /sbin/poweroff
2 B( b) m7 y Y7 Ekernel.keys.maxkeys = 200& T& r: T" d3 o1 d2 Z8 p/ \4 X
kernel.keys.maxbytes = 20000
$ I+ ?1 Q, w& ~2 X4 o, @kernel.keys.root_maxkeys = 1000000' Q! [6 i0 R/ Y9 k( @
kernel.keys.root_maxbytes = 25000000
- d @. z4 j7 Q: k2 S5 {" {$ Nkernel.keys.gc_delay = 300
, n/ f: M8 K% |kernel.slow-work.min-threads = 2/ b! Y; z* n% {& v; U7 v8 T
kernel.slow-work.max-threads = 128! I+ L H9 V, ]4 X$ ^' K2 t
kernel.slow-work.vslow-percentage = 50+ ?* x4 G8 t. v: s
kernel.perf_event_paranoid = 1
: u& [: b% G4 xkernel.perf_event_mlock_kb = 516
* C" I. ~4 U3 o9 o* T' ]) A& ckernel.perf_event_max_sample_rate = 100000* _8 n9 g/ C( ?1 x; ^2 D' J
kernel.blk_iopoll = 1
9 L, |" s6 z3 b, X0 ^/ T K0 Bkernel.sched_domain.cpu0.domain0.min_interval = 1
! q Z4 b2 k6 Y+ [% skernel.sched_domain.cpu0.domain0.max_interval = 4( Y. U" o6 i6 T1 `. @0 I0 w
kernel.sched_domain.cpu0.domain0.busy_idx = 28 @+ V8 C# m- [# \" V- Q
kernel.sched_domain.cpu0.domain0.idle_idx = 1
! Z, s, _3 ]* fkernel.sched_domain.cpu0.domain0.newidle_idx = 0
& n3 S6 C0 f" s) k3 xkernel.sched_domain.cpu0.domain0.wake_idx = 0
) U% n& a# a6 Q+ Skernel.sched_domain.cpu0.domain0.forkexec_idx = 0
' R; K( z. K# l8 G; {kernel.sched_domain.cpu0.domain0.busy_factor = 642 Q0 l. y' Z5 o( }1 x8 t5 r- w0 Z2 Q" k
kernel.sched_domain.cpu0.domain0.imbalance_pct = 125
, q2 i. @8 d0 }2 `kernel.sched_domain.cpu0.domain0.cache_nice_tries = 1
G! ]1 ]# H3 _ ?3 |7 E( x4 fkernel.sched_domain.cpu0.domain0.flags = 4143; |' u. a( F3 T- Z
kernel.sched_domain.cpu0.domain0.name = CPU# {. g2 a% L& [2 S8 L
kernel.sched_domain.cpu1.domain0.min_interval = 1
7 t3 H+ U' i/ d4 M7 e p, w3 F; Tkernel.sched_domain.cpu1.domain0.max_interval = 4
6 @8 |0 A7 ^& _! Y0 _/ m0 q2 Ckernel.sched_domain.cpu1.domain0.busy_idx = 2
* n8 e1 q7 G' ?& H* H8 v1 @kernel.sched_domain.cpu1.domain0.idle_idx = 1
8 p5 n! f9 Y4 V; _" M7 o$ kkernel.sched_domain.cpu1.domain0.newidle_idx = 0! B. c9 @: o/ {9 J3 p i0 f6 U
kernel.sched_domain.cpu1.domain0.wake_idx = 0
8 \0 h/ R8 C0 Y$ B. R) R" Gkernel.sched_domain.cpu1.domain0.forkexec_idx = 0) j2 u5 h' o% s# E" F% R1 v! S% @3 R
kernel.sched_domain.cpu1.domain0.busy_factor = 644 g" }, ]$ X& D, H s7 u$ S* a) v
kernel.sched_domain.cpu1.domain0.imbalance_pct = 125
* N5 |0 d) @8 S( tkernel.sched_domain.cpu1.domain0.cache_nice_tries = 1
: I0 w3 N }* S* M8 Kkernel.sched_domain.cpu1.domain0.flags = 4143
! ]! O; l; G" L: z- C" Gkernel.sched_domain.cpu1.domain0.name = CPU2 Q; J& t$ q+ @. J
kernel.sched_domain.cpu2.domain0.min_interval = 1
6 c: ~! B: D# d' `* j" `5 M; C) lkernel.sched_domain.cpu2.domain0.max_interval = 4
( X0 y( I) ^' o4 ~' u9 lkernel.sched_domain.cpu2.domain0.busy_idx = 24 D/ R5 B9 F F5 ~ s, f, N) I
kernel.sched_domain.cpu2.domain0.idle_idx = 1
* m9 ~7 d' y/ Y, @kernel.sched_domain.cpu2.domain0.newidle_idx = 0
- ~/ ]9 v1 c& Gkernel.sched_domain.cpu2.domain0.wake_idx = 02 g4 |5 r0 R8 K. `; B7 r# N
kernel.sched_domain.cpu2.domain0.forkexec_idx = 0+ m8 O4 y' ~, u
kernel.sched_domain.cpu2.domain0.busy_factor = 64; m3 k2 |$ H) B |
kernel.sched_domain.cpu2.domain0.imbalance_pct = 125% a2 R+ S1 K! |/ U- ^
kernel.sched_domain.cpu2.domain0.cache_nice_tries = 12 U, n& K0 [7 ?) J6 E+ v
kernel.sched_domain.cpu2.domain0.flags = 4143( b* ?' @# t2 S' y
kernel.sched_domain.cpu2.domain0.name = CPU
( M) r" \* n& t+ vkernel.sched_domain.cpu3.domain0.min_interval = 1: l9 `6 O% R2 T% N. J
kernel.sched_domain.cpu3.domain0.max_interval = 4' Y( [( |, w, o' S8 ~7 s: D! n
kernel.sched_domain.cpu3.domain0.busy_idx = 21 E2 \: D7 _& z
kernel.sched_domain.cpu3.domain0.idle_idx = 1
/ ?) X- f: x7 A0 b' dkernel.sched_domain.cpu3.domain0.newidle_idx = 0- c+ }7 h: [. F" e- o
kernel.sched_domain.cpu3.domain0.wake_idx = 01 x5 \0 j9 ?2 X3 K! k% n" J
kernel.sched_domain.cpu3.domain0.forkexec_idx = 0
' n/ b% V8 o j$ v0 J0 v7 T- S) Fkernel.sched_domain.cpu3.domain0.busy_factor = 64& N1 V3 _; H1 u" H P. l! X
kernel.sched_domain.cpu3.domain0.imbalance_pct = 125
7 c9 | A* {- S& [: M) vkernel.sched_domain.cpu3.domain0.cache_nice_tries = 11 A3 M X' o5 p- ^ S; G+ N
kernel.sched_domain.cpu3.domain0.flags = 4143' J b+ K" B5 C; V, o
kernel.sched_domain.cpu3.domain0.name = CPU! l% @9 ^. B( \* L6 @8 W% F. W
kernel.vsyscall64 = 1
% Q d8 X# @3 @! v1 `( mkernel.ostype = Linux! U8 z. c5 Y" T$ A/ f
kernel.osrelease = 2.6.32-504.el6.x86_64
/ G2 y* b$ F/ ~! T2 Bkernel.version = #1 SMP Wed Oct 15 04:27:16 UTC 2014# p" R0 B, E6 J8 z8 G+ v5 o: M$ L
kernel.hostname = xapi.128.com
. g5 s2 T# ]+ C$ G2 p( F* X' Fkernel.domainname = (none)
8 \% X# a+ p# j/ ]8 S$ Pkernel.pty.max = 4096
. Q. m: P Q( Gkernel.pty.nr = 19 A" W# f, n% ^' F _0 W
kernel.shmmax = 68719476736/ U( V" \, U% j, T& _& p
kernel.shmall = 4294967296. @2 V, t1 j( w1 ~ g! o
kernel.shmmni = 4096
- n; t1 ^7 J+ \kernel.shm_rmid_forced = 0$ h: H/ U8 w- l- D, A
kernel.msgmax = 65536# a3 k5 t+ ^4 \8 M4 h3 u+ f+ \% F1 I
kernel.msgmni = 7627
) t" d/ g6 k8 e& G/ w; w. V. ekernel.msgmnb = 65536
* C+ R+ d$ v) gkernel.sem = 250 32000 32 128. ^3 D8 n( z3 L6 k2 f
kernel.auto_msgmni = 12 O- t; _' ]% g. H r8 w, o2 f
vm.overcommit_memory = 0
$ _" l V" _8 L: ^, k. z# G2 r3 rvm.panic_on_oom = 0) @) h) X6 M; \5 l1 j2 W0 e/ I
vm.oom_kill_allocating_task = 04 e I' u* U( y
vm.extfrag_threshold = 500
7 _9 `' t" p" _3 U. Uvm.oom_dump_tasks = 1
& V" ]; {( \9 a2 R* kvm.would_have_oomkilled = 0
/ ~2 h9 Q1 v6 M1 Qvm.overcommit_ratio = 505 x' Q$ I( i9 K& I% C0 j$ `' H
vm.overcommit_kbytes = 08 E" w- t Q$ k- R
vm.page-cluster = 3
D6 o3 ~* p6 h* G7 f* Avm.dirty_background_ratio = 10
- F. Q! B X+ @6 a8 Avm.dirty_background_bytes = 0+ r' r7 H2 x& y$ s9 ?+ c1 u) i/ k2 y
vm.dirty_ratio = 20& s# E( F3 Q5 X6 |# B0 n
vm.dirty_bytes = 0
- S) ]; ]" \9 M$ m3 Ovm.dirty_writeback_centisecs = 500" V& G1 u& w% s8 Q) ]; N: ?
vm.dirty_expire_centisecs = 3000
5 W5 Z1 T9 n9 t1 V [vm.nr_pdflush_threads = 0
3 b- m" o/ @* T4 q; J! E* [vm.swappiness = 60
+ v, A# y7 x. |" x" d( s2 kvm.nr_hugepages = 0$ L; }0 _; V, j
vm.nr_hugepages_mempolicy = 0) b) v4 h# X/ A. q$ m! p ?& a
vm.hugetlb_shm_group = 0+ y- r- c5 f+ Y5 t; T! e' ]# L
vm.hugepages_treat_as_movable = 0) D1 _ o9 x' R$ {) w6 E$ ~
vm.nr_overcommit_hugepages = 0
6 C) E' _; b; E0 a+ Lvm.lowmem_reserve_ratio = 256 256 32
7 K2 r: ~1 ~$ D0 Zvm.drop_caches = 0
% I% u+ {/ V6 n' j+ n) F) A7 Qvm.min_free_kbytes = 67584
w' \6 V# ^8 D$ N# Hvm.extra_free_kbytes = 0! C. l3 }. n2 G/ C; R8 o
vm.unmap_area_factor = 0
3 D6 Q" q) k6 Zvm.meminfo_legacy_layout = 14 s! i: N8 E) s" H* N4 K) b
vm.percpu_pagelist_fraction = 0
. O+ O9 H0 [$ ~* b9 w/ {6 F. Hvm.max_map_count = 65530
9 @$ U/ q+ \( Bvm.laptop_mode = 0; L t* M4 [ \# _ z
vm.block_dump = 0
8 J! x( k( ]7 a# J4 g2 d' tvm.vfs_cache_pressure = 100
& \* V6 J" h- w5 V, Avm.legacy_va_layout = 0
4 g) D7 ]/ d) U% {/ t3 f* t2 Ivm.zone_reclaim_mode = 0
% `2 d2 M: m3 c5 O9 ^! h8 lvm.min_unmapped_ratio = 1
" \$ g2 @) N' x+ Qvm.min_slab_ratio = 5* t, Z# L; ?, x9 v
vm.stat_interval = 15 q% ?! ^7 m$ C2 e6 t- r
vm.mmap_min_addr = 4096' V, r% ~# Y0 e$ N; w9 @ N: X" F9 H
vm.numa_zonelist_order = default
, W. Z/ j: B2 Z& xvm.scan_unevictable_pages = 0
7 j, p9 ~+ T) A+ I* u: Svm.memory_failure_early_kill = 0
3 h1 T" G8 o7 J% f i B. `vm.memory_failure_recovery = 1
. O0 ~1 j o& Tfs.inode-nr = 14659 243
F( j' O9 |7 A0 p3 w/ o3 Q3 f; ^fs.inode-state = 14659 243 0 0 0 0 0
. C8 U: S8 e) _0 z" X+ h& dfs.file-nr = 1216 0 385492
, X! N5 G5 R+ U9 q/ j7 w
- L+ b2 X: M: [' z4 u& o4 f& R#【nginx】这个参数表示系统(所有)可以同时打开的最大句柄数,这个参数直接限制最大并发连接数,需根据实际情况配置。wd=8115151 t7 R' v# ?$ T1 O8 n
# file-max与ulimit的区别
! s) f2 @* ^2 q1 | Q9 dfs.file-max = 385492- i c/ J5 e9 j+ c4 ~
T( P9 Y4 P6 z" _; J8 `fs.nr_open = 1048576- Q, D; R/ f% R
fs.dentry-state = 15088 6375 45 0 0 0) K* \7 ~" x* i6 S) | q1 ~+ S9 R
fs.overflowuid = 65534
+ W& K5 z9 g, `8 k+ C0 Xfs.overflowgid = 65534
0 ~; `8 |3 E: y: R* h3 D1 Wfs.leases-enable = 14 U- V9 ~. P+ V3 Q" \& n
fs.dir-notify-enable = 1
" m5 {: y: d8 s, Lfs.lease-break-time = 45
6 [0 D% |' u" k9 M. Jfs.aio-nr = 05 g& [% m8 o( S% R6 a, x1 G
fs.aio-max-nr = 65536
9 @. P5 V6 J5 {- I! t0 @fs.inotify.max_user_instances = 128
2 s! r* y5 E9 K* tfs.inotify.max_user_watches = 8192
3 a- _# v, V3 h3 sfs.inotify.max_queued_events = 163846 s# D; j$ _4 f M/ o7 E
fs.epoll.max_user_watches = 795852( P% E- l( X% _3 [8 B
fs.suid_dumpable = 0; Z, H4 f/ o) ~/ D8 W# _2 F5 v
fs.binfmt_misc.status = enabled
- G, Y5 m3 y/ S+ t2 Nfs.quota.lookups = 0. @( y) m( G$ N
fs.quota.drops = 0
5 r; j$ z$ h2 {: y8 Y2 X+ k# ffs.quota.reads = 0
8 \# {5 P& x' [$ d: A8 hfs.quota.writes = 0; e7 y" K& U! B. i
fs.quota.cache_hits = 0: L$ h% c& q" ]7 z
fs.quota.allocated_dquots = 0+ j. ~/ f2 G) ]4 U# N J
fs.quota.free_dquots = 0
" o1 F% g: V0 yfs.quota.syncs = 4
6 j5 j; l+ ~# @3 }fs.quota.warnings = 1, s9 b8 V& I. F. p
fs.mqueue.queues_max = 256; t2 t0 b) G8 p; k, a7 {
fs.mqueue.msg_max = 10; R6 e/ ~- ]/ `2 ]" ]: \
fs.mqueue.msgsize_max = 8192
, H5 R2 b# Z; \9 {1 W6 V4 Rfs.mqueue.msg_default = 10( n" N( T* a* `& l4 r/ i* g6 Z
fs.mqueue.msgsize_default = 8192
' t; L G+ W' T; c8 L, k1 Wdebug.exception-trace = 1, s/ H1 V% F) U& D0 |
debug.kprobes-optimization = 1 P; o9 @0 N1 _, u$ b: f; T# o
dev.scsi.logging_level = 0& ], o( p! z* T3 W
dev.raid.speed_limit_min = 10002 b) q% d+ U* s8 y. E" [6 {
dev.raid.speed_limit_max = 2000006 T' o+ P$ n0 L# V
dev.hpet.max-user-freq = 64: e% Z6 E( S; m8 g3 X& z5 U
dev.mac_hid.mouse_button_emulation = 0
B0 O, T# q) t2 g* wdev.mac_hid.mouse_button2_keycode = 97
5 g' j1 w6 G( Kdev.mac_hid.mouse_button3_keycode = 100
( L2 {$ I! i# e' K5 x, pdev.cdrom.info = CD-ROM information, Id: cdrom.c 3.20 2003/12/17
4 M7 p5 |4 z" l& m) x+ [" n8 tdev.cdrom.info =
: H5 V) J Q3 E* J# d0 v+ Q' n4 Udev.cdrom.info = drive name: sr0
1 T, J, C8 W* C& Y7 Rdev.cdrom.info = drive speed: 306
% x3 O/ i5 @1 O0 v x { o3 edev.cdrom.info = drive # of slots: 10 U, O$ I8 h# i' L
dev.cdrom.info = Can close tray: 1
+ V- `9 z6 t3 P( Pdev.cdrom.info = Can open tray: 1
1 {6 V3 \2 q0 k7 ^, e* v& v4 U Ydev.cdrom.info = Can lock tray: 1: _1 {4 ~) r" T/ ~' |
dev.cdrom.info = Can change speed: 1
( m7 M4 d3 Y2 M" o& ndev.cdrom.info = Can select disk: 0
3 W# Z+ i, `. b+ Fdev.cdrom.info = Can read multisession: 1
8 ? R( z4 v* p3 Pdev.cdrom.info = Can read MCN: 19 b9 r* b2 v8 ^- W$ l- j5 U
dev.cdrom.info = Reports media changed: 1- h2 ~ ^# ~. W& L1 {4 K& M- i
dev.cdrom.info = Can play audio: 1+ c. ]/ K' @$ E
dev.cdrom.info = Can write CD-R: 0
5 c7 h8 ^9 [1 d2 d& D; f* pdev.cdrom.info = Can write CD-RW: 0( s3 j- p8 n, e! B4 l9 r; Y
dev.cdrom.info = Can read DVD: 1
2 n5 C: t# i$ Odev.cdrom.info = Can write DVD-R: 0) q+ q, E* X" R6 x/ f6 l: C' }; n- l
dev.cdrom.info = Can write DVD-RAM: 0
+ J% U- p2 `& O; {) Hdev.cdrom.info = Can read MRW: 12 u/ |1 e* ~4 x. a
dev.cdrom.info = Can write MRW: 1
8 m' @0 x, G4 B/ w3 l4 h w. x% [& Qdev.cdrom.info = Can write RAM: 1
" r. Z5 F! o! a) R$ ~dev.cdrom.info =: Y/ x8 r" W7 [4 F& n8 M
dev.cdrom.info =& i0 @$ B, T6 X+ A; f
dev.cdrom.autoclose = 1
8 V) Q; K8 P( D: Y% e p) Q' vdev.cdrom.autoeject = 0- d3 f+ y+ q0 |3 U2 z8 ]; v" q) y. E
dev.cdrom.debug = 0
1 g \( B9 u0 ^- E2 s' j' Zdev.cdrom.lock = 1$ E4 K( ~" c7 p1 l7 ?
dev.cdrom.check_media = 0
* R, Y5 S$ D& l4 K d( a- ]net.netfilter.nf_log.0 = NONE
7 y3 ^$ e- E, x5 Y2 [4 Q( D$ Tnet.netfilter.nf_log.1 = NONE
! ]- l3 V: n- E: u8 g i& Mnet.netfilter.nf_log.2 = NONE# Q/ @1 b, y: M
net.netfilter.nf_log.3 = NONE
+ b& b4 B# E" X2 Unet.netfilter.nf_log.4 = NONE! c5 p6 v9 }( ? W( e) a7 b
net.netfilter.nf_log.5 = NONE0 Y: Z8 i5 b/ g+ Q: t, ^, l0 U. i
net.netfilter.nf_log.6 = NONE
/ ^. f( r0 f6 ?1 y2 Q% @net.netfilter.nf_log.7 = NONE
( G: O# f! S% Y3 V: k O/ {net.netfilter.nf_log.8 = NONE: K0 }# d$ z# |% c* `
net.netfilter.nf_log.9 = NONE3 ]. e, W1 s0 b* G# f
net.netfilter.nf_log.10 = NONE
% i) {% G+ W9 e/ Ynet.netfilter.nf_log.11 = NONE& M+ r$ f5 M9 O3 _8 q
net.netfilter.nf_log.12 = NONE2 W! h9 ? E# c- A/ G# a
net.netfilter.nf_conntrack_generic_timeout = 6002 H$ Z, v' g F8 i, T
net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 120
7 ^: W8 `# `- v5 w. z7 M- @net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 60
( o' Q. M! I; d0 Knet.netfilter.nf_conntrack_tcp_timeout_established = 432000
6 x; Q0 m7 \/ g5 d. Y5 |5 Gnet.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
& v; `9 d. b' l: Q0 G1 ~9 k# M( x+ ~% Snet.netfilter.nf_conntrack_tcp_timeout_close_wait = 607 E4 V" l/ B' p$ ^' k; p
net.netfilter.nf_conntrack_tcp_timeout_last_ack = 30* ?: q, b. m# V/ d3 Z
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
) W0 y e7 L, Z A3 Knet.netfilter.nf_conntrack_tcp_timeout_close = 10
6 Y# G' B# e+ d- i$ p5 G! @, E! z6 ynet.netfilter.nf_conntrack_tcp_timeout_max_retrans = 300
" B$ |: x7 `6 E( cnet.netfilter.nf_conntrack_tcp_timeout_unacknowledged = 300
$ N6 U) Y+ g/ P4 o( X$ x! |net.netfilter.nf_conntrack_tcp_loose = 1# A6 L7 i. E1 Z v: O
net.netfilter.nf_conntrack_tcp_be_liberal = 0! {, O/ N. o" f7 q4 `4 {
net.netfilter.nf_conntrack_tcp_max_retrans = 3" h! d8 a) h4 v
net.netfilter.nf_conntrack_udp_timeout = 30
5 q! I1 v8 d6 \! w: |net.netfilter.nf_conntrack_udp_timeout_stream = 180
' F( V* m$ Z# E5 |& I, J pnet.netfilter.nf_conntrack_icmpv6_timeout = 30- Z( ?8 s& A5 a, P# H) }
net.netfilter.nf_conntrack_acct = 0: Y+ G% J2 Y8 \ o" J s0 q1 h
net.netfilter.nf_conntrack_events = 1
# y# r9 L4 q- H. q3 D& ~0 Snet.netfilter.nf_conntrack_events_retry_timeout = 15
h! n8 T Q' d( n- snet.netfilter.nf_conntrack_max = 65536
0 \# O& m4 j$ m( knet.netfilter.nf_conntrack_count = 09 `: z: b0 H" D+ R
net.netfilter.nf_conntrack_buckets = 16384
- L3 I* z7 ?: m7 P4 a3 n) Wnet.netfilter.nf_conntrack_checksum = 1
0 Z0 [# E, j, f2 P! Fnet.netfilter.nf_conntrack_log_invalid = 0
! \* o2 j, d* Enet.netfilter.nf_conntrack_expect_max = 2569 b6 C; \7 Q( h6 g* j" o
net.core.somaxconn = 128* H9 d2 s" F* l g$ M) S4 C- i: Q( y; a
net.core.xfrm_aevent_etime = 10
) N' U3 L- K" N. R9 s5 b; Znet.core.xfrm_aevent_rseqth = 25 k, t6 w( \7 H- L3 u
net.core.xfrm_larval_drop = 1' N) R! [% n. @. S9 [4 r! ?
net.core.xfrm_acq_expires = 302 w4 T* Z' f4 x$ I+ ]- e
" n3 P# }8 T8 A3 o' t$ H) @, S#【nginx】这个参数表示内核套接字发送缓存区的最大大小。
5 T! q. @& b7 u, \$ p" c3 m2 p#【nginx】这个参数表示内核套接字接收缓存区的最大大小。
& a' \$ X4 Y Z0 r0 Z* a#【nginx】这个参数表示内核套接字发送缓存区默认的大小。
: [% ~6 w% M0 a* z/ K! u# M+ [$ @ F#【nginx】这个参数表示内核套接字接收缓存区默认的大小。4 Y' _& W- x5 p, x1 I0 f* C
#注意 滑动窗口的大小与套接字缓存区会在一定程度上影响并发连接的数目。每个TCP连接都会为维护TCP滑动窗口而消耗内存,这个窗口会根据服务器的处理速度收缩或扩张。
. e( `5 G1 M( [ n, \2 A参数wmem_max的设置,需要平衡物理内存的总大小、Nginx并发处理的最大连接数量(由nginx.conf中的worker_processes和worker_connections参数决定)而确定。当然,如果仅仅为了提高并发量使服务器不出现Out Of Memory问题而去降低滑动窗口大小,那么并不合适,因为滑动窗口过小会影响大数据量的传输速度。rmem_default、wmem_default、rmem_max、wmem_max…3 ^ w* U1 [3 r4 I2 _& U& o* b
#参考:可靠传输的实现7 Y- E2 Y h, A
net.core.wmem_max = 124928 //wd=124928
$ P1 I- y1 k1 z: B7 cnet.core.rmem_max = 124928 //wd=124928: U- X3 Q, c. e
net.core.wmem_default = 124928 //wd=124928
# w- U9 L" u( P6 @net.core.rmem_default = 124928//wd=124928
$ S, y2 u" K9 `
( b$ c f( }" q I+ Vnet.core.dev_weight = 64
# F/ y& L1 v* Z. ~, n# \ m
Q0 @3 q+ W& h, d#【nginx】当网卡接收数据包的速度大于内核处理的速度时,会有一个队列保存这些数据包。这个参数表示该队列的最大值。wd=32768
5 X& G) m F3 S- f7 o/ t, j3 w* Znet.core.netdev_max_backlog = 1000
( ^0 W8 Y$ j2 Q% h& v+ F2 ^net.core.message_cost = 5
" j) ~* [6 r1 n2 H/ Z$ Bnet.core.message_burst = 10' r& o/ u* |, X; T8 f
net.core.optmem_max = 20480- w. W- p8 u2 A4 I
net.core.rps_sock_flow_entries = 0
( k0 u+ d* H% A) N% Xnet.core.busy_poll = 0( o3 Z% \9 H- N+ f$ k. j8 c
net.core.busy_read = 0
- b- M7 e1 ?3 M9 Z* l2 pnet.core.netdev_budget = 3005 P d; [9 P( r9 W8 |
net.core.warnings = 1& c) z" e8 g- x2 O4 p2 u
net.ipv4.route.gc_thresh = 131072* O; l' @+ [3 U" f2 v% K
net.ipv4.route.max_size = 2097152$ h5 }3 G! y/ I0 ~' t
net.ipv4.route.gc_min_interval = 0 ]. M8 ~; V( f. k( e
net.ipv4.route.gc_min_interval_ms = 500
1 L& q. p3 i: k: A5 Bnet.ipv4.route.gc_timeout = 3002 i2 v. e1 D! Y) g! r: L2 F5 u7 v8 e
net.ipv4.route.gc_interval = 60
) ]$ Q) W$ a$ [2 n9 e3 l+ G2 K: qnet.ipv4.route.redirect_load = 20
5 l/ Q) q8 Z/ [: k/ H* z; W4 nnet.ipv4.route.redirect_number = 9
5 {: T4 y. h/ M. Z' q [ knet.ipv4.route.redirect_silence = 204804 }4 U F; M" @. O7 [& j* A1 z
net.ipv4.route.error_cost = 1000+ \; L. }. ^/ P3 ^" R
net.ipv4.route.error_burst = 50005 k; M/ R! T% U+ p
net.ipv4.route.gc_elasticity = 81 J9 D: C, H4 M( Y5 m* e
net.ipv4.route.mtu_expires = 600" A4 e1 f4 ~2 D% p9 z* O4 I
net.ipv4.route.min_pmtu = 552
1 n) b' Q0 ?2 [ rnet.ipv4.route.min_adv_mss = 256
- n- D! R2 q% Z) R$ {7 l0 Dnet.ipv4.route.secret_interval = 600
* p9 H7 g4 z3 ]( a, W1 t9 Fnet.ipv4.neigh.default.mcast_solicit = 30 U! l% E! a8 q
net.ipv4.neigh.default.ucast_solicit = 3
& n. r4 z- H% {" Z( Mnet.ipv4.neigh.default.app_solicit = 0: Q! [0 [6 o; t9 L# n
net.ipv4.neigh.default.retrans_time = 99
9 ]3 h! z F" o! jnet.ipv4.neigh.default.base_reachable_time = 30
4 z' q% a$ d8 Lnet.ipv4.neigh.default.delay_first_probe_time = 51 [5 j* K" I* u$ H
net.ipv4.neigh.default.gc_stale_time = 60
P i/ Y* _; p1 g9 Knet.ipv4.neigh.default.unres_qlen = 3$ a# z' T, z: d4 `! O' C$ Q/ l+ I
net.ipv4.neigh.default.proxy_qlen = 64
- s1 ?0 U& e& M: v9 Vnet.ipv4.neigh.default.anycast_delay = 99; C. J! l3 W# C4 G4 Y8 H) T
net.ipv4.neigh.default.proxy_delay = 79
8 V3 ~" G) D2 C7 Anet.ipv4.neigh.default.locktime = 99
5 C1 u9 I) p+ R+ y- T5 [! D( Lnet.ipv4.neigh.default.retrans_time_ms = 10006 Y# x7 V. v1 B) L: L5 J9 u$ V
net.ipv4.neigh.default.base_reachable_time_ms = 30000
+ u- _5 C) `6 ynet.ipv4.neigh.default.gc_interval = 30
6 D ^2 I# q" H# Anet.ipv4.neigh.default.gc_thresh1 = 128# m/ P6 }; l( ~; `- z+ n: j
net.ipv4.neigh.default.gc_thresh2 = 512% a* Y) B5 B, f" z) W
net.ipv4.neigh.default.gc_thresh3 = 1024
P2 ?4 Z `- unet.ipv4.neigh.lo.mcast_solicit = 3! ]: }- b5 ?7 E/ R v
net.ipv4.neigh.lo.ucast_solicit = 3& s' R" A7 W8 C3 v6 ~; o/ m' I
net.ipv4.neigh.lo.app_solicit = 0
- [, @3 j/ f, i6 X" Wnet.ipv4.neigh.lo.retrans_time = 999 G4 @* y" M( L* p- K T8 [1 l
net.ipv4.neigh.lo.base_reachable_time = 30
1 x: K7 K2 L( }, b/ W' q4 e* `net.ipv4.neigh.lo.delay_first_probe_time = 5
5 x( ?+ T L; A% d8 Gnet.ipv4.neigh.lo.gc_stale_time = 60
1 l* Q! p6 U/ Hnet.ipv4.neigh.lo.unres_qlen = 3
n1 K: h7 h0 v9 \( Z `1 g0 ~net.ipv4.neigh.lo.proxy_qlen = 64! o; B* n% G9 J
net.ipv4.neigh.lo.anycast_delay = 99
$ x2 g0 c9 D: inet.ipv4.neigh.lo.proxy_delay = 79
8 [6 K* Q' r0 B/ p U: {! b6 }net.ipv4.neigh.lo.locktime = 99- K* U; {. x* t! e5 h. J6 _' h y5 U
net.ipv4.neigh.lo.retrans_time_ms = 1000
3 ^0 x2 Z$ R* ^; m5 N- @net.ipv4.neigh.lo.base_reachable_time_ms = 30000
5 B/ E0 w( d6 Z n: b0 _net.ipv4.neigh.eth0.mcast_solicit = 3$ Z! K+ u# ^* R
net.ipv4.neigh.eth0.ucast_solicit = 3- A8 d1 F% f, \% u
net.ipv4.neigh.eth0.app_solicit = 05 A( U. @ q, y* [. z7 O9 h+ K1 h$ R
net.ipv4.neigh.eth0.retrans_time = 99
/ _9 P1 f* j8 I: |! Jnet.ipv4.neigh.eth0.base_reachable_time = 30
# O9 h# n# ^ Q; `$ q* Enet.ipv4.neigh.eth0.delay_first_probe_time = 5
9 X& z9 `& B) m% i4 @( K1 Y) ]+ snet.ipv4.neigh.eth0.gc_stale_time = 606 y5 w/ Z( K, i1 Z8 o4 |7 T; O& ?
net.ipv4.neigh.eth0.unres_qlen = 3
4 \5 t2 _: z, E7 I& n6 {net.ipv4.neigh.eth0.proxy_qlen = 64
5 m4 n3 u/ I0 J/ }1 O3 N7 anet.ipv4.neigh.eth0.anycast_delay = 99
, e* B- G: i$ O) ~1 y0 S4 U, Cnet.ipv4.neigh.eth0.proxy_delay = 79
: ~4 O2 T7 Y4 h; v' ?& tnet.ipv4.neigh.eth0.locktime = 995 `; V. @$ y5 T% ]' D
net.ipv4.neigh.eth0.retrans_time_ms = 1000, V2 Y7 M t! _, V4 z* C
net.ipv4.neigh.eth0.base_reachable_time_ms = 30000
! G7 H5 {9 H4 T) ~net.ipv4.neigh.pan0.mcast_solicit = 3( S/ a. T: n2 r3 X
net.ipv4.neigh.pan0.ucast_solicit = 3$ W. X% D* T2 p; J: C4 G9 ]
net.ipv4.neigh.pan0.app_solicit = 0
! {8 ^, b9 [& |% |net.ipv4.neigh.pan0.retrans_time = 994 P/ b, m2 W! K6 u6 F
net.ipv4.neigh.pan0.base_reachable_time = 30( k y' E$ e+ F; @' X, T7 T
net.ipv4.neigh.pan0.delay_first_probe_time = 5) n$ G( G/ [* |" G" p/ s1 V3 X+ |
net.ipv4.neigh.pan0.gc_stale_time = 60
5 H" |# o2 Q8 b4 v5 {' Fnet.ipv4.neigh.pan0.unres_qlen = 33 j- T4 Z# @/ H
net.ipv4.neigh.pan0.proxy_qlen = 64
( L1 s6 k8 s; I* p: gnet.ipv4.neigh.pan0.anycast_delay = 99* |9 w8 k* X7 t: J: N" H
net.ipv4.neigh.pan0.proxy_delay = 79( j B6 z- u" ]8 i6 r/ C1 z
net.ipv4.neigh.pan0.locktime = 99
3 z' f0 ?# }- F( znet.ipv4.neigh.pan0.retrans_time_ms = 1000
+ d: c9 s, y0 [+ h* Z( L! Pnet.ipv4.neigh.pan0.base_reachable_time_ms = 30000
) u+ L. g n$ z2 Q% j5 _: V1 l# n: _net.ipv4.tcp_timestamps = 1
1 u# U! X" v8 q. h( P: fnet.ipv4.tcp_window_scaling = 14 k: @4 `9 e+ G5 }6 W2 ~( V
net.ipv4.tcp_sack = 1
; e1 y5 l! d: s, `7 D- Z! ?net.ipv4.tcp_retrans_collapse = 1
; m$ K% \5 q0 [ o1 v4 l3 e) Rnet.ipv4.ip_default_ttl = 64
7 C) G( ^( p1 d7 O4 @& p, B( vnet.ipv4.ip_no_pmtu_disc = 0
& Q& h. O3 t2 Q7 }! H" T1 Lnet.ipv4.ip_nonlocal_bind = 0( s. c V" S/ T8 r
net.ipv4.tcp_syn_retries = 52 Y8 s5 v8 {8 i# I8 O8 B E
net.ipv4.tcp_synack_retries = 5
% ~( _ a# c5 Q6 Nnet.ipv4.tcp_max_orphans = 262144: D' X0 E X$ l% E7 e7 l: P) p
$ h9 r! V6 w$ C$ t5 i; z
$ P j2 e) t# }1 f# i) j
) j4 M+ f+ i2 U0 ]) h8 b#【nginx】这个参数表示操作系统允许TIME_WAIT套接字数量的最大值,如果超过这个数字,TIME_WAIT套接字将立刻被清除并打印警告信息。该参数默认为180 000,过多的TIME_WAIT套接字会使Web服务器变慢。wd=10000
4 i. R: c @' V+ u& S, P' Hnet.ipv4.tcp_max_tw_buckets = 262144
- U" M: ^! x0 Q; {3 s" n) \/ P9 D' S3 M( h9 P; {
net.ipv4.ip_dynaddr = 0
" O8 S; f2 c1 i/ ?& _0 v( d0 G9 o; l. g
#【nginx】这个参数表示当keepalive启用时,TCP发送keepalive消息的频度。默认是2小时,若将其设置得小一些,可以更快地清理无效的连接。单位:秒 默认值:2小时。wd=300. E8 _1 l/ W6 K' s. v! y
net.ipv4.tcp_keepalive_time = 7200
6 l* U+ s. [' c( s8 _: E8 T* {. U8 S! r5 E% i
net.ipv4.tcp_keepalive_probes = 9+ n N' e' E% B* g- e4 f( l
net.ipv4.tcp_keepalive_intvl = 75* p( r- W6 C5 J1 P: a0 c7 D0 n, L f
net.ipv4.tcp_retries1 = 3; s t0 V G/ r
net.ipv4.tcp_retries2 = 15
% @9 l2 [7 ~8 \ `; ~
: f+ S+ b; T& l# C#【nginx】这个参数表示当服务器主动关闭连接时,socket保持在FIN-WAIT-2状态的最大时间,单位:秒 wd=30
! I3 t; f S2 F+ Z% U5 j5 L#参考:tcp参数详解之tcp_fin_timeout7 g2 x& y7 \# I6 {
net.ipv4.tcp_fin_timeout = 60
, _. w, D3 R1 c0 ?% V; ^# n8 V6 `% A. p
#【nginx】参数与性能无关,用于解决TCP的SYN攻击。 wd= 1
. m3 S5 l9 n+ W. rnet.ipv4.tcp_syncookies = 1
+ v. V# g T" K# ?6 M/ p
9 H9 b/ o% ]1 T1 E. G. K- l/ Enet.ipv4.tcp_tw_recycle = 0
0 U0 q* ?6 W% s/ ]net.ipv4.tcp_abort_on_overflow = 03 b2 k0 V! n! ~) I( I
net.ipv4.tcp_stdurg = 0! V" a3 v+ v3 @, S2 T7 ^
net.ipv4.tcp_rfc1337 = 02 f/ v! L% R4 W
0 U) p: ~; m7 z" J4 t# f#【nginx】这个参数表示TCP三次握手建立阶段接收SYN请求队列的最大长度,默认为1024,将其设置得大一些可以使出现Nginx繁忙来不及accept新连接的情况时,Linux不至于丢失客户端发起的连接请求,wd=2048
G- ~9 `( M. x2 x) ]: _; V! \net.ipv4.tcp_max_syn_backlog = 2048
" s5 p" h7 Y( h9 g
1 C2 g! y% j* [ 0 m0 ?; t+ B; A1 S: i8 d0 a6 A4 ~6 q2 b
: l7 r/ o. Z5 r7 C# W. F7 ~#【nginx】这个参数定义了在UDP和TCP连接中本地(不包括连接的远端)端口的取值范围。wd = 10240 65535
" U1 j7 D% R+ U4 ^net.ipv4.ip_local_port_range = 32768 61000' T& @* Q" p A
4 ` W" h/ _- R, R1 V' S
net.ipv4.ip_local_reserved_ports =
, Q. z; b7 y5 d0 I4 Wnet.ipv4.igmp_max_memberships = 204 ~8 z8 S) ]5 s6 Y8 M
net.ipv4.igmp_max_msf = 10& ~; f5 Q/ t1 i7 U
net.ipv4.inet_peer_threshold = 65664
, V6 h5 t8 G2 X5 rnet.ipv4.inet_peer_minttl = 120
3 v, S0 L2 L' @1 c7 xnet.ipv4.inet_peer_maxttl = 600
& p8 W2 N. p3 {; x6 Gnet.ipv4.inet_peer_gc_mintime = 10- K3 ]/ P* H% Y9 t$ i/ Y' m
net.ipv4.inet_peer_gc_maxtime = 120+ W" ~$ l9 j3 p C; x7 o
net.ipv4.tcp_orphan_retries = 0) `- E. Z" @7 U K3 {6 [' a
net.ipv4.tcp_fack = 1$ ~4 x9 M; P; S: t3 O& g" n
net.ipv4.tcp_reordering = 3
- G* X2 g# Y ?4 r, H. w$ P, }% Nnet.ipv4.tcp_ecn = 2# n( G0 W1 c! x% M5 F
net.ipv4.tcp_dsack = 1 ^. [* c+ V% ]/ g- v$ X
net.ipv4.tcp_mem = 364224 485632 728448
* b N) G9 f/ s" |
1 k/ j* f1 a2 x) |% A#【nginx】这个参数定义了TCP发送缓存(用于TCP发送滑动窗口)的最小值、默认值、最大值。wd=4096 87380 4194304
$ I6 H* J' b9 @/ g9 _9 ~, x3 j9 snet.ipv4.tcp_wmem = 4096 16384 4194304) v1 _4 E3 Q4 ]9 X; ]# y
5 w4 B; s7 H( c- V. k* j+ k
#【nginx】这个参数定义了TCP接收缓存(用于TCP接收滑动窗口)的最小值、默认值、最大值。wd=4096 87380 4194304' q( p0 F& h1 b* e/ \+ N
net.ipv4.tcp_rmem = 4096 87380 4194304' A) C7 h$ L8 W1 S3 M$ B8 b5 N
h7 R; O' C% g
net.ipv4.tcp_app_win = 31' n1 o& \6 U9 a+ p1 s$ K6 x
net.ipv4.tcp_adv_win_scale = 2
4 v" X+ C6 T. W4 ?! l: u8 E4 z; ]9 v: o# ]; j9 r
#【nginx】tw是time wait的简称,表示允许将time-wait状态的socket重新用于新的tcp连接,这对于服务器来说很有意义,因为服务器上总会有大量的time-wait状态的连接。wd=15 H+ u$ V7 A; k+ W
net.ipv4.tcp_tw_reuse = 04 w6 ?( Z/ t6 l+ }0 S
& a" j1 i6 b6 {1 j/ F9 T# X
net.ipv4.tcp_frto = 2
( s* p9 G8 V) M: [2 Y* Nnet.ipv4.tcp_frto_response = 0
# u8 _/ ]& q; |4 Q4 |6 U* ]& vnet.ipv4.tcp_low_latency = 0. f* i: ^$ S8 Z8 M, x% f1 z
net.ipv4.tcp_no_metrics_save = 0' I1 i% R# I9 F) T! J
net.ipv4.tcp_moderate_rcvbuf = 1
, v! j/ C; m% x1 K5 E$ T; A1 Tnet.ipv4.tcp_tso_win_divisor = 3; V9 b0 {# P0 ]) p: i% A; ~
net.ipv4.tcp_congestion_control = cubic
9 g; Y2 ?0 Q3 D+ U1 r# dnet.ipv4.tcp_abc = 0
% p( E. X7 |; E7 L; znet.ipv4.tcp_mtu_probing = 0
/ F i1 y0 o& X" F6 i' @6 z, o8 _net.ipv4.tcp_base_mss = 512
3 h2 h' G& e4 K0 h$ ~1 snet.ipv4.tcp_workaround_signed_windows = 0" U0 S& ~ f d/ [* x4 R0 U0 l
net.ipv4.tcp_challenge_ack_limit = 100+ v3 ?' Z2 d. B9 K% P9 X
net.ipv4.tcp_limit_output_bytes = 131072; T# G9 y' }- C+ J
net.ipv4.tcp_dma_copybreak = 40968 _" X( C/ G: {
net.ipv4.tcp_slow_start_after_idle = 1" Z( d5 c4 W0 ?5 ^ {; ]9 E
net.ipv4.cipso_cache_enable = 1
% _ S5 j; ]0 g/ Hnet.ipv4.cipso_cache_bucket_size = 10
^$ G. W7 D# x6 F& wnet.ipv4.cipso_rbm_optfmt = 0! k' p% X+ K. o s; ~" O
net.ipv4.cipso_rbm_strictvalid = 1* S/ X& d( E+ E* p
net.ipv4.tcp_available_congestion_control = cubic reno# y5 A( q$ N2 T# r$ q
net.ipv4.tcp_allowed_congestion_control = cubic reno4 w( _! p7 D% i' Y: S. w: H
net.ipv4.tcp_max_ssthresh = 0. q5 N+ P% B5 W8 \& H
net.ipv4.tcp_thin_linear_timeouts = 0. S' p& k* A6 a9 `3 z
net.ipv4.tcp_thin_dupack = 04 \* T& a" ]3 w" [
net.ipv4.tcp_min_tso_segs = 2
$ h$ ?! [/ n. ~6 q; S: Nnet.ipv4.udp_mem = 364224 485632 728448
3 K% A7 e) w# {) ]% b6 r2 Jnet.ipv4.udp_rmem_min = 4096
9 D/ O. n- h1 B/ knet.ipv4.udp_wmem_min = 4096& F; a& i# X) k) X2 i
net.ipv4.conf.all.forwarding = 0
$ k! i8 b) ]9 J, e1 G2 dnet.ipv4.conf.all.mc_forwarding = 0* y* [* e% g4 \6 J5 i* G
net.ipv4.conf.all.accept_redirects = 1
* J0 q4 [' M; B3 `& Mnet.ipv4.conf.all.secure_redirects = 1. m! [8 ?5 J- y7 `: S% J. N
net.ipv4.conf.all.shared_media = 1
" }% \" `3 x% u& {6 p8 f0 f$ wnet.ipv4.conf.all.rp_filter = 0
# z1 O2 `% h }$ {& f7 n: D3 y% enet.ipv4.conf.all.send_redirects = 1! T- n! ^" `- \& S1 I- W' D' y
net.ipv4.conf.all.accept_source_route = 05 S) S; H V0 V9 \! n2 X) R
net.ipv4.conf.all.src_valid_mark = 0: m1 n4 D1 y n! C; z0 R n3 ?7 p
net.ipv4.conf.all.proxy_arp = 0
6 t, R, m' V* rnet.ipv4.conf.all.medium_id = 0
& b' v4 ~* U9 Q0 G2 gnet.ipv4.conf.all.bootp_relay = 0; {8 G' U/ U! r* ~7 @
net.ipv4.conf.all.log_martians = 0
g1 F& g1 h4 ]0 F7 C: s' Fnet.ipv4.conf.all.tag = 0
9 P: i" f5 h. T2 j( y( B. Vnet.ipv4.conf.all.arp_filter = 06 R$ `/ }% g9 y$ K
net.ipv4.conf.all.arp_announce = 0# k/ y/ O9 m! e9 G# W( g$ K* I" Y; h% j
net.ipv4.conf.all.arp_ignore = 0, r+ a& V" k* {: `
net.ipv4.conf.all.arp_accept = 0
$ I' w; n8 r5 g8 J4 P* y9 Fnet.ipv4.conf.all.arp_notify = 0
& l/ l4 i. a, j7 a4 a$ _* U! Nnet.ipv4.conf.all.proxy_arp_pvlan = 03 I& V' m. ?3 f" X9 {% K
net.ipv4.conf.all.disable_xfrm = 0' [4 s' a! A- s1 b8 @0 T
net.ipv4.conf.all.disable_policy = 08 B' ?5 u" {! c+ v6 H4 s3 }4 W
net.ipv4.conf.all.force_igmp_version = 03 O! ^4 S, E7 m4 K7 n: A
net.ipv4.conf.all.promote_secondaries = 0
$ t* n+ @* ~% l. X& e: Unet.ipv4.conf.all.accept_local = 06 e; g" i! g8 A; R
net.ipv4.conf.all.route_localnet = 0
( D9 w% M9 ^1 {net.ipv4.conf.default.forwarding = 0
# M5 p7 Z; T! `net.ipv4.conf.default.mc_forwarding = 0
$ H2 M) B1 b- L" U2 y* N/ Ynet.ipv4.conf.default.accept_redirects = 1
5 @( p# X# M# I0 J0 {; Bnet.ipv4.conf.default.secure_redirects = 1
* b \* E$ ?& ~$ @$ B" l; t3 Xnet.ipv4.conf.default.shared_media = 19 H# {+ q8 E3 I. K* u- Q
net.ipv4.conf.default.rp_filter = 1+ G# G4 p8 q2 {; n0 G
net.ipv4.conf.default.send_redirects = 1
5 g; J1 N4 ?, rnet.ipv4.conf.default.accept_source_route = 0; x) N/ r2 @1 r0 E3 K
net.ipv4.conf.default.src_valid_mark = 0
7 B( _$ n, U6 B* S) dnet.ipv4.conf.default.proxy_arp = 0
1 |* d x$ c9 S! `net.ipv4.conf.default.medium_id = 0
* ?% d' }% |3 F1 d% c' enet.ipv4.conf.default.bootp_relay = 0' d- [0 L2 O2 M0 N! d
net.ipv4.conf.default.log_martians = 0+ _6 u3 S& p/ R7 V% s
net.ipv4.conf.default.tag = 0
/ }3 C8 J) W# T3 E) znet.ipv4.conf.default.arp_filter = 0
8 N2 O2 ?0 x& ?5 Inet.ipv4.conf.default.arp_announce = 0
8 a7 v/ o. u/ N0 _, G! H% nnet.ipv4.conf.default.arp_ignore = 0
! S5 l/ L) F) N8 V5 U Lnet.ipv4.conf.default.arp_accept = 0# B9 e/ @7 C9 ~$ J0 ~1 ^
net.ipv4.conf.default.arp_notify = 0) n& i) {+ I2 P0 O$ P' D
net.ipv4.conf.default.proxy_arp_pvlan = 0
2 `% e" |9 l3 rnet.ipv4.conf.default.disable_xfrm = 0
0 y* d! g Y9 p7 w! _net.ipv4.conf.default.disable_policy = 0
+ O& ]8 `- s% i2 l0 Qnet.ipv4.conf.default.force_igmp_version = 0
7 |9 S3 c `/ N' pnet.ipv4.conf.default.promote_secondaries = 0
4 c F' c4 m/ f5 z% Wnet.ipv4.conf.default.accept_local = 09 Z$ d3 @% w, l
net.ipv4.conf.default.route_localnet = 0 C, [0 H- g' i' ^9 R
net.ipv4.conf.lo.forwarding = 0+ I) [; y* y& b9 q1 M2 S7 h
net.ipv4.conf.lo.mc_forwarding = 0
; H9 R& q k: b3 {net.ipv4.conf.lo.accept_redirects = 1$ i4 C2 g" ]; ~0 p. ?$ b1 R
net.ipv4.conf.lo.secure_redirects = 13 ?9 k* S2 a# n& s
net.ipv4.conf.lo.shared_media = 1- E6 q4 K' e3 g' l8 e+ B; Q: g
net.ipv4.conf.lo.rp_filter = 1# I8 ?( ~' z$ O* p
net.ipv4.conf.lo.send_redirects = 16 e0 b: {! N3 H' D" k
net.ipv4.conf.lo.accept_source_route = 03 {0 k3 n8 n9 g
net.ipv4.conf.lo.src_valid_mark = 0
4 M! }# C' v+ [" Xnet.ipv4.conf.lo.proxy_arp = 0
2 T& R+ f/ _1 [1 Bnet.ipv4.conf.lo.medium_id = 0
4 R1 c3 f8 @0 f; M% i6 hnet.ipv4.conf.lo.bootp_relay = 0 p& v- Q* r) |1 o, u0 a# i
net.ipv4.conf.lo.log_martians = 0
1 q% J; W& G0 K, @* dnet.ipv4.conf.lo.tag = 0: g! H2 O: |1 B) q7 {7 d# y/ ^
net.ipv4.conf.lo.arp_filter = 0
! w) l, S7 {% I/ f$ H- {net.ipv4.conf.lo.arp_announce = 0& D) v% c- j$ Q5 v
net.ipv4.conf.lo.arp_ignore = 0; z# V5 b+ j* F
net.ipv4.conf.lo.arp_accept = 01 `' z% ?4 g- c0 P$ m9 l
net.ipv4.conf.lo.arp_notify = 0
4 n+ C. B. W+ Z5 n& Onet.ipv4.conf.lo.proxy_arp_pvlan = 0
# U, M! b" M( Z, T) E. X) Xnet.ipv4.conf.lo.disable_xfrm = 1
9 g0 Q0 H D5 K' O4 S+ W' `net.ipv4.conf.lo.disable_policy = 1
2 x' s) H# s; ?* N$ {net.ipv4.conf.lo.force_igmp_version = 0
7 J0 r+ b4 }% g: d, P$ cnet.ipv4.conf.lo.promote_secondaries = 0
& U* [. J; W8 j$ F1 p1 xnet.ipv4.conf.lo.accept_local = 0
: I5 o& }9 d& t: [4 |net.ipv4.conf.lo.route_localnet = 0
5 ?1 v' Q/ D7 p* p$ P" k. K$ R* rnet.ipv4.conf.eth0.forwarding = 0. t* u7 { v0 ~* M2 I
net.ipv4.conf.eth0.mc_forwarding = 0
' K7 r3 x! e6 j1 Tnet.ipv4.conf.eth0.accept_redirects = 12 M8 _+ U, y5 y3 Q# ^ w
net.ipv4.conf.eth0.secure_redirects = 1 x( v& g, `( H1 d
net.ipv4.conf.eth0.shared_media = 1
0 v9 X$ m) L! k! q' ~8 k: ?" Xnet.ipv4.conf.eth0.rp_filter = 1; e6 S) |& B& S3 T1 u+ p+ w! J5 Y
net.ipv4.conf.eth0.send_redirects = 1
. S) `: L- m# ^net.ipv4.conf.eth0.accept_source_route = 0
3 v* p+ t1 |" q Knet.ipv4.conf.eth0.src_valid_mark = 0 f0 N* v6 E( c* `4 S* e( Z
net.ipv4.conf.eth0.proxy_arp = 0
2 F$ V3 d: @" l4 p. u. Inet.ipv4.conf.eth0.medium_id = 0# ?4 Y4 [$ A* O1 ?
net.ipv4.conf.eth0.bootp_relay = 0
# M4 b3 G7 k& d& K& i/ Z4 b% Bnet.ipv4.conf.eth0.log_martians = 0
' M f- J6 w. g; z4 G0 `. a5 Lnet.ipv4.conf.eth0.tag = 09 b+ i# ` _8 G) d" L/ G% H/ ]
net.ipv4.conf.eth0.arp_filter = 06 R! A# D R. z
net.ipv4.conf.eth0.arp_announce = 0
8 r3 g7 L$ n$ X$ ]* Vnet.ipv4.conf.eth0.arp_ignore = 0
' h& t Y0 o; W4 a0 enet.ipv4.conf.eth0.arp_accept = 0
3 R* z; B+ U+ r5 g: fnet.ipv4.conf.eth0.arp_notify = 0
* h- P: ~! G' inet.ipv4.conf.eth0.proxy_arp_pvlan = 07 A! }( {% p5 [9 a! h- I
net.ipv4.conf.eth0.disable_xfrm = 0
# E5 K( C4 L2 G+ Cnet.ipv4.conf.eth0.disable_policy = 0
' S( E6 V4 r3 K! }! J+ z/ gnet.ipv4.conf.eth0.force_igmp_version = 0$ |) }! [0 a8 t! A; }+ L9 ^
net.ipv4.conf.eth0.promote_secondaries = 0* Q) \7 |: j0 S/ C# s9 [
net.ipv4.conf.eth0.accept_local = 0( g8 k& d; r$ W* U: E0 }
net.ipv4.conf.eth0.route_localnet = 0$ U8 `$ N- W/ L5 v: I2 Q
net.ipv4.conf.pan0.forwarding = 02 e* a" w9 M& r) X7 l
net.ipv4.conf.pan0.mc_forwarding = 07 P, {) v7 s6 i( j" d& k! M
net.ipv4.conf.pan0.accept_redirects = 1
8 N$ Y$ L* R, N! r+ q5 `net.ipv4.conf.pan0.secure_redirects = 1. }0 x) q) D/ m! b7 w6 Z- K8 U
net.ipv4.conf.pan0.shared_media = 1
# |) \8 I! o" C; b. x9 V8 ~6 P) }net.ipv4.conf.pan0.rp_filter = 1
/ X# u& J; a2 x' `4 h `0 Hnet.ipv4.conf.pan0.send_redirects = 1
]: W Y& y5 [$ a6 Unet.ipv4.conf.pan0.accept_source_route = 0. s3 L" `# U" W8 t; k# L; s
net.ipv4.conf.pan0.src_valid_mark = 0
8 \! D8 u8 r& Q7 m. D" H8 [9 ^net.ipv4.conf.pan0.proxy_arp = 0
4 ~/ T4 o2 ]# y$ j$ dnet.ipv4.conf.pan0.medium_id = 0
; p1 w& x* @! v5 [net.ipv4.conf.pan0.bootp_relay = 0( [; L! J& S+ r+ _
net.ipv4.conf.pan0.log_martians = 0& M$ }+ Y5 e4 l7 P
net.ipv4.conf.pan0.tag = 0; n& h. h1 ]) i+ {2 u6 Z6 m
net.ipv4.conf.pan0.arp_filter = 0( ~. J& F+ h& k* v. G' i5 x
net.ipv4.conf.pan0.arp_announce = 0
: R9 O+ d+ h1 d3 s! L \net.ipv4.conf.pan0.arp_ignore = 0
+ o$ p) @6 b6 Knet.ipv4.conf.pan0.arp_accept = 0) a+ \' V$ N% G1 f7 B+ m
net.ipv4.conf.pan0.arp_notify = 0
f% `' @) ?7 ~) \$ f; I# O; S: tnet.ipv4.conf.pan0.proxy_arp_pvlan = 0
8 f1 h5 J# ^* s+ ~( mnet.ipv4.conf.pan0.disable_xfrm = 0
7 v& E% W9 L# [net.ipv4.conf.pan0.disable_policy = 0
+ O$ r4 Q, n. ?& g1 Ynet.ipv4.conf.pan0.force_igmp_version = 0
3 X* N6 e3 I5 l3 M7 Inet.ipv4.conf.pan0.promote_secondaries = 0
4 `* Q6 \/ c: e7 Y. `net.ipv4.conf.pan0.accept_local = 03 b- k; @8 w8 V
net.ipv4.conf.pan0.route_localnet = 07 {: D% n: |- B4 W. a; ~
6 q. Q* [7 U9 E& q. j: a
#是否开启ip转发功能,设置为路由服务器,必需开启此项3 {$ t& `; K1 Q) ]0 Z
net.ipv4.ip_forward = 0
/ n* G5 m C5 k* g/ [' U( ^1 @net.ipv4.xfrm4_gc_thresh = 1048576
- r( r" E& j$ B# P. tnet.ipv4.ipfrag_high_thresh = 4194304) w; y) t1 X8 R9 o% ?
net.ipv4.ipfrag_low_thresh = 3145728
/ R3 m4 k7 x H: U# \net.ipv4.ipfrag_time = 30
X: Z" @8 h7 S6 M4 |8 z* znet.ipv4.icmp_echo_ignore_all = 03 T1 N# _, x* B& s2 V, y
net.ipv4.icmp_echo_ignore_broadcasts = 1
" A4 _2 ]# \) H: K/ w1 wnet.ipv4.icmp_ignore_bogus_error_responses = 1% F) r- t. G5 P9 t7 Z$ h: f
net.ipv4.icmp_errors_use_inbound_ifaddr = 0
; B* X% R# [; m. c, S* t& Hnet.ipv4.icmp_ratelimit = 1000
% `( B) G" ]" K fnet.ipv4.icmp_ratemask = 6168
' T+ n( j" H& A5 S! tnet.ipv4.rt_cache_rebuild_count = 4
* A( b4 k; [1 A$ G6 ^1 tnet.ipv4.ping_group_range = 1 06 C+ F2 h G* j
net.ipv4.ipfrag_secret_interval = 600# s- q' }1 n* D
net.ipv4.ipfrag_max_dist = 648 U/ w% r. d8 y3 n4 e( ^
net.ipv6.neigh.default.mcast_solicit = 3
9 ^% }1 o6 `8 K% y. W; X4 cnet.ipv6.neigh.default.ucast_solicit = 32 V- i$ Z; C5 o# r! Q: x( e
net.ipv6.neigh.default.app_solicit = 0/ H! ]5 ]; s4 q, Q: }
net.ipv6.neigh.default.delay_first_probe_time = 5# _5 F8 n) ?0 C. O6 {
net.ipv6.neigh.default.gc_stale_time = 60
3 U% h0 V/ |6 t% d3 wnet.ipv6.neigh.default.unres_qlen = 3* l: T! }; W6 Z( O
net.ipv6.neigh.default.proxy_qlen = 64
' Y' V! |2 {) H/ T# n, tnet.ipv6.neigh.default.anycast_delay = 99$ ` A( a4 V! P: ~- W8 j: x
net.ipv6.neigh.default.proxy_delay = 79
: {$ Q" q. d; [; bnet.ipv6.neigh.default.locktime = 04 Q' Q! K6 o% J" |% N2 b" v; @5 r
net.ipv6.neigh.default.retrans_time_ms = 10002 h" k3 U# h- l
net.ipv6.neigh.default.base_reachable_time_ms = 300005 r" g4 u4 w$ i/ Z/ t3 {' L
net.ipv6.neigh.default.gc_interval = 305 Z F& j. R. m3 ]6 h4 V
net.ipv6.neigh.default.gc_thresh1 = 128# N" h. B. Q7 r; @5 Q5 |* {
net.ipv6.neigh.default.gc_thresh2 = 512
' y5 j. O, x0 B0 d$ q4 Jnet.ipv6.neigh.default.gc_thresh3 = 1024
! A4 I6 l1 H0 h! r' z( Gnet.ipv6.neigh.lo.mcast_solicit = 3
5 b! E3 j9 @% P. H$ z: a# Anet.ipv6.neigh.lo.ucast_solicit = 3
2 y' U5 I2 v7 d" anet.ipv6.neigh.lo.app_solicit = 0" D( d" O2 j8 x6 a% ]
net.ipv6.neigh.lo.delay_first_probe_time = 5
) r" K- G4 q* j& H5 pnet.ipv6.neigh.lo.gc_stale_time = 604 u6 s2 R& W1 C
net.ipv6.neigh.lo.unres_qlen = 3
0 t& `, o: K# m- F# knet.ipv6.neigh.lo.proxy_qlen = 64
4 B2 u% d4 R9 ]% ]+ O: ?3 Gnet.ipv6.neigh.lo.anycast_delay = 99: H" O2 h8 ]$ ^$ d! v
net.ipv6.neigh.lo.proxy_delay = 79
9 O0 g9 {9 B. {4 L, b( l; d9 snet.ipv6.neigh.lo.locktime = 01 k) `5 _8 L. M9 u# C& \
net.ipv6.neigh.lo.retrans_time_ms = 1000
- T3 x) D6 Y2 @0 z0 ~4 a$ Z3 Gnet.ipv6.neigh.lo.base_reachable_time_ms = 30000! M* R5 [" @7 Q: \& u
net.ipv6.neigh.eth0.mcast_solicit = 3
0 W" s9 s" f( Z: Enet.ipv6.neigh.eth0.ucast_solicit = 3& A2 F% q( B% s2 P
net.ipv6.neigh.eth0.app_solicit = 0
6 N. y+ m4 h4 C, X$ D. ~net.ipv6.neigh.eth0.delay_first_probe_time = 5! d | z6 a: h$ j' P' _
net.ipv6.neigh.eth0.gc_stale_time = 60
9 V9 H6 v+ \# Nnet.ipv6.neigh.eth0.unres_qlen = 3
& ]1 m! }6 L" \0 q) F% Enet.ipv6.neigh.eth0.proxy_qlen = 64
8 J3 o8 u/ Y- u7 @9 [8 Xnet.ipv6.neigh.eth0.anycast_delay = 99
' q9 l( B7 n, l. R0 ~* I. b9 |7 jnet.ipv6.neigh.eth0.proxy_delay = 79
+ s X4 B% @% Pnet.ipv6.neigh.eth0.locktime = 0
4 g1 B- j$ @. g4 o" y& Rnet.ipv6.neigh.eth0.retrans_time_ms = 1000% l# L C$ K# V3 d1 o
net.ipv6.neigh.eth0.base_reachable_time_ms = 30000
- Y. F8 @( d) ]$ A* E* o: `net.ipv6.neigh.pan0.mcast_solicit = 3$ Q5 v; n) Y& J6 J6 S: r" }
net.ipv6.neigh.pan0.ucast_solicit = 3
" S. C! x9 H+ q: X `. ^( \+ Hnet.ipv6.neigh.pan0.app_solicit = 06 a: Z! c3 B6 j* @, C# k4 `7 m
net.ipv6.neigh.pan0.delay_first_probe_time = 5
" I6 e4 H+ w% i$ Inet.ipv6.neigh.pan0.gc_stale_time = 60
7 }* ]: O( ?% X; N" |2 S( K! Dnet.ipv6.neigh.pan0.unres_qlen = 3* P( c# N# Q* E9 o7 c) R( C- @
net.ipv6.neigh.pan0.proxy_qlen = 64
. ?; f' Z3 a3 _* |, Enet.ipv6.neigh.pan0.anycast_delay = 99
2 H8 `* [% ^- Znet.ipv6.neigh.pan0.proxy_delay = 793 D- Z3 s9 T' M5 Z- U3 K7 @
net.ipv6.neigh.pan0.locktime = 0& l2 }# f$ c% ~& J4 Q6 n0 t0 N
net.ipv6.neigh.pan0.retrans_time_ms = 1000
3 D* }8 e3 @! E3 Dnet.ipv6.neigh.pan0.base_reachable_time_ms = 30000) G! r5 D0 U. l! t N/ H
net.ipv6.xfrm6_gc_thresh = 20487 b& U$ w1 c5 |
net.ipv6.conf.all.forwarding = 09 q' \+ C" i; L5 M& M
net.ipv6.conf.all.hop_limit = 64
7 T% g6 F f( \1 u& T1 v S$ {: Knet.ipv6.conf.all.mtu = 1280! M) b( r" k. t* g/ e& i
net.ipv6.conf.all.accept_ra = 1
9 k4 |3 l( L* o0 W+ R! ~6 Znet.ipv6.conf.all.accept_redirects = 1
7 K6 Y0 w. e2 U W) P* N! Onet.ipv6.conf.all.autoconf = 1$ c2 X4 ?% z4 D7 Q" r
net.ipv6.conf.all.dad_transmits = 1( t0 W \' [' Q' l, `
net.ipv6.conf.all.router_solicitations = 3) d K3 s/ C" p+ ~- ]- M* e# [
net.ipv6.conf.all.router_solicitation_interval = 4
1 n( G$ W- d$ q' ^) A" X( F/ Inet.ipv6.conf.all.router_solicitation_delay = 1
. J/ E, A2 @6 p/ K3 ^net.ipv6.conf.all.force_mld_version = 0
# Q2 P* x# ^$ N2 C3 H H5 j) {6 Bnet.ipv6.conf.all.use_tempaddr = 0' A& F. j/ n1 c, x/ ~2 {! i8 {
net.ipv6.conf.all.temp_valid_lft = 604800
0 I: n7 ~2 R3 Tnet.ipv6.conf.all.temp_prefered_lft = 86400
0 }* z9 \! R# x& Onet.ipv6.conf.all.regen_max_retry = 5
( J9 `& ?6 K* q6 Q" x- Bnet.ipv6.conf.all.max_desync_factor = 600
, v7 ~( P$ t! }, d9 u) Ynet.ipv6.conf.all.max_addresses = 16/ @5 G, j3 `5 b/ U& Z
net.ipv6.conf.all.accept_ra_defrtr = 1% e+ {2 L& M* z0 a- t( q
net.ipv6.conf.all.accept_ra_pinfo = 1
( j& V [$ \) t$ Inet.ipv6.conf.all.accept_ra_rtr_pref = 1
; K' x# G. c& u. J+ _7 `+ C: Jnet.ipv6.conf.all.router_probe_interval = 60
; I$ t6 T7 s8 A+ m( B' y, p& [net.ipv6.conf.all.accept_ra_rt_info_max_plen = 0( S& U' x% H3 q" |% F
net.ipv6.conf.all.proxy_ndp = 03 e+ U9 }* c6 U9 z* ?
net.ipv6.conf.all.accept_source_route = 0
# |( H4 s$ O0 \- `9 ^net.ipv6.conf.all.optimistic_dad = 0) r, x" O& b5 I. x& q2 b7 U7 h$ l# j
net.ipv6.conf.all.mc_forwarding = 0 k8 j+ k, w: q) F4 ]) z( r
net.ipv6.conf.all.disable_ipv6 = 0
0 C1 J8 q4 W4 b% P8 Lnet.ipv6.conf.all.accept_dad = 1
" r% X9 N& n! A5 O) i/ `! c0 Gnet.ipv6.conf.default.forwarding = 0* z9 P8 O: |0 Y/ }% P+ x
net.ipv6.conf.default.hop_limit = 64
% _' e% X' l& V2 U4 Xnet.ipv6.conf.default.mtu = 1280
% {2 L, D! z1 l7 Pnet.ipv6.conf.default.accept_ra = 15 M$ b' a0 y& M8 u" s
net.ipv6.conf.default.accept_redirects = 1" X! d6 u" t+ E. z1 v) H! V2 [9 P
net.ipv6.conf.default.autoconf = 1. {4 B6 U5 D- M' O) q
net.ipv6.conf.default.dad_transmits = 1# b: T/ q; k- k2 b% `( h" c' x
net.ipv6.conf.default.router_solicitations = 30 u! F9 F6 c3 a8 ]! l C
net.ipv6.conf.default.router_solicitation_interval = 4
/ w4 K9 z' `2 l3 g" [5 ~" _3 Cnet.ipv6.conf.default.router_solicitation_delay = 12 s' J' `% u5 s( O
net.ipv6.conf.default.force_mld_version = 0
1 ~. f# B6 n. v& e) @: l M' X1 Pnet.ipv6.conf.default.use_tempaddr = 0: f6 i" ` u. y# v
net.ipv6.conf.default.temp_valid_lft = 604800% F% K, Y' n0 R, z
net.ipv6.conf.default.temp_prefered_lft = 86400
' R: P0 x3 C, \: @6 Tnet.ipv6.conf.default.regen_max_retry = 55 ^+ n- l) P u! J
net.ipv6.conf.default.max_desync_factor = 600
. D3 f8 s. ?5 n2 snet.ipv6.conf.default.max_addresses = 16. L: ?" N8 a$ Z
net.ipv6.conf.default.accept_ra_defrtr = 1
: |2 u0 c8 l) e* y3 b3 W% Q1 Lnet.ipv6.conf.default.accept_ra_pinfo = 1
j( F/ N' Z7 Rnet.ipv6.conf.default.accept_ra_rtr_pref = 1
) ^& J( E3 _ @7 S$ pnet.ipv6.conf.default.router_probe_interval = 60
0 p6 |2 v3 h9 T4 ynet.ipv6.conf.default.accept_ra_rt_info_max_plen = 0* n# ~& `3 i( K1 f, z5 P) c+ ?
net.ipv6.conf.default.proxy_ndp = 0
: G5 ^! L$ N- Y8 V( n5 X' }net.ipv6.conf.default.accept_source_route = 0
2 K# P- O/ m, i8 j- Bnet.ipv6.conf.default.optimistic_dad = 0
, [& a' N1 j, r8 \net.ipv6.conf.default.mc_forwarding = 0* u# D% y% e' T+ h: c. q9 F4 a. X
net.ipv6.conf.default.disable_ipv6 = 0
0 O! N6 `5 c0 l) t# P6 [1 T% c; cnet.ipv6.conf.default.accept_dad = 18 i: S( s4 s; e& `7 `$ X: U$ l+ E
net.ipv6.conf.lo.forwarding = 0# t: R3 T# G9 w8 t; W2 Y
net.ipv6.conf.lo.hop_limit = 64; p9 ~/ A, \$ b' l1 Z3 S
net.ipv6.conf.lo.mtu = 65536
" G3 D9 ?% a& f) w% ?$ g. Enet.ipv6.conf.lo.accept_ra = 1$ T' w, N) L$ B! a; v: y, x% N& Z
net.ipv6.conf.lo.accept_redirects = 1
1 {1 s) m& `# @( t* ]net.ipv6.conf.lo.autoconf = 1
5 e4 p% X' I- C% _# M/ jnet.ipv6.conf.lo.dad_transmits = 1
9 i2 E9 V' t) p/ Nnet.ipv6.conf.lo.router_solicitations = 3& u& c! Y4 J$ H
net.ipv6.conf.lo.router_solicitation_interval = 4
4 @2 g" k, u% p: [7 lnet.ipv6.conf.lo.router_solicitation_delay = 1
6 z% D' h' B% R, g- y: R, P/ b! ~. Bnet.ipv6.conf.lo.force_mld_version = 0
- A5 S) b# r6 Qnet.ipv6.conf.lo.use_tempaddr = -1' i6 |( G3 x# D2 C' j8 J
net.ipv6.conf.lo.temp_valid_lft = 604800
' j( m1 l6 f% m- x4 r' ?net.ipv6.conf.lo.temp_prefered_lft = 86400( S" e u6 l2 s. M
net.ipv6.conf.lo.regen_max_retry = 5
& X3 B9 J# K% A* z# Hnet.ipv6.conf.lo.max_desync_factor = 600
! n* x# m1 U8 ?, Xnet.ipv6.conf.lo.max_addresses = 160 @) F- e" v4 m2 h" _: N* }
net.ipv6.conf.lo.accept_ra_defrtr = 1
$ m) X# M2 E8 t4 _1 B1 Xnet.ipv6.conf.lo.accept_ra_pinfo = 1
% B! [7 c& ?+ s6 B. Hnet.ipv6.conf.lo.accept_ra_rtr_pref = 1
4 P* r/ p, H; cnet.ipv6.conf.lo.router_probe_interval = 609 R$ F7 F- O' d
net.ipv6.conf.lo.accept_ra_rt_info_max_plen = 0$ ~# Q; P" n! C5 I2 H+ \2 I+ N' I
net.ipv6.conf.lo.proxy_ndp = 0
' h9 |, [: g! g0 w8 unet.ipv6.conf.lo.accept_source_route = 0
6 @. Q2 a1 X1 M$ x. dnet.ipv6.conf.lo.optimistic_dad = 0" V6 e7 z# k- [2 b( z
net.ipv6.conf.lo.mc_forwarding = 0 p9 C2 R0 A# o
net.ipv6.conf.lo.disable_ipv6 = 01 k% }0 e* C: o
net.ipv6.conf.lo.accept_dad = -1
& u5 z9 O1 E! I4 u3 enet.ipv6.conf.eth0.forwarding = 09 E2 v* ~. e, r& I2 V) F w. g
net.ipv6.conf.eth0.hop_limit = 649 _( ^4 o* L" W, G
net.ipv6.conf.eth0.mtu = 15003 w0 k% e% ~' ?2 _0 h1 a1 z
net.ipv6.conf.eth0.accept_ra = 10 ]6 r# ^* V* \0 \* e
net.ipv6.conf.eth0.accept_redirects = 1 Z$ G! y% v2 I/ _2 O
net.ipv6.conf.eth0.autoconf = 1" g1 @: p6 E, d8 v( `
net.ipv6.conf.eth0.dad_transmits = 1
+ S6 B5 [) h7 h" H- @ u7 ]net.ipv6.conf.eth0.router_solicitations = 3
9 z# B0 D" E* x& G& D9 _4 dnet.ipv6.conf.eth0.router_solicitation_interval = 4( M0 |2 ~. O' H
net.ipv6.conf.eth0.router_solicitation_delay = 18 Y1 R' R" A S0 c }
net.ipv6.conf.eth0.force_mld_version = 0; S2 F. ~; y1 V, M3 ~# U* {
net.ipv6.conf.eth0.use_tempaddr = 0
3 L5 h4 A: b0 n0 u5 C. y0 h8 Pnet.ipv6.conf.eth0.temp_valid_lft = 6048005 H* ?" \6 U* `
net.ipv6.conf.eth0.temp_prefered_lft = 86400
# R) t7 P6 I* ?5 cnet.ipv6.conf.eth0.regen_max_retry = 5; d) C& S) y/ M$ H$ C# w* z
net.ipv6.conf.eth0.max_desync_factor = 600
- W/ c `" d& I- E1 t& anet.ipv6.conf.eth0.max_addresses = 16
4 H2 ], J3 C5 ^* Z$ u3 ?7 o& knet.ipv6.conf.eth0.accept_ra_defrtr = 16 ~; ~; I5 G5 R0 ~, d j
net.ipv6.conf.eth0.accept_ra_pinfo = 1
9 b7 t: w: L1 _2 P# a. |% N' Cnet.ipv6.conf.eth0.accept_ra_rtr_pref = 1" V2 _. [0 t+ Y0 I$ X' }' a
net.ipv6.conf.eth0.router_probe_interval = 60$ O6 J5 n Y% ~# R' z6 g
net.ipv6.conf.eth0.accept_ra_rt_info_max_plen = 00 `# V0 _6 E3 p
net.ipv6.conf.eth0.proxy_ndp = 0
( H& V# x% a" Q, X: y2 wnet.ipv6.conf.eth0.accept_source_route = 0( p# Z! I$ E, A
net.ipv6.conf.eth0.optimistic_dad = 0! W5 Z4 T3 {* \* Q+ f& S
net.ipv6.conf.eth0.mc_forwarding = 0
. ?% P$ L6 o( h) |net.ipv6.conf.eth0.disable_ipv6 = 09 |( E, `1 _1 T3 J" b
net.ipv6.conf.eth0.accept_dad = 1; V( \. {0 J; W9 K" L. c" X8 F
net.ipv6.conf.pan0.forwarding = 0
) [/ q3 }8 B! u( e6 @5 bnet.ipv6.conf.pan0.hop_limit = 649 f1 j! A9 c1 u
net.ipv6.conf.pan0.mtu = 1500& J1 u+ I- S' U" r! q, r
net.ipv6.conf.pan0.accept_ra = 1
$ e1 k: [' s3 }( xnet.ipv6.conf.pan0.accept_redirects = 12 n- S; v" B7 @7 [( b
net.ipv6.conf.pan0.autoconf = 1
& H0 H) V- W; e+ K: ?net.ipv6.conf.pan0.dad_transmits = 1, ]- m; V0 U& O8 o7 p! s7 U& w, t
net.ipv6.conf.pan0.router_solicitations = 3; b Y5 d! t# J% ?8 C
net.ipv6.conf.pan0.router_solicitation_interval = 4
) J7 i1 g4 B* }9 |" |net.ipv6.conf.pan0.router_solicitation_delay = 1
7 Y- K E% m$ M9 J! i2 L/ h" [% o) rnet.ipv6.conf.pan0.force_mld_version = 09 _, V4 Z) N) [$ ]
net.ipv6.conf.pan0.use_tempaddr = 0
3 K9 {; q5 o3 ?7 wnet.ipv6.conf.pan0.temp_valid_lft = 604800
" |1 h* ~$ I5 L5 M) c0 V, b' qnet.ipv6.conf.pan0.temp_prefered_lft = 86400
) F# E7 y1 _* l" V x' vnet.ipv6.conf.pan0.regen_max_retry = 5+ a7 y' X5 j" s a3 w3 G* K
net.ipv6.conf.pan0.max_desync_factor = 600& N: ]/ V- F; m8 I
net.ipv6.conf.pan0.max_addresses = 16
* ^4 Y- M( _, f3 X; W; u& {5 Dnet.ipv6.conf.pan0.accept_ra_defrtr = 11 ]" K _; e+ i$ f1 o$ ^$ P5 j; Q7 @
net.ipv6.conf.pan0.accept_ra_pinfo = 1: q4 L2 u; b% B5 g) u. u
net.ipv6.conf.pan0.accept_ra_rtr_pref = 1
$ D+ W0 b. s: P/ _" i3 [9 {net.ipv6.conf.pan0.router_probe_interval = 60 O# L; P% }. u8 `4 A' r1 U
net.ipv6.conf.pan0.accept_ra_rt_info_max_plen = 03 \* `5 n8 ?) b, H" [
net.ipv6.conf.pan0.proxy_ndp = 0; V/ z. ]. k/ ~( s& j1 B4 E* R* X
net.ipv6.conf.pan0.accept_source_route = 0% ~/ \+ M) M+ p8 {
net.ipv6.conf.pan0.optimistic_dad = 0
9 q( S7 H7 e2 v( F7 g) E9 tnet.ipv6.conf.pan0.mc_forwarding = 0( a1 k5 y3 z& @, \, i4 _
net.ipv6.conf.pan0.disable_ipv6 = 0. q1 J8 a+ T$ N+ `8 p
net.ipv6.conf.pan0.accept_dad = 1* k) I, c2 v* k6 W5 n
net.ipv6.ip6frag_high_thresh = 4194304
7 \+ a5 y$ D* }" r$ ]net.ipv6.ip6frag_low_thresh = 31457289 |9 S# X$ Q9 w+ T# a B
net.ipv6.ip6frag_time = 60
3 S1 } }9 h5 Pnet.ipv6.route.gc_thresh = 1024* l2 Y$ H8 p s8 b# U2 G; a6 Z
net.ipv6.route.max_size = 4096/ H) N+ J7 Q: i8 M c
net.ipv6.route.gc_min_interval = 0
% E. f6 V, {2 C r' M7 H& Vnet.ipv6.route.gc_timeout = 60
& Z& O" {6 y @4 W7 enet.ipv6.route.gc_interval = 30
/ m' _/ y* {- H* \' T, _5 { `. I/ {net.ipv6.route.gc_elasticity = 0, m- L/ g( a2 }# K7 G/ _5 `4 U
net.ipv6.route.mtu_expires = 600; S" q$ {5 p. ~. G! p1 G0 W
net.ipv6.route.min_adv_mss = 1
$ A" n$ u* \# j0 u( X8 mnet.ipv6.route.gc_min_interval_ms = 500, O& d: g* }8 q2 H5 t
net.ipv6.icmp.ratelimit = 1000
7 f. m. a6 @# J$ B6 Vnet.ipv6.bindv6only = 0& K( L. h8 `8 E6 a8 W7 F
net.ipv6.nf_conntrack_frag6_timeout = 60
: H, \) L. Y6 q$ A8 l& r! }net.ipv6.nf_conntrack_frag6_low_thresh = 3145728
; x8 q; v& U2 p9 e+ I# dnet.ipv6.nf_conntrack_frag6_high_thresh = 4194304
" V6 ]5 C7 y8 B; c% S7 X( R: cnet.ipv6.ip6frag_secret_interval = 600
, e! g: u, ?0 d2 N: Pnet.ipv6.mld_max_msf = 64
# m( `: p# ]* a& A3 pnet.nf_conntrack_max = 65536
4 f, Z, B4 ^' Lnet.bridge.bridge-nf-call-arptables = 1. \/ H, V& e( k5 R$ ]5 _" S
net.bridge.bridge-nf-call-iptables = 1
s0 g2 N* z% h( a. g& e0 Lnet.bridge.bridge-nf-call-ip6tables = 13 X6 V3 Z4 I$ E# ]
net.bridge.bridge-nf-filter-vlan-tagged = 0
1 n# `; l2 n/ }4 x$ Wnet.bridge.bridge-nf-filter-pppoe-tagged = 0
* ~/ O$ u; N# y- N% Znet.unix.max_dgram_qlen = 10
3 F" Z1 }2 ]( A& }- j# \& ?8 E. A3 Mabi.vsyscall32 = 1. ?! x' q& f7 j- N% {' G
crypto.fips_enabled = 0 |
|
发表于 2022-7-16 07:25:10