Linux – Best network tuning variables for a Linux proxy

linuxPROXYtcptuningweb-server

What are the best settings to tune so that Linux can handle a very large amount of TCP connections such as would be seen by a proxy server or a webserver?

I'm using Centos6 and squid and am seeing a large amount of TIME_WAIT connections backing up until finally the machine stops responding. The machine isn't loaded at the time, and is having trouble making ingoing and outgoing connections.

I've had several suggestions of tuning /proc/sys/net/ipv4/tcp_tw_reuse and /proc/sys/net/ipv4/tcp_tw_reuse but they mention bad interactions with load balancers and NAT both of which are used in my situation.

Best Answer

Try to tune down this one:

net.ipv4.tcp_keepalive_time = 7200

Something like

net.ipv4.tcp_keepalive_time = 600

should be a lot better for your situation.

Also, make sure you have tuned the local port range. By default in most distros it's

net.ipv4.ip_local_port_range = 32768    61000

Something like

net.ipv4.ip_local_port_range = 1025    65534

should work lot better.

Related Solutions

Linux – Weird nfs performance: 1 thread better than 8, 8 better than 2!

When a client request comes in, it gets handed off to one of the threads and the rest of the threads are asked to do read-ahead operations. The fastest way to read a file is to have one thread do it sequentially... So for one file this is overkill, and the threads are in essence making more work for themselves. But what's true for 1 client reading 1 file won't necessarily be true when you deploy in the real world, so stick with the formula for basing number of threads and number of read-aheads off bandwidth/cpu specs.

Better alternative for tcp_syncookies in linux

Ubuntu 10.04 has default "sysctl.d/10-network-security.conf" setting below:

# Turn on SYN-flood protections.  Starting with 2.6.26, there is no loss
# of TCP functionality/features under normal conditions.  When flood
# protections kick in under high unanswered-SYN load, the system
# should remain more stable, with a trade off of some loss of TCP
# functionality/features (e.g. TCP Window scaling).
net.ipv4.tcp_syncookies=1

Best Answer

Related Solutions

Linux – Weird nfs performance: 1 thread better than 8, 8 better than 2!

Better alternative for tcp_syncookies in linux

Related Topic