linux 系统 tcp 内核参数

来自：https://www.kernel.org/doc/html/latest/admin-guide/sysctl/user.html

参数来自：https://www.kernel.org/doc/html/latest/networking/ip-sysctl.html

sysctl 命令：
sysctl命令被用于在内核运行时动态地修改内核的运行参数，
可用的内核参数在目录/proc/sys中。它包含一些TCP/ip堆栈和
虚拟内存系统的高级选项， 这可以让有经验的管理员提高引人注目的系统性能。用sysctl可以读取设置超过五百个系统变量。

sysctl -a :查看所有可读变量
编辑此文件：/etc/sysctl.conf :内核参数设定文件，永久有效

sysctl ：
-p：从配置文件“/etc/sysctl.conf”加载内核参数设置
sysctl -a :查看所有可读变量

Table : Subdirectories in /proc/sys/net

Directory	Content		Directory	Content
core 内核	General parameter		appletalk	Appletalk protocol
unix   unix 套接字	Unix domain sockets		netrom	NET/ROM
802   802 协议，物理层数据链路层	E802 protocol		ax25	AX25
ethernet  以太网	Ethernet protocol		rose	X.25 PLP layer
ipv4	IP version 4		x25	X.25 protocol
bridge	Bridging		decnet	DEC net
ipv6	IP version 6		tipc	TIPC

 

配置文件

[root@kube ipv4]# pwd
/proc/sys/net/ipv4 
[root@kube ipv4]# ls
cipso_cache_bucket_size            igmp_qrv                 ip_nonlocal_bind                  tcp_ecn                 tcp_mem                    tcp_synack_retries
cipso_cache_enable                 inet_peer_maxttl         ip_no_pmtu_disc                   tcp_fack                tcp_min_tso_segs           tcp_syncookies
cipso_rbm_optfmt                   inet_peer_minttl         neigh                             tcp_fastopen            tcp_moderate_rcvbuf        tcp_syn_retries
cipso_rbm_strictvalid              inet_peer_threshold      ping_group_range                  tcp_fastopen_key        tcp_mtu_probing            tcp_thin_dupack
conf                               ip_default_ttl           route                             tcp_fin_timeout         tcp_no_metrics_save        tcp_thin_linear_timeouts
fwmark_reflect                     ip_dynaddr               tcp_abort_on_overflow             tcp_frto                tcp_notsent_lowat          tcp_timestamps
icmp_echo_ignore_all               ip_early_demux           tcp_adv_win_scale                 tcp_invalid_ratelimit   tcp_orphan_retries         tcp_tso_win_divisor
icmp_echo_ignore_broadcasts        ip_forward               tcp_allowed_congestion_control    tcp_keepalive_intvl     tcp_reordering             tcp_tw_recycle
icmp_errors_use_inbound_ifaddr     ip_forward_use_pmtu      tcp_app_win                       tcp_keepalive_probes    tcp_retrans_collapse       tcp_tw_reuse
icmp_ignore_bogus_error_responses  ipfrag_high_thresh       tcp_autocorking                   tcp_keepalive_time      tcp_retries1               tcp_window_scaling
icmp_msgs_burst                    ipfrag_low_thresh        tcp_available_congestion_control  tcp_limit_output_bytes  tcp_retries2               tcp_wmem
icmp_msgs_per_sec                  ipfrag_max_dist          tcp_base_mss                      tcp_low_latency         tcp_rfc1337                tcp_workaround_signed_windows
icmp_ratelimit                     ipfrag_secret_interval   tcp_challenge_ack_limit           tcp_max_orphans         tcp_rmem                   udp_mem
icmp_ratemask                      ipfrag_time              tcp_congestion_control            tcp_max_ssthresh        tcp_sack                   udp_rmem_min
igmp_max_memberships               ip_local_port_range      tcp_dsack                         tcp_max_syn_backlog     tcp_slow_start_after_idle  udp_wmem_min
igmp_max_msf                       ip_local_reserved_ports  tcp_early_retrans                 tcp_max_tw_buckets      tcp_stdurg                 xfrm4_gc_thresh
[root@kube ipv4]# 

 内核参数

参数	描述	默认值	优化值
net.core.rmem_default	默认的TCP数据接收窗口大小（字节）。	229376	256960
net.core.rmem_max	最大的TCP数据接收窗口（字节）。	131071	513920
net.core.wmem_default	默认的TCP数据发送窗口大小（字节）。	229376	256960
net.core.wmem_max	最大的TCP数据发送窗口（字节）。	131071	513920
net.core.netdev_max_backlog	在每个网络接口接收数据包的速率比内核处理这些包的速率快时，允许送到队列的数据包的最大数目。	1000	2000
net.core.somaxconn	定义了系统中每一个端口最大的监听队列的长度，这是个全局的参数。	128	2048
net.core.optmem_max	表示每个套接字所允许的最大缓冲区的大小。	20480	81920

常用参数说明

[root@kube ipv4]# sysctl -a |grep net.ipv4.
net.ipv4.cipso_cache_bucket_size = 10
net.ipv4.cipso_cache_enable = 1
net.ipv4.cipso_rbm_optfmt = 0
net.ipv4.cipso_rbm_strictvalid = 1
net.ipv4.conf.all.accept_local = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.arp_accept = 0
net.ipv4.conf.all.arp_announce = 0
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.all.arp_notify = 0
net.ipv4.conf.all.bootp_relay = 0
net.ipv4.conf.all.disable_policy = 0
net.ipv4.conf.all.disable_xfrm = 0
net.ipv4.conf.all.force_igmp_version = 0
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.all.medium_id = 0
net.ipv4.conf.all.promote_secondaries = 1
net.ipv4.conf.all.proxy_arp = 0
net.ipv4.conf.all.proxy_arp_pvlan = 0
net.ipv4.conf.all.route_localnet = 0
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.all.secure_redirects = 1
net.ipv4.conf.all.send_redirects = 1
net.ipv4.conf.all.shared_media = 1
net.ipv4.conf.all.src_valid_mark = 0
net.ipv4.conf.all.tag = 0
net.ipv4.conf.default.accept_local = 0
net.ipv4.conf.default.accept_redirects = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.arp_accept = 0
net.ipv4.conf.default.arp_announce = 0
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.default.arp_ignore = 0
net.ipv4.conf.default.arp_notify = 0
net.ipv4.conf.default.bootp_relay = 0
net.ipv4.conf.default.disable_policy = 0
net.ipv4.conf.default.disable_xfrm = 0
net.ipv4.conf.default.force_igmp_version = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.log_martians = 0
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.default.medium_id = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.default.proxy_arp_pvlan = 0
net.ipv4.conf.default.route_localnet = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.secure_redirects = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.default.shared_media = 1
net.ipv4.conf.default.src_valid_mark = 0
net.ipv4.conf.default.tag = 0
net.ipv4.conf.docker0.accept_local = 0
net.ipv4.conf.docker0.accept_redirects = 1
net.ipv4.conf.docker0.accept_source_route = 0
net.ipv4.conf.docker0.arp_accept = 0
net.ipv4.conf.docker0.arp_announce = 0
net.ipv4.conf.docker0.arp_filter = 0
net.ipv4.conf.docker0.arp_ignore = 0
net.ipv4.conf.docker0.arp_notify = 0
net.ipv4.conf.docker0.bootp_relay = 0
net.ipv4.conf.docker0.disable_policy = 0
net.ipv4.conf.docker0.disable_xfrm = 0
net.ipv4.conf.docker0.force_igmp_version = 0
net.ipv4.conf.docker0.forwarding = 1
net.ipv4.conf.docker0.log_martians = 0
net.ipv4.conf.docker0.mc_forwarding = 0
net.ipv4.conf.docker0.medium_id = 0
net.ipv4.conf.docker0.promote_secondaries = 1
net.ipv4.conf.docker0.proxy_arp = 0
net.ipv4.conf.docker0.proxy_arp_pvlan = 0
net.ipv4.conf.docker0.route_localnet = 0
net.ipv4.conf.docker0.rp_filter = 1
net.ipv4.conf.docker0.secure_redirects = 1
net.ipv4.conf.docker0.send_redirects = 1
net.ipv4.conf.docker0.shared_media = 1
net.ipv4.conf.docker0.src_valid_mark = 0
net.ipv4.conf.docker0.tag = 0
net.ipv4.conf.ens192.accept_local = 0
net.ipv4.conf.ens192.accept_redirects = 1
net.ipv4.conf.ens192.accept_source_route = 0
net.ipv4.conf.ens192.arp_accept = 0
net.ipv4.conf.ens192.arp_announce = 0
net.ipv4.conf.ens192.arp_filter = 0
net.ipv4.conf.ens192.arp_ignore = 0
net.ipv4.conf.ens192.arp_notify = 0
net.ipv4.conf.ens192.bootp_relay = 0
net.ipv4.conf.ens192.disable_policy = 0
net.ipv4.conf.ens192.disable_xfrm = 0
net.ipv4.conf.ens192.force_igmp_version = 0
net.ipv4.conf.ens192.forwarding = 1
net.ipv4.conf.ens192.log_martians = 0
net.ipv4.conf.ens192.mc_forwarding = 0
net.ipv4.conf.ens192.medium_id = 0
net.ipv4.conf.ens192.promote_secondaries = 1
net.ipv4.conf.ens192.proxy_arp = 0
net.ipv4.conf.ens192.proxy_arp_pvlan = 0
net.ipv4.conf.ens192.route_localnet = 0
net.ipv4.conf.ens192.rp_filter = 1
net.ipv4.conf.ens192.secure_redirects = 1
net.ipv4.conf.ens192.send_redirects = 1
net.ipv4.conf.ens192.shared_media = 1
net.ipv4.conf.ens192.src_valid_mark = 0
net.ipv4.conf.ens192.tag = 0
net.ipv4.conf.lo.accept_local = 0
net.ipv4.conf.lo.accept_redirects = 1
net.ipv4.conf.lo.accept_source_route = 1
net.ipv4.conf.lo.arp_accept = 0
net.ipv4.conf.lo.arp_announce = 0
net.ipv4.conf.lo.arp_filter = 0
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.conf.lo.arp_notify = 0
net.ipv4.conf.lo.bootp_relay = 0
net.ipv4.conf.lo.disable_policy = 1
net.ipv4.conf.lo.disable_xfrm = 1
net.ipv4.conf.lo.force_igmp_version = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.lo.log_martians = 0
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.lo.medium_id = 0
net.ipv4.conf.lo.promote_secondaries = 0
net.ipv4.conf.lo.proxy_arp = 0
net.ipv4.conf.lo.proxy_arp_pvlan = 0
net.ipv4.conf.lo.route_localnet = 0
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.lo.secure_redirects = 1
net.ipv4.conf.lo.send_redirects = 1
net.ipv4.conf.lo.shared_media = 1
net.ipv4.conf.lo.src_valid_mark = 0
net.ipv4.conf.lo.tag = 0
net.ipv4.fwmark_reflect = 0
net.ipv4.icmp_echo_ignore_all = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_errors_use_inbound_ifaddr = 0
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.icmp_msgs_burst = 50
net.ipv4.icmp_msgs_per_sec = 1000
net.ipv4.icmp_ratelimit = 1000
net.ipv4.icmp_ratemask = 6168
net.ipv4.igmp_max_memberships = 20
net.ipv4.igmp_max_msf = 10
net.ipv4.igmp_qrv = 2
net.ipv4.inet_peer_maxttl = 600
net.ipv4.inet_peer_minttl = 120
net.ipv4.inet_peer_threshold = 65664
net.ipv4.ip_default_ttl = 64                 // ip 数据包字段 生存时间默认值
net.ipv4.ip_dynaddr = 0
net.ipv4.ip_early_demux = 1
net.ipv4.ip_forward = 1                   //是否开启内核转发，0 禁用，1 启动
net.ipv4.ip_forward_use_pmtu = 0
net.ipv4.ip_local_port_range = 32768    60999    //定义 tcp/udp 本地端口范围
net.ipv4.ip_local_reserved_ports = 
net.ipv4.ip_no_pmtu_disc = 0
net.ipv4.ip_nonlocal_bind = 0
net.ipv4.ipfrag_high_thresh = 4194304
net.ipv4.ipfrag_low_thresh = 3145728
net.ipv4.ipfrag_max_dist = 64
net.ipv4.ipfrag_secret_interval = 600
net.ipv4.ipfrag_time = 30
net.ipv4.neigh.default.anycast_delay = 100
net.ipv4.neigh.default.app_solicit = 0
net.ipv4.neigh.default.base_reachable_time_ms = 30000
net.ipv4.neigh.default.delay_first_probe_time = 5
net.ipv4.neigh.default.gc_interval = 30
net.ipv4.neigh.default.gc_stale_time = 60
net.ipv4.neigh.default.gc_thresh1 = 128
net.ipv4.neigh.default.gc_thresh2 = 512
net.ipv4.neigh.default.gc_thresh3 = 1024
net.ipv4.neigh.default.locktime = 100
net.ipv4.neigh.default.mcast_solicit = 3
net.ipv4.neigh.default.proxy_delay = 80
net.ipv4.neigh.default.proxy_qlen = 64
net.ipv4.neigh.default.retrans_time_ms = 1000
net.ipv4.neigh.default.ucast_solicit = 3
net.ipv4.neigh.default.unres_qlen = 31
net.ipv4.neigh.default.unres_qlen_bytes = 65536
net.ipv4.neigh.docker0.anycast_delay = 100
net.ipv4.neigh.docker0.app_solicit = 0
net.ipv4.neigh.docker0.base_reachable_time_ms = 30000
net.ipv4.neigh.docker0.delay_first_probe_time = 5
net.ipv4.neigh.docker0.gc_stale_time = 60
net.ipv4.neigh.docker0.locktime = 100
net.ipv4.neigh.docker0.mcast_solicit = 3
net.ipv4.neigh.docker0.proxy_delay = 80
net.ipv4.neigh.docker0.proxy_qlen = 64
net.ipv4.neigh.docker0.retrans_time_ms = 1000
net.ipv4.neigh.docker0.ucast_solicit = 3
net.ipv4.neigh.docker0.unres_qlen = 31
net.ipv4.neigh.docker0.unres_qlen_bytes = 65536
net.ipv4.neigh.ens192.anycast_delay = 100
net.ipv4.neigh.ens192.app_solicit = 0
net.ipv4.neigh.ens192.base_reachable_time_ms = 30000
net.ipv4.neigh.ens192.delay_first_probe_time = 5
net.ipv4.neigh.ens192.gc_stale_time = 60
net.ipv4.neigh.ens192.locktime = 100
net.ipv4.neigh.ens192.mcast_solicit = 3
net.ipv4.neigh.ens192.proxy_delay = 80
net.ipv4.neigh.ens192.proxy_qlen = 64
net.ipv4.neigh.ens192.retrans_time_ms = 1000
net.ipv4.neigh.ens192.ucast_solicit = 3
net.ipv4.neigh.ens192.unres_qlen = 31
net.ipv4.neigh.ens192.unres_qlen_bytes = 65536
net.ipv4.neigh.lo.anycast_delay = 100
net.ipv4.neigh.lo.app_solicit = 0
net.ipv4.neigh.lo.base_reachable_time_ms = 30000
net.ipv4.neigh.lo.delay_first_probe_time = 5
net.ipv4.neigh.lo.gc_stale_time = 60
net.ipv4.neigh.lo.locktime = 100
net.ipv4.neigh.lo.mcast_solicit = 3
net.ipv4.neigh.lo.proxy_delay = 80
net.ipv4.neigh.lo.proxy_qlen = 64
net.ipv4.neigh.lo.retrans_time_ms = 1000
net.ipv4.neigh.lo.ucast_solicit = 3
net.ipv4.neigh.lo.unres_qlen = 31
net.ipv4.neigh.lo.unres_qlen_bytes = 65536
net.ipv4.ping_group_range = 1    0
net.ipv4.route.error_burst = 5000
net.ipv4.route.error_cost = 1000
net.ipv4.route.gc_elasticity = 8
net.ipv4.route.gc_interval = 60
net.ipv4.route.gc_min_interval = 0
net.ipv4.route.gc_min_interval_ms = 500
net.ipv4.route.gc_thresh = -1
net.ipv4.route.gc_timeout = 300
net.ipv4.route.max_size = 2147483647
net.ipv4.route.min_adv_mss = 256
net.ipv4.route.min_pmtu = 552
net.ipv4.route.mtu_expires = 600
net.ipv4.route.redirect_load = 20
net.ipv4.route.redirect_number = 9
net.ipv4.route.redirect_silence = 20480
net.ipv4.tcp_abort_on_overflow = 0
net.ipv4.tcp_adv_win_scale = 1
net.ipv4.tcp_allowed_congestion_control = cubic reno
net.ipv4.tcp_app_win = 31
net.ipv4.tcp_autocorking = 1
net.ipv4.tcp_available_congestion_control = cubic reno
net.ipv4.tcp_base_mss = 512
net.ipv4.tcp_challenge_ack_limit = 1000
net.ipv4.tcp_congestion_control = cubic
net.ipv4.tcp_dsack = 1
net.ipv4.tcp_early_retrans = 3
net.ipv4.tcp_ecn = 2
net.ipv4.tcp_fack = 1
net.ipv4.tcp_fastopen = 0
net.ipv4.tcp_fastopen_key = 3d9f4df5-5c82290b-6c465833-328c3b2d
net.ipv4.tcp_fin_timeout = 60
net.ipv4.tcp_frto = 2
net.ipv4.tcp_invalid_ratelimit = 500
net.ipv4.tcp_keepalive_intvl = 75　　　　　　　　//keepalive 消息失败后的重新探测间隔，乘以 keepalive_probes 的次数代表多久后连接失效
net.ipv4.tcp_keepalive_probes = 9            // 尝试次数9 次
net.ipv4.tcp_keepalive_time = 7200              //启用keepalive 时，keepalive 多久发一次消息，默认2 小时
net.ipv4.tcp_limit_output_bytes = 262144
net.ipv4.tcp_low_latency = 0                 //旧选项不再有效
net.ipv4.tcp_max_orphans = 8192
net.ipv4.tcp_max_ssthresh = 0
net.ipv4.tcp_max_syn_backlog = 128                     //一个 socket 最大请求数  SYN_RECV
net.ipv4.tcp_max_tw_buckets = 8192                //保存最大  timewait 数量
net.ipv4.tcp_mem = 42471    56631    84942
net.ipv4.tcp_min_tso_segs = 2
net.ipv4.tcp_moderate_rcvbuf = 1
net.ipv4.tcp_mtu_probing = 0
net.ipv4.tcp_no_metrics_save = 0
net.ipv4.tcp_notsent_lowat = -1
net.ipv4.tcp_orphan_retries = 0
net.ipv4.tcp_reordering = 3
net.ipv4.tcp_retrans_collapse = 1
net.ipv4.tcp_retries1 = 3          //回收一个 连接 多少次重试
net.ipv4.tcp_retries2 = 15         //断开与远端主机的会话次数
net.ipv4.tcp_rfc1337 = 0
net.ipv4.tcp_rmem = 4096    87380    6291456
net.ipv4.tcp_sack = 1                          //启动sack ，有选择的应答乱序的包，之重发丢失的数据包
net.ipv4.tcp_slow_start_after_idle = 1
net.ipv4.tcp_stdurg = 0
net.ipv4.tcp_syn_retries = 6                    // 重启发送syn 包的次数
net.ipv4.tcp_synack_retries = 5
net.ipv4.tcp_syncookies = 1                  //开启 syncookies ,当套接字 syn 待办事项队列溢出时，发出syncookies 防止常见的 syn flood 
net.ipv4.tcp_thin_dupack = 0
net.ipv4.tcp_thin_linear_timeouts = 0
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_tso_win_divisor = 3
net.ipv4.tcp_tw_recycle = 0             //设置 TIME_AIT 快速回收
net.ipv4.tcp_tw_reuse = 0              //设置timewait 的重用,超过这个值立即删除可以复用
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_wmem = 4096    16384    4194304
net.ipv4.tcp_workaround_signed_windows = 0
net.ipv4.udp_mem = 43563    58086    87126
net.ipv4.udp_rmem_min = 4096
net.ipv4.udp_wmem_min = 4096
net.ipv4.xfrm4_gc_thresh = 32768
sysctl: reading key "net.ipv6.conf.all.stable_secret"
sysctl: reading key "net.ipv6.conf.default.stable_secret"
sysctl: reading key "net.ipv6.conf.docker0.stable_secret"
sysctl: reading key "net.ipv6.conf.ens192.stable_secret"
sysctl: reading key "net.ipv6.conf.lo.stable_secret"
[root@kube ipv4]#