This document discusses tuning Linux kernel parameters to optimize performance. It provides examples of modifying parameters related to CPU, memory, storage, networking and security via sysctl, procfs interfaces and configuration files. Parameters control behaviors like TCP settings, file limits, randomization options and overcommit thresholds. Recommendations are given for Red Hat and kernel documentation for further reference.

1. Linux Kernel Parameter Tuning

2. Linux Kernel
Operating System
OS
Kernel
CPU Mem GPU NIC
Keybo
ard

3. Kernel Parameter
Kernel OS
Kernel
Linux

4. Kernel Parameter
Linux Kernel

5. Kernel Parameter Tuning

6. Kernel Parameter Tuning

7. /
IPv6
CentOS7
Windows

8. VM /

9. Kernel Parameter
/proc
echo 100 > /proc/sys/net/ipv4/tcp_keepalive_time
sysctl
/etc/sysctl.conf
sysctl sysctl
RHEL systemctl disable tuned.service

10. sysctl
3
-a
sysctl -a
-w
sysctl -w net.ipv4.tcp_keepalive_time=100
-p
sysctl.conf
sysctl -p

11. CPU Memory Storage, Network
Linux Kernel

12. IT
CPU IO ( )
/

13. Linux
DNS
NW
/
CentOS debian

14. - -
net.core.rmem_max = 16777216 TCP UDP
net.core.wmem_max = 16777216 TCP UDP
net.nf_conntrack_max = 1053616 ESTABLISHED (OS )
net.ipv4.tcp_rmem = 4096 349520 16777216
net.ipv4.tcp_timestamps = 0
NAT WAN
net.ipv4.tcp_fin_timeout = 5 FIN
net.ipv4.tcp_syn_retries = 3
tcp SYN
SYN

15. - -
net.ipv4.tcp_synack_retries = 3
SYN
ACK SYN
net.ipv4.ip_local_port_range = 10000 65535
TCP/IP
iptables
$ cat /proc/sys/net/ipv4/ip_local_port_range
net.ipv4.tcp_tw_reuse = 1
tcp_tw_recycle
net.ipv4.tcp_tw_recycle = 0 *
net.ipv4.tcp_rfc1337 = 1
RFC1337 TIME_WAIT RST
TIME_WAIT

16. - -
net.ipv4.tcp_fin_timeout = 5
net.ipv4.tcp_max_tw_buckets = 65536
time-wait
DoS
net.ipv4.tcp_orphan_retries = 0
TCP
web
net.ipv4.tcp_window_scaling = 1
RFC1323 TCP
64KB TCP WIndow
net.ipv4.tcp_slow_start_after_idle = 0
keepalive congestion
window size reset
keepalive off

17. - -
net.ipv4.tcp_keepalive_time = 10
CLOSE_WAIT
TCP
net.ipv4.tcp_keepalive_intvl = 3
TCP/IP
net.ipv4.tcp_keepalive_probes = 5
TCP keepalive

18. - -
net.core.netdev_max_backlog = 10240
net.ipv4.tcp_max_syn_backlog = 10240
SYN ACK
OS SYN
netstat
net.core.somaxconn
net.core.somaxconn
net.core.somaxconn = 65535
TCP
TCP backlog

19. - -
net.ipv4.tcp_window_scaling = 1
RFC1323 TCP
64KB TCP WIndow
net.ipv4.tcp_max_syn_backlog = 10240
SYN ACK
OS SYN
netstat
net.core.somaxconn
net.core.somaxconn
net.core.somaxconn = 65535
TCP
TCP backlog

20. - -
net.ipv4.conf.all.rp_filter = 1 IP
net.ipv4.tcp_syncookies = 1 SYN flood
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.accept_source_route = 0
off
net.ipv4.conf.all.rp_filter = 1
RFC 3704 IF IF
IP DDoS
net.ipv4.conf.all.forwarding = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.all.mc_forwarding = 0
ICMP

21. - -
kernel.exec-shield = 1
kernel.randomize_va_space = 1
Exec-Shield ASLR

22. - -
vm.swappiness = 0
fs.file-max = 5242880
kernel.threads-max = 1060863
kernel.shmmax = kB
kernel.shmall = 68719476736
kernel.msgmnb = 65536 1
kernel.msgmax = 65536 ID

23. - -
vm.overcommit_memory = 2
vm.overcommit_ratio = 99
vm.overcommit_memory = 2
/proc/[process_id]/oom_adj = -17
vm.panic_on_oom=1
OOM Killer Kernel Panic
vm.overcommit_memory = 1
kernel.panic=60
Kernel Panic
vm.overcommit_memory = 1

24. - -
vm.dirty_ratio = 20 | 80
vm.dirty_background_ratio = 5 | 50
:
:
IO

25. Kernel Parameter Kernel Version

26. Red Hat Linux
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-
single/Performance_Tuning_Guide/index.html
sysctl man Linux Kernel doc
https://www.kernel.org/doc/Documentation/