Best Linux network tuning tips? [closed]

performance networking linux

At this point it's generally not worth the overhead of "tuning" within the kernel. Unless you have the test gear (or a cluster to A/B options on) and very good documentation it's not worth it for the sys-admin overhead alone.

These days the linux kernel has good auto-tuning of TCP, you can do better, however those are not the default because they're seen to be "greedy" and not fair on the Internet.

As close as I get to tuning is:

  1. Mount noatime (implies nodiratime), using ext3 or xfs
  2. Run only needed services
  3. For services like squid & mysql allow them to use more RAM

With rare exceptions those three will get you 90% there.


network stack tuning i put on routers/firewalls connecting to net hundreds of users

net/ipv4/route/max_size=262144
net/ipv4/netfilter/ip_conntrack_tcp_timeout_established=18000
net/ipv4/neigh/default/gc_thresh1=1024
net/ipv4/neigh/default/gc_thresh2=2048
net/ipv4/neigh/default/gc_thresh3=4096
net/netfilter/nf_conntrack_max=128000
net/netfilter/nf_conntrack_expect_max=4096

[ mostly empirically tweaked over years based on some unpleasant crashes ]

for file/sql/poroxy server you definitivly want to mount partition with data/spool with noatime,nodiratime and for reiserfs - notail ] to avoid additional disk trashing whenever file is accessed for read.

and you really want [ maybe you don't know about it yet ;-] gather statistics - eg with munin - to do some capacity planning and see if your tuning indeed decreases system load.


One thing you may want to look at web100. It is a kernel patch, and a userland too designed to optimized the Linux kernel for high-performance networks.

The Web100 project is aimed at producing a complete host-software environment that will run common Web applications at 100% of the available bandwidth, regardless of the magnitude of a network's capability.

Also check out High Performance SSH/SCP.

SCP and the underlying SSH2 protocol implementation in OpenSSH is network performance limited by statically defined internal flow control buffers. These buffers often end up acting as a bottleneck for network throughput of SCP, especially on long and high bandwith network links. Modifying the ssh code to allow the buffers to be defined at run time eliminates this bottleneck.

Related

Is there a Windows 7 compatible IPSec VPN client that allows protocol and port specific rules?
MySQL connection spike out of nowhere
Good graphical HTTP trace program for OSX?
Free software to monitor serial port communication [closed]
How can I get Firefox to display MIME types in-browser?
Sharepoint 2007: Active Directory and Sharepoint Groups
How can I reset the statistics reported by ifconfig?
Naming Convention for Virtual Machines
Puppet Module Resources
How to bestly setup a ssh tunnel for access to a remote network (Linux)
Nagios 3 config ideas
Managing the puppet filebucket?