TCP

Les machines sont puissantes, le réseau est rapide, et pourtant à partir d'un certain nombre de connexions TCP des erreurs apparaissent, comme too many open files.

Sources:

• https://klaver.it/linux/sysctl.conf
• https://www.slashroot.in/linux-kernel-rpfilter-settings-reverse-path-filtering
• https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/

Les valeurs sont lisibles dans /proc/sys/net/ipv4/

Sur les performances:

$ cat /etc/security/limits.d/nofile.conf
 
# debian 10.4 = 1024
* soft nofile 4096
 
$ cat /etc/sysctl.d/local.conf
 
# Increase number of incoming connections
# debian 10.4 = 128
net.core.somaxconn = 1024
# Increase number of incoming connections backlog
# debian 10.4 = 1000
net.core.netdev_max_backlog = 4096
 
# Decrease the time default value for tcp_fin_timeout connection
# debian 10.4 = 60
net.ipv4.tcp_fin_timeout = 15
# Decrease the time default value for connections to keep alive
# debian 10.4 = 7200
net.ipv4.tcp_keepalive_time = 300
# debian 10.4 = 9
net.ipv4.tcp_keepalive_probes = 5
# debian 10.4 = 75
net.ipv4.tcp_keepalive_intvl = 15
 
# try to reuse time-wait connections, but don't recycle them (recycle can break clients behind NAT)
# debian 10.4 No such file or directory
#net.ipv4.tcp_tw_recycle = 0
# # debian 10.4 = 2
net.ipv4.tcp_tw_reuse = 1
 
# Limit number of orphans, each orphan can eat up to 16M (max wmem) of unswappable memory
# debian 10.4 = 32768
net.ipv4.tcp_max_orphans = 16384
# debian 10.4 = 0
#net.ipv4.tcp_orphan_retries = 0
 
# How many times to retry killing an alive TCP connection
# debian 10.4 = 15
#net.ipv4.tcp_retries2 = 15
# debian 10.4 = 3
#net.ipv4.tcp_retries1 = 3