== link:index.html[Index] -> link:other.html[Other information]
Other: System Tuning
--------------------
Depending on the environment you are running Cherokee into, the
default OS setting might require adjustments. In most cases the
default settings work fine for low-cost, commodity hardware. However,
if you are running Cherokee in a high-end or benchmark environment,
it's recommended to check the following parameters.
Please, bear in mind that values in the examples suppose Cherokee
running on a system with at least 2GB of memory.
[[linux]]
Linux
~~~~~
The Linux kernel can auto-configure many of its internal limits
regarding memory sizes and resources. However, there are some tweaks
that we recommend you to configure by hand, including:
Time
^^^^
+/proc/sys/net/ipv4/tcp_timestamps+: Timestamps as defined in RFC1323.
----
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
----
Ephemeral port range
^^^^^^^^^^^^^^^^^^^^
+/proc/sys/net/ipv4/ip_local_port_range+: Range of local ports for
outgoing connections. Actually quite small by default, 1024 to
4999.
----
echo "1024 65535" > /proc/sys/net/ipv4/ip_local_port_range
----
Listen queue
^^^^^^^^^^^^
+/proc/sys/net/ipv4/tcp_syncookies+: Without SYN cookies, a much
larger value for tcp_max_syn_backlog is required, but this consumes
additional kernel memory and scales poorly (the hash table that
stores the SYN records is of a fixed size).
----
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
----
+/proc/sys/net/ipv4/tcp_orphan_retries+: How may times to retry before
killing TCP connection, closed by our side. Default value 7
corresponds to 50sec-16min depending on RTO. If your machine is a
loaded WEB server, you should think about lowering this value, such
sockets may consume significant resources. Cf. tcp_max_orphans.
----
echo 2 > /proc/sys/net/ipv4/tcp_orphan_retries
----
TIME_WAIT
^^^^^^^^^
+/proc/sys/net/ipv4/tcp_max_tw_buckets+: Maximal number of timewait
sockets held by the system simultaneously. If this number is
exceeded time-wait socket is immediately destroyed and a warning is
printed. This limit exists only to prevent simple DoS attacks, you
_must_ not lower the limit artificially, but rather increase it
(probably, after increasing installed memory), if network
conditions require more than the default value.
----
echo 1800000 > /proc/sys/net/ipv4/tcp_max_tw_buckets
----
+/proc/sys/net/ipv4/tcp_tw_recycle+: Enable fast recycling TIME-WAIT
sockets. Default value is 1. It should not be changed without
advice/request of technical experts.
----
echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle
----
+/proc/sys/net/ipv4/tcp_fin_timeout+: Time to hold socket in state
FIN-WAIT-2, if it was closed by our side. Peer can be broken and
never close its side, or even died unexpectedly. Default value is
60sec. Usual value used in 2.2 was 180 seconds, you may restore it,
but remember that if your machine is even underloaded WEB server,
you risk to overflow memory with kilotons of dead sockets,
FIN-WAIT-2 sockets are less dangerous than FIN-WAIT-1, because they
eat maximum 1.5K of memory, but they tend to live longer. Cf.
tcp_max_orphans.
----
echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 5 > /proc/sys/net/ipv4/tcp_fin_timeout # Benchmarking / Stressing
----
Network buffer size
^^^^^^^^^^^^^^^^^^^
+/proc/sys/net/ipv4/tcp_mem+: Determines how the TCP stack should
behave for memory usage; each count is in memory pages (typically
4KB). The first value is the low threshold for memory usage. The
second value is the threshold for a memory pressure mode to begin
to apply pressure to buffer usage. The third value is the maximum
threshold. At this level, packets can be dropped to reduce memory
usage. Increase the count for large BDP (but remember, it's memory
pages, not bytes).
----
echo "50576 64768 98152" > /proc/sys/net/ipv4/tcp_mem
echo "128000 200000 262144" > /proc/sys/net/ipv4/tcp_mem # 1Gb
----
File descriptors
^^^^^^^^^^^^^^^^
+/proc/sys/fs/file-max+: This is basically the number of file
descriptors available in the kernel. Which also affects the number
of fd's a process can have open. For large sites you will
definitely need to upgrade this, and for some OS'es you will need
to use ulimit to increase the number of fds available for the
server process.
----
echo 32767 > /proc/sys/fs/file-max
echo 2097152 > /proc/sys/fs/file-max
----
////////////////////////////////
Other Flags:
echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
echo 0 > /proc/sys/net/ipv4/tcp_sack
echo 0 > /proc/sys/net/ipv4/tcp_ecn
////////////////////////////////
MacOS X and BSD
~~~~~~~~~~~~~~~
Most of the following parameters apply to BSD systems and MacOS X:
Listen queue
^^^^^^^^^^^^
+kern.ipc.somaxconn+: This tuning increases the listen queue size for
the OS (from a default value of 128), which enables the operating
system to accept a greater number of new connections.
----
/sbin/sysctl –w kern.ipc.somaxconn=2048
----
+net.core.netdev_max_backlog+: This queue will build up in size when
an interface receives packets faster than the kernel can process
them. If this queue is too small (default is 300), we will begin to
loose packets at the receiver, rather than on the network. One can
set this value by:
----
/sbin/sysctl –w sys.net.core.netdev_max_backlog=2500
----
TIME_WAIT
^^^^^^^^^
+net.inet.tcp.msl+: After the connection was closed the socket enters
the TIME_WAIT state. In this state it can live for 60 seconds by
default. This time can be changed with sysctl (in milliseconds
divided by 2. 2×30000 MSL = 60 seconds).
----
/sbin/sysctl -w "net.inet.tcp.msl=5000"
----
Ephemeral port range
^^^^^^^^^^^^^^^^^^^^
+net.inet.ip.portrange.first+: Outgoing connection are bind to the
ports from the 49152 – 65535 range (16 thousands). Depending on
the load of your server, it may be good to lower the `first` value
(1024 – 65535). This parameter is specially important if keepalive
is not being used.
----
/sbin/sysctl -w "net.inet.ip.portrange.first=2048"
----
File Descriptors
^^^^^^^^^^^^^^^^
+kern.maxfiles+: This parameter sets the file descriptor limit of the
system, which allows Cherokee to handle more concurrent
connections.
----
/sbin/sysctl -w "kern.maxfiles=2097152"
----
+kern.maxfilesperproc+: Maximum number of open descriptors per
process.
----
/sbin/sysctl -w "kern.maxfilesperproc=65536"
----