Boost Linux High‑Concurrency Performance with Essential Kernel Tweaks

Disable or Remove iptables (if not required)

Turn off or uninstall the iptables firewall and prevent the kernel from loading its modules, as they can degrade concurrency performance.

Increase Per‑Process Open File Limit

Typical distributions limit a process to 1024 open files, which is insufficient for high concurrency. Execute: # ulimit -n 65535 If the command fails with "Operation not permitted", adjust the soft and hard limits in /etc/security/limits.conf:

# vim /etc/security/limits.conf
* soft nofile 65535
* hard nofile 65535

Then ensure the PAM limits module is loaded by adding to /etc/pam.d/login:

# vim /etc/pam.d/login
session required /lib/security/pam_limits.so

Verify the system‑wide maximum with:

# cat /proc/sys/fs/file-max
32568

If a higher value is needed, set fs.file-max=131072 in /etc/sysctl.conf and reload.

Tune Kernel TCP Parameters

Large numbers of TIME_WAIT sockets can exhaust port resources. Check the current state with:

# netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'

Modify /etc/sysctl.conf to include:

# vim /etc/sysctl.conf
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_mem = 94500000 91500000 92700000
net.ipv4.tcp_rmem = 32768 436600 873200
net.ipv4.tcp_wmem = 8192 436600 873200
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_congestion_control = hybla
net.ipv4.tcp_fastopen = 3

Apply the changes with: # sysctl -p These settings increase the allowed SYN backlog, enable reuse and fast recycling of TIME_WAIT sockets, adjust buffer sizes, and optionally switch the congestion control algorithm to hybla for high‑latency networks.

Configure I/O Event Dispatch Mechanism

For high‑concurrency TCP servers, avoid blocking I/O and the select() or poll() mechanisms due to their scalability limits. Prefer non‑blocking I/O with epoll or asynchronous I/O (AIO) which handle large numbers of connections efficiently.

Using epoll or modern AIO implementations ensures better CPU utilization and prevents I/O starvation under heavy load.

Reference: https://www.cnblogs.com/txlsz/p/13683892.html

After applying these adjustments and restarting the system, a Linux server can support many more simultaneous TCP connections, improve throughput, and provide better resistance against low‑volume DoS, CC, and SYN attacks. Adjust the parameters further based on actual workload observations.