Master Linux Kernel Tuning: Essential Sysctl Settings for High‑Performance Servers
This guide details how to fine‑tune Linux kernel parameters—covering sysctl configuration, network stack adjustments, local port range, shared memory limits, swap behavior, and disk scheduler choices—to dramatically improve server performance and stability.
1. Optimize kernel related parameters
Configuration file:
/etc/sysctl.confAdd each parameter on a separate line in the file.
sysctl -a – view default settings.
sysctl -p – apply changes and check for errors.
Network related
net.core.somaxconn=65535 – maximum length of the TCP listen queue per port.
net.core.netdev_max_backlog=65535 – upper limit of packets queued when arrival rate exceeds kernel processing speed.
net.ipv4.tcp_max_syn_backlog=65535 – maximum SYN queue length (large values may attract SYN‑flood attacks).
net.ipv4.tcp_fin_timeout=10 – timeout for sockets in FIN‑WAIT‑2 state after a local close request.
net.ipv4.tcp_tw_reuse=1 – allow TIME‑WAIT sockets to be reused for new connections (default 0, disabled).
net.ipv4.tcp_tw_recycle=1 – enable fast recycling of TIME‑WAIT sockets (default 0, disabled).
Network parameter tuning template (for 8‑16 GB memory, adjust as needed)
fs.file-max: default 1048576 → tuned 9999999 – total file descriptors system‑wide.
fs.nr_open: default 1635590 → tuned 1635590 – max files per process.
net.core.rmem_default: 124928 → 262144 – default TCP receive buffer.
net.core.wmem_default: 124928 → 262144 – default TCP send buffer.
net.core.rmem_max: 124928 → 8388608 – maximum TCP receive buffer.
net.core.wmem_max: 124928 → 8388608 – maximum TCP send buffer.
net.ipv4.tcp_wmem: 4096 16384 4194304 → 4096 16384 8388608 – TCP send buffer range.
net.ipv4.tcp_rmem: 4096 87380 4194304 → 4096 87380 8388608 – TCP receive buffer range.
net.ipv4.tcp_mem: 384657 512877 769314 → 384657 512877 3057792 – TCP memory usage.
net.core.netdev_max_backlog: 1000 → 5000 – max packets queued per NIC.
net.core.optmem_max: 20480 → 81920 – max per‑socket buffer size.
net.core.somaxconn: 128 → 2048 – global max listen queue length.
net.ipv4.tcp_fin_timeout: 60 → 30 – FIN‑WAIT‑2 timeout (seconds).
net.ipv4.tcp_max_syn_backlog: 1024 → 2048 – max pending SYN requests.
net.ipv4.tcp_max_tw_buckets: 5000 → 5000 – max TIME‑WAIT sockets.
net.ipv4.tcp_tw_reuse: 0 → 1 – reuse TIME‑WAIT sockets.
net.ipv4.tcp_keepalive_time: 7200 → 900 – idle time before keepalive probes.
net.ipv4.tcp_keepalive_intvl: 75 → 30 – interval between keepalive probes.
net.ipv4.tcp_keepalive_probes: 9 → 3 – number of keepalive probes.
Note: Larger values are not always better; consider hardware limits and impact on other services.
Local port range
When the system runs out of local ports, errors like "Can't assign requested address" appear. Adjust the range in /etc/sysctl.conf:
# View current range
cat /proc/sys/net/ipv4/ip_local_port_range
# Default example
32768 61000
# Change range
net.ipv4.ip_local_port_range = 1024 65000
# Apply changes
sysctl -pNote: 1. Minimum value must be ≥1024; ports below are reserved for the TCP protocol. 2. If an application uses ports >1024, set the range start higher than that value.
kernel.shmmax=4294967295– maximum shared memory segment size (bytes).
Should be ≥ the size required by sag_max_size and at least half of physical RAM; on 32‑bit x86, Oracle SGA cannot exceed ~1.7 GB.
kernel.shmmni=4096– maximum number of shared memory segments system‑wide (default 4096). kernel.shmall=2097152 – total shared memory pages allowed (default 2097152, ~8 GB on many systems).
Value should be ≥ shmmax / page_size ; usually no change needed if total SGA < 8 GB.
vm.swappiness=0– memory allocation policy; 0 tells the kernel to avoid swapping until RAM is exhausted.
Risks:
Potential performance degradation.
Higher chance of OOM kills under memory pressure.
2. Increase resource limits
File /etc/security/limits.conf:
* soft nofile 65535
* hard nofile 65535* – applies to all users.
soft – current effective limit.
hard – maximum enforceable limit.
nofile – maximum number of open files.
65535 – desired limit value.
Reboot required for changes to take effect.
3. Disk scheduler strategy
Parameter path: /sys/block/<em>devname</em>/queue/scheduler noop – FIFO queue, favors writes, ideal for flash/embedded devices.
deadline – ensures requests are serviced before a deadline; good for database workloads.
anticipatory – similar to deadline but adds a short wait after reads to merge small writes; suited for write‑heavy environments, poor for databases.
cfq – Completely Fair Queuing algorithm.
Kernel parameter storage paths
/proc/sys/abi/* – support for external binaries on various UNIX‑like systems.
/proc/sys/fs/* – file descriptor limits and quotas.
/proc/sys/kernel/* – hot‑plug, shared memory, PID limits, syslog debug level.
/proc/sys/net/* – network optimizations for IPv4/IPv6.
/proc/sys/vm/* – cache and buffer management.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
MaGe Linux Operations
Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.