haproxy 推荐的性能优化参数

通过修改/etc/sysctl.conf 支持(取消如下的注释)

官方参考优化参数

# Limit the per-socket default receive/send buffers to limit memory usage
# when running with a lot of concurrent connections. Values are in bytes
# and represent minimum, default and maximum. Defaults: 4096 87380 4194304
#
# net.ipv4.tcp_rmem            = 4096 16060 262144
# net.ipv4.tcp_wmem            = 4096 16384 262144
 
# Allow early reuse of a same source port for outgoing connections. It is
# required above a few hundred connections per second. Defaults: 0
#
# net.ipv4.tcp_tw_reuse        = 1
 
# Extend the source port range for outgoing TCP connections. This limits early
# port reuse and makes use of 64000 source ports. Defaults: 32768 61000
#
# net.ipv4.ip_local_port_range = 1024 65023
 
# Increase the TCP SYN backlog size. This is generally required to support very
# high connection rates as well as to resist SYN flood attacks. Setting it too
# high will delay SYN cookie usage though. Defaults: 1024
#
# net.ipv4.tcp_max_syn_backlog = 60000
 
# Timeout in seconds for the TCP FIN_WAIT state. Lowering it speeds up release
# of dead connections, though it will cause issues below 25-30 seconds. It is
# preferable not to change it if possible. Default: 60
#
# net.ipv4.tcp_fin_timeout     = 30
 
# Limit the number of outgoing SYN-ACK retries. This value is a direct
# amplification factor of SYN floods, so it is important to keep it reasonably
# low. However, too low will prevent clients on lossy networks from connecting.
# Using 3 as a default value gives good results (4 SYN-ACK total) and lowering
# it to 1 under SYN flood attack can save a lot of bandwidth. Default: 5
#
# net.ipv4.tcp_synack_retries  = 3
 
# Set this to one to allow local processes to bind to an IP which is not yet
# present on the system. This is typically what happens with a shared VRRP
# address, where you want both primary and backup to be started even though the
# IP is not yet present. Always leave it to 1. Default: 0
#
# net.ipv4.ip_nonlocal_bind    = 1
 
# Serves as a higher bound for all of the system's SYN backlogs. Put it at
# least as high as tcp_max_syn_backlog, otherwise clients may experience
# difficulties to connect at high rates or under SYN attacks. Default: 128
#
# net.core.somaxconn           = 60000

参考资料

https://www.haproxy.com/documentation/hapee/latest/getting-started/system-tuning/

posted on 2021-12-03 23:01  荣锋亮  阅读(92)  评论(0编辑  收藏  举报

导航