更改Linux系统最大TCP联接和UDP数限制
前提:拥有Root权限
系统的默认配置是足以满足日常使用的,并且在进列宽并发的网路编程时,超出联接个数会碰到最大打开文件数限制报错、无法创建新联接(超出最大进程数)、系统资源分配报错
1、修改最大用户进程数和最大文件数限制ulimit的作用
ulimit:显示(或设置)用户可以使用的资源的限制(limit)中文linux操作系统linux空间,这限制分为软限制(当前限制)和硬限制(上限),其中硬限制是软限制的上限值,应用程序在运行过程中使用的系统资源不超过相应的软限制,任何的赶超都造成进程的中止。
-<span class="token operator">></span> <span class="token function">ulimit</span> -a <span class="token comment"># -a 列出所有当前资源极限</span> core <span class="token function">file</span> size<span class="token punctuation">(</span>blocks, -c<span class="token punctuation">)</span> 0 <span class="token comment">#-c 设置core文件的最大值.单位:blocks</span> data seg size <span class="token punctuation">(</span>kbytes, -d<span class="token punctuation">)</span> unlimited <span class="token comment">#-d 设置一个进程的数据段的最大值.单位:kbytes</span> scheduling priority <span class="token punctuation">(</span>-e<span class="token punctuation">)</span> 0 <span class="token comment">#</span> <span class="token function">file</span> size <span class="token punctuation">(</span>blocks, -f<span class="token punctuation">)</span> unlimited <span class="token comment">#-f Shell 创建文件的文件大小的最大值,单位:blocks</span> pending signals <span class="token punctuation">(</span>-i<span class="token punctuation">)</span> 385862 <span class="token comment">#</span> max locked memory <span class="token punctuation">(</span>kbytes, -l<span class="token punctuation">)</span> unlimited <span class="token comment">#-l 可以锁住的物理内存的最大值</span> max memory size <span class="token punctuation">(</span>kbytes, -m<span class="token punctuation">)</span> unlimited <span class="token comment">#-m 可以使用的常驻内存的最大值,单位:kbytes</span> <span class="token function">open</span> files<span class="token punctuation">(</span>-n<span class="token punctuation">)</span> 300000 <span class="token comment">#-n 每个进程可以同时打开的最大文件数</span> pipe size<span class="token punctuation">(</span>512 bytes, -p<span class="token punctuation">)</span> 8 <span class="token comment">#-p 设置管道的最大值,单位为block,1block=512bytes</span> POSIX message queues <span class="token punctuation">(</span>bytes, -q<span class="token punctuation">)</span> 819200 <span class="token comment">#</span> real-time priority<span class="token punctuation">(</span>-r<span class="token punctuation">)</span> 0 <span class="token comment">#</span> stack size<span class="token punctuation">(</span>kbytes, -s<span class="token punctuation">)</span> 8192 <span class="token comment">#-s 指定堆栈的最大值:单位:kbytes</span> cpu <span class="token function">time</span> <span class="token punctuation">(</span>seconds, -t<span class="token punctuation">)</span> unlimited <span class="token comment">#-t 指定每个进程所使用的秒数,单位:seconds</span> max user processes<span class="token punctuation">(</span>-u<span class="token punctuation">)</span> 655360 <span class="token comment">#-u 可以运行的最大并发进程数</span> virtual memory<span class="token punctuation">(</span>kbytes, -v<span class="token punctuation">)</span> unlimited <span class="token comment">#-v Shell可使用的最大的虚拟内存,单位:kbytes</span> <span class="token function">file</span> locks<span class="token punctuation">(</span>-x<span class="token punctuation">)</span> unlimited <span class="token comment">#</span>
更改最大线程数和最大文件数限制
-<span class="token operator">></span> vim /etc/security/limits.conf <span class="token comment"># 添加如下的行</span> * soft noproc 65535 * hard noproc 65535 * soft nofile 65535 * hard nofile 65535
其中:
对于最大打开文件数限制只须要修改前面的参数即可linux tcp连接数限制,但对于用户最大线程数限制还须要依照系统不同更改以下文件
centos7系统下操作
在centos7系统中,ulimit下边的nproc的数值是通过/etc/security/limits.d/20-nproc.conf来控制的
-<span class="token operator">></span> <span class="token function">cat</span> /etc/security/limits.d/20-nproc.conf *softnproc 1024 root softnproc unlimited
须要编辑/etc/security/limits.d/20-nproc.conf文件将限制值改大
2、设置系统对该用户的资源限制
在更改/etc/pam.d/login文件中加入如下内容:
-<span class="token operator">></span> <span class="token function">sudo</span> vim /etc/pam.d/login <span class="token comment"># 加入如下内容</span> session required /lib/security/pam_limits.so
这是告诉Linux在用户完成系统登陆后,应当调用pam_limits.so模块来设置系统对该用户可使用的各类资源数目的最大限制(包括用户可打开的最大文件数限制),而pam_limits.so模块都会从/etc/security/limits.conf文件中读取配置来设置这种限制值。更改完后保存此文件。
3、修改网路内核对TCP/UDP联接的限制
在Linux上编撰支持高并发TCP联接的顾客端通信处理程序时,有时会发觉虽然早已解除了系统对用户同时打开文件数的限制,但仍会出现并发TCP联接数降低到一定数目时,再也未能成功构建新的TCP联接的现象。
Linux内核编译时默认设置的本地端标语范围可能太小,因而须要更改此本地端口范围限制。
内核参数的优化
更改/etc/sysctl.conf文件,/etc/sysctl.conf是拿来控制linux网路的配置文件,对于依赖网路的程序(如web服务器和cache服务器)十分重要
-<span class="token operator">></span> <span class="token function">sudo</span> vim /etc/sysctl.conf <span class="token comment"># 将原内容批注并写入如下内容</span> net.ipv4.ip_local_port_range <span class="token operator">=</span> 1024 65535 net.core.rmem_max <span class="token operator">=</span> 16777216 net.core.wmem_max <span class="token operator">=</span> 16777216 net.ipv4.tcp_rmem <span class="token operator">=</span> 4096 87380 16777216 net.ipv4.tcp_wmem <span class="token operator">=</span> 4096 65536 16777216 net.ipv4.tcp_fin_timeout <span class="token operator">=</span> 10 net.ipv4.tcp_tw_recycle <span class="token operator">=</span> 1 net.ipv4.tcp_timestamps <span class="token operator">=</span> 0 net.ipv4.tcp_window_scaling <span class="token operator">=</span> 0 net.ipv4.tcp_sack <span class="token operator">=</span> 0 net.core.netdev_max_backlog <span class="token operator">=</span> 30000 net.ipv4.tcp_no_metrics_save <span class="token operator">=</span> 1 net.core.somaxconn <span class="token operator">=</span> 10240 net.ipv4.tcp_syncookies <span class="token operator">=</span> 0 net.ipv4.tcp_max_orphans <span class="token operator">=</span> 262144 net.ipv4.tcp_max_syn_backlog <span class="token operator">=</span> 262144 net.ipv4.tcp_synack_retries <span class="token operator">=</span> 2 net.ipv4.tcp_syn_retries <span class="token operator">=</span> 2
更改完之后执行:
sysctl -p /etc/sysctl.conf
sysctl -w net.ipv4.route.flush<span class="token operator">=</span>1
致使配置生效(亲测对TCP和UDP都适用)
至此操作完成。假如没有生效linux tcp连接数限制,这么就reboot。
