Most used kernel parameter for system tuning

Linux kernel is also flexible, and you can even modify the way it works on the fly by dynamically changing some of its parameter using sysctl command. Changes will take effect immediately, or modify /etc/sysctl.conf to make the changes persistent during reboot. But beware of messing it up, for it may cause undesirable behavior or even crash your system.

The default Linux kernel behavior is sub-optimal out of the box because it is difficult to anticipate what type of work or workload the operating system will be assigned.

But then again, the Linux kernel is also flexible, and you can even modify the way it works on the fly by dynamically changing some of its parameter using sysctl command. Changes will take effect immediately, or modify /etc/sysctl.conf to make the changes persistent during reboot. But beware of messing it up, for it may cause undesirable behavior or even crash your system.

Using sysctl command, you can optimize your box without having to recompile your kernel, get the results immediately. Here are some of the commonly used kernel parameter for system tuning.

  1. swappiness – value in percentage left on RAM before it use swap file. Swappiness is a Linux kernel parameter that controls the relative weight given to swapping out runtime memory, as opposed to dropping pages from the system page cache. Swappiness can be set to values between 0 and 100 inclusive.
    # sysctl -w vm.swappiness = 10
    # sysctl -p
  2. nf_conntrack_tcp_loose – With Netfilter’s connection tracking system (conntrack), we can start filtering out false SYN-ACK and ACK packets before they hit the “listen” state lock. This mitigates SYN Flood Attacks plus the help of an additional netfilter rule.
    # sysctl -w net.netfilter.nf_conntrack_tcp_loose = 0
    # sysctl -p
    # iptables -A INPUT -m state –state INVALID -j DROP
  3. net.ipv4.conf.all.arp_filter – Prevent ARP Flux, an undesirable condition that can occur in both hosts and guests and is caused by the machine responding to ARP requests from more than one network interface.
    # sysctl -w net.ipv4.conf.all.arp_filter = 10
    # sysctl -p
  4. net.ipv4.netfilter.ip_conntrack_max –  The maximum number of “sessions” (connection tracking entries) that can be handled simultaneously by netfilter in kernel memory. The formula to get the appropriate maximum conntrack is below:
    CONNTRACK_MAX = RAMSIZE (256 MB should be converted in bytes) / 16384 / (x / 32)
    where value of x is the system architecture (64bit/32bit)

    # sysctl -w net.ipv4.netfilter.ip_conntrack_max = 8253128
    # sysctl -p
  5. vm.dirty_background_ratio –  RAM value in percentage of dirty pages before
    # the system starts writing asynchronously to disk.

    # sysctl -w vm.dirty_background_ratio = 5
    # sysctl -p
  6. vm.dirty_ratio – RAM value in percentage of dirty pages before the system starts writing synchronously to disk.
    # sysctl -w vm.dirty_ratio = 15
    # sysctl -p

 

Take note that dirty pages are data that is cached on the RAM waiting to be written on disk.

At the end of the day, the system administrator is responsible to determine the target type of work and workload for a machine and to monitor whether either change over time. The system administrator should ensure that any tunable kernel parameters are set to optimize machine performance.

 

lordfrancs3
lordfrancs3

Lordfrancis3 is a member of PinoyLinux since its establishment in 2011. With a wealth of experience spanning numerous years, he possesses a profound understanding of managing and deploying intricate infrastructure. His contributions have undoubtedly played a pivotal role in shaping the community's growth and success. His expertise and dedication reflect in every aspect of the journey, as PinoyLinux continues to champion the ideals of Linux and open-source technology. LordFrancis3's extensive experience remains an invaluable asset, and his commitment inspires fellow members to reach new heights. His enduring dedication to PinoyLinux's evolution is truly commendable.

Articles: 32

Leave a Reply

Your email address will not be published. Required fields are marked *

Protected by CleanTalk Anti-Spam