Most used kernel parameter for system tuning

Most used kernel parameter for system tuning

The default Linux kernel behavior is sub-optimal out of the box because it is difficult to anticipate what type of work or workload the operating system will be assigned.

But then again, the Linux kernel is also flexible, and you can even modify the way it works on the fly by dynamically changing some of its parameter using sysctl command. Changes will take effect immediately, or modify /etc/sysctl.conf to make the changes persistent during reboot. But beware of messing it up, for it may cause undesirable behavior or even crash your system.

Using sysctl command, you can optimize your box without having to recompile your kernel, get the results immediately. Here are some of the commonly used kernel parameter for system tuning.

  1. swappiness – value in percentage left on RAM before it use swap file. Swappiness is a Linux kernel parameter that controls the relative weight given to swapping out runtime memory, as opposed to dropping pages from the system page cache. Swappiness can be set to values between 0 and 100 inclusive.
    # sysctl -w vm.swappiness = 10
    # sysctl -p
  2. nf_conntrack_tcp_loose – With Netfilter’s connection tracking system (conntrack), we can start filtering out false SYN-ACK and ACK packets before they hit the “listen” state lock. This mitigates SYN Flood Attacks plus the help of an additional netfilter rule.
    # sysctl -w net.netfilter.nf_conntrack_tcp_loose = 0
    # sysctl -p
    # iptables -A INPUT -m state –state INVALID -j DROP
  3. net.ipv4.conf.all.arp_filter – Prevent ARP Flux, an undesirable condition that can occur in both hosts and guests and is caused by the machine responding to ARP requests from more than one network interface.
    # sysctl -w net.ipv4.conf.all.arp_filter = 10
    # sysctl -p
  4. net.ipv4.netfilter.ip_conntrack_max –  The maximum number of “sessions” (connection tracking entries) that can be handled simultaneously by netfilter in kernel memory. The formula to get the appropriate maximum conntrack is below:
    CONNTRACK_MAX = RAMSIZE (256 MB should be converted in bytes) / 16384 / (x / 32)
    where value of x is the system architecture (64bit/32bit)

    # sysctl -w net.ipv4.netfilter.ip_conntrack_max = 8253128
    # sysctl -p
  5. vm.dirty_background_ratio –  RAM value in percentage of dirty pages before
    # the system starts writing asynchronously to disk.

    # sysctl -w vm.dirty_background_ratio = 5
    # sysctl -p
  6. vm.dirty_ratio – RAM value in percentage of dirty pages before the system starts writing synchronously to disk.
    # sysctl -w vm.dirty_ratio = 15
    # sysctl -p


Take note that dirty pages are data that is cached on the RAM waiting to be written on disk.

At the end of the day, the system administrator is responsible to determine the target type of work and workload for a machine and to monitor whether either change over time. The system administrator should ensure that any tunable kernel parameters are set to optimize machine performance.


Tags: , , , , ,

Leave a Reply