Introduction to common kernel network parameters and common problem handling of Linux examples

Posted by Blaze(!) on Sun, 20 Feb 2022 00:17:32 +0100

summary

This paper mainly introduces the common Linux kernel parameters and the treatment of related problems.

View and modify Linux instance kernel parameters

  • Starting from the actual needs, try to have the support of relevant data, and it is not recommended to adjust the kernel parameters at will.
  • To understand the specific functions of parameters, it should be noted that kernel parameters may be different in environments of the same type or version.
  • Back up important data in ECS instances. For information on how to back up data, see

The following two methods are provided to modify the kernel parameters of Linux instances.

Method 1: view and modify kernel parameters through the / proc/sys / directory

  • View kernel parameters: use the cat command to view the contents of the corresponding file. Execute the following command to view net ipv4. tcp_ tw_ Value of recycle.
 cat /proc/sys/net/ipv4/tcp_tw_recycle 
  • Modify kernel parameters: use echo command to modify the file corresponding to the kernel parameters, execute the following command, and set net ipv4. tcp_ tw_ Change the value of recycle to 0.
 echo "0" > /proc/sys/net/ipv4/tcp_tw_recycle 

Method 2: through sysctl Conf file to view and modify kernel parameters

net.ipv4.tcp_app_win = 31
net.ipv4.tcp_adv_win_scale = 2
net.ipv4.tcp_tw_reuse = 0
net.ipv4.tcp_frto = 2
net.ipv4.tcp_frto_response = 0
net.ipv4.tcp_low_latency = 0
net.ipv4.tcp_no_metrics_save = 0
net.ipv4.tcp_moderate_rcvbuf = 1
net.ipv4.tcp_tso_win_divisor = 3
net.ipv4.tcp_congestion_control = cubic
net.ipv4.tcp_abc = 0
net.ipv4.tcp_mtu_probing = 0
net.ipv4.tcp_base_mss = 512
net.ipv4.tcp_workaround_signed_windows = 0
net.ipv4.tcp_challenge_ack_limit = 1000
net.ipv4.tcp_limit_output_bytes = 262144
net.ipv4.tcp_dma_copybreak = 4096
net.ipv4.tcp_slow_start_after_idle = 1
net.ipv4.cipso_cache_enable = 1
net.ipv4.cipso_cache_bucket_size = 10
net.ipv4.cipso_rbm_optfmt = 0
net.ipv4.cipso_rbm_strictvalid = 1

Modify kernel parameters in the following two ways.

Note: after adjusting the kernel parameters, the kernel is in an unstable state. Be sure to restart the instance.

Execute the following command to temporarily modify the kernel parameters.

/sbin/sysctl -w kernel.parameter="[$Example]"

Description: [$Example] is the parameter value, such as sysctl - W net ipv4. tcp_ tw_ Cycle = "0" command, change the parameter value to 0.

Modify the kernel parameters by modifying the configuration file.
Execute the following command to modify / etc / sysctl Parameters in the conf file.

vi /etc/sysctl.conf 
#Execute the following command to make the configuration effective.
/sbin/sysctl -p

Common problems and solutions caused by Linux network related kernel parameters

Problem 1: the NAT hash table of the Linux instance is full, resulting in packet loss of the ECS instance

Note: the kernel parameters involved here are as follows.

  • net.netfilter.nf_conntrack_buckets
  • net.nf_conntrack_max

Problem phenomenon
The Linux instance has intermittent packet loss and cannot connect to the instance. Please refer to the link test instructions in case of ping packet loss or failure. Through the troubleshooting of tracert, mtr and other tools, no abnormality is found in the external network. At the same time, a large number of error messages similar to the following appear repeatedly in the system log.

Feb  6 16:05:07 i-*** kernel: nf_conntrack: table full, dropping packet.
Feb  6 16:05:07 i-*** kernel: nf_conntrack: table full, dropping packet.
Feb  6 16:05:07 i-*** kernel: nf_conntrack: table full, dropping packet.
Feb  6 16:05:07 i-*** kernel: nf_conntrack: table full, dropping packet.

Cause analysis
The Linux instance has intermittent packet loss and cannot connect to the instance. Please refer to the link test instructions in case of ping packet loss or failure. Through the troubleshooting of tracert, mtr and other tools, no abnormality is found in the external network. At the same time, a large number of error messages similar to the following appear repeatedly in the system log.

Feb  6 16:05:07 i-*** kernel: nf_conntrack: table full, dropping packet.
Feb  6 16:05:07 i-*** kernel: nf_conntrack: table full, dropping packet.
Feb  6 16:05:07 i-*** kernel: nf_conntrack: table full, dropping packet.
Feb  6 16:05:07 i-*** kernel: nf_conntrack: table full, dropping packet.

Cause analysis
ip_conntrack is a module that tracks connection entries in NAT in Linux system. ip_ The conntrack module will use a hash table to record the TCP Protocol "established connection" record. When the hash table is full, it will lead to the error of "nf_conntrack: table full, dropping packet". The Linux system will open up a space for maintaining each TCP link. The size of this space is the same as nf_conntrack_buckets,nf_ conntrack_ The default value of the latter is 4 times that of the former, so it is generally recommended to increase nf_conntrack_max parameter value.

Note: the system maintenance connection consumes more memory. Please reduce the NF when the system is free and the memory is sufficient_ conntrack_ Max parameter, and it depends on the situation of the system.

resolvent

  1. Log in to a Linux instance. For how to log in to a Linux instance, see connecting to a Linux instance using a management terminal.

  2. Execute the following command to edit the system kernel configuration.

    vi /etc/sysctl.conf
    
  3. Modify the hash table entry maximum parameter net netfilter. nf_ conntrack_ Max is 655350.

  4. Modify the timeout parameter net netfilter. nf_ conntrack_ tcp_ timeout_ The established is 1200. By default, the timeout is 432000 seconds.

  5. Execute the sysctl -p command to make the configuration effective.

Topics: Linux