RHEL6-24-LINUX
KERNEL -3
KERNEL TUNING:
Kernel Tuning via /proc/sys Temporary
Kernel Tuning via sysctl Temporary
Kernel Tuning via /etc/sysctl.conf Permanent
Kernel Tuning via /proc/proc Temporary
What is /proc/sys?
This is a virtual FS created by kernel while booting, which represents
the present state of kernel. It doesn't contain 'real' files but runtime system
information (e.g. system memory, devices mounted, hardware configuration, etc).
For this reason it can be regarded as a control and information centre for the
kernel.
We can say that its (sys/proc) is an interface between us and kernel,
which provides us liberty to tune the kernel parameters to optimize the system.
Though /proc is allowing us to tune kernel parameters but due to its
virtual nature, none of the changes are persistent. All gone after reboot.
[root@rhel6-test1 ~]# ls -l /proc/sys
total
0
dr-xr-xr-x
0 root root 0 Apr 11 18:20 abi
dr-xr-xr-x
0 root root 0 Apr 10 19:01 crypto
dr-xr-xr-x
0 root root 0 Apr 11 18:20 debug
dr-xr-xr-x
0 root root 0 Apr 11 18:20 dev
dr-xr-xr-x
0 root root 0 Apr 10 19:02 fs
dr-xr-xr-x
0 root root 0 Apr 10 19:02 kernel
dr-xr-xr-x
0 root root 0 Apr 10 19:02 net
dr-xr-xr-x
0 root root 0 Apr 11 18:20 vm
[root@rhel6-test1 ~]# ls -l /proc/sys/net/ipv4/
cipso_cache_bucket_size ip_no_pmtu_disc tcp_moderate_rcvbuf
cipso_cache_enable neigh/ tcp_mtu_probing
cipso_rbm_optfmt ping_group_range tcp_no_metrics_save
cipso_rbm_strictvalid route/ tcp_orphan_retries
conf/ rt_cache_rebuild_count tcp_reordering
icmp_echo_ignore_all tcp_abc
tcp_retrans_collapse
icmp_echo_ignore_broadcasts tcp_abort_on_overflow tcp_retries1
icmp_errors_use_inbound_ifaddr tcp_adv_win_scale tcp_retries2
icmp_ignore_bogus_error_responses tcp_allowed_congestion_control tcp_rfc1337
icmp_ratelimit tcp_app_win tcp_rmem
icmp_ratemask tcp_available_congestion_control tcp_sack
igmp_max_memberships tcp_base_mss
tcp_slow_start_after_idle
igmp_max_msf
tcp_congestion_control
tcp_stdurg
inet_peer_gc_maxtime tcp_dma_copybreak tcp_synack_retries
==============O/P
REMOVED=================================================
[root@rhel6-test1 ~]# cat
/proc/sys/net/ipv4/icmp_echo_ignore_all
0
I initiated ping to this server before change.
[root@rhel6-test1 ~]# echo 1 >
/proc/sys/net/ipv4/icmp_echo_ignore_all
[root@rhel6-test1 ~]# cat
/proc/sys/net/ipv4/icmp_echo_ignore_all
1
We can see that ping has stopped, because icmp is ignoring all
packets to respond.
Now again I changed the value from 1 to 0, and see the result.
[root@rhel6-test1 ~]# echo 0 >
/proc/sys/net/ipv4/icmp_echo_ignore_all
C:\Users\HP>ping 192.168.234.200 -t
Pinging
192.168.234.200 with 32 bytes of data:
Reply
from 192.168.234.200: bytes=32 time=28ms TTL=64
Reply
from 192.168.234.200: bytes=32 time=2ms TTL=64
Reply
from 192.168.234.200: bytes=32 time=2ms TTL=64
Reply
from 192.168.234.200: bytes=32 time=2ms TTL=64
Reply
from 192.168.234.200: bytes=32 time=2ms TTL=64
Request
timed out.
Request
timed out.
Request
timed out.
Request
timed out.
Request
timed out.
Request
timed out.
Request
timed out.
Request
timed out.
Request
timed out.
Reply
from 192.168.234.200: bytes=32 time=2ms TTL=64
Reply
from 192.168.234.200: bytes=32 time=2ms TTL=64
Reply
from 192.168.234.200: bytes=32 time=2ms TTL=64
Reply
from 192.168.234.200: bytes=32 time=2ms TTL=64
Reply
from 192.168.234.200: bytes=32 time=2ms TTL=64
Reply
from 192.168.234.200: bytes=32 time=2ms TTL=64
Ping
statistics for 192.168.234.200:
Packets: Sent = 20, Received = 11, Lost = 9
(45% loss),
Approximate
round trip times in milli-seconds:
Minimum = 2ms, Maximum = 28ms, Average =
4ms
Control-C
^C
Kernel Tuning via sysctl Temporary
Options:
-n Use this option to
disable printing of the key name when printing values.
-w Use this option when you
want to change a sysctl setting.
-a Display all values
currently available.
-e Use this option to
ignore errors about unknown keys.
-p Load in sysctl settings
from the file specified or /etc/sysctl.conf if
none given.
[root@rhel6-test1 ~]# sysctl kernel.hostname
kernel.hostname = rhel6-test1
[root@rhel6-test1 ~]# sysctl -n kernel.hostname
rhel6-test1
[root@rhel6-test1 ~]# sysctl -a |wc -l
1270
[root@rhel6-test1 ~]# sysctl -a |grep file-max
fs.file-max = 72550
[root@rhel6-test1 ~]# cat /proc/sys/fs/file-max
72550
Let’s change the same parameter via “sysctl”
[root@rhel6-test1 ~]# sysctl -a |grep icmp_echo_ignore_all
net.ipv4.icmp_echo_ignore_all = 0
[root@rhel6-test1 ~]# sysctl -w net.ipv4.icmp_echo_ignore_all=1
net.ipv4.icmp_echo_ignore_all = 1
[root@rhel6-test1 ~]# cat
/proc/sys/net/ipv4/icmp_echo_ignore_all
1
[root@rhel6-test1 ~]# sysctl -w
net.ipv4.icmp_echo_ignore_all=0
net.ipv4.icmp_echo_ignore_all = 0
The impact again,
C:\Users\HP>ping 192.168.234.200 -t
Pinging
192.168.234.200 with 32 bytes of data:
Reply
from 192.168.234.200: bytes=32 time=28ms TTL=64
Reply
from 192.168.234.200: bytes=32 time=2ms TTL=64
Reply
from 192.168.234.200: bytes=32 time=2ms TTL=64
Request
timed out.
Request
timed out.
Request
timed out.
Request
timed out.
Request
timed out.
Request
timed out.
Request
timed out.
Reply
from 192.168.234.200: bytes=32 time=2ms TTL=64
Reply
from 192.168.234.200: bytes=32 time=2ms TTL=64
Reply
from 192.168.234.200: bytes=32 time=2ms TTL=64
Reply
from 192.168.234.200: bytes=32 time=2ms TTL=64
Ping
statistics for 192.168.234.200:
Packets: Sent = 14, Received = 7, Lost = 7
(50% loss),
Approximate
round trip times in milli-seconds:
Minimum = 2ms, Maximum = 28ms, Average =
5ms
Control-C
^C
Kernel Tuning via /etc/sysctl.conf Permanent
[root@rhel6-test1 ~]# cat /etc/sysctl.conf
#
Kernel sysctl configuration file for Red Hat Linux
#
#
For binary values, 0 is disabled, 1 is enabled.
See sysctl(8) and
#
sysctl.conf(5) for more details.
#
Controls IP packet forwarding
net.ipv4.ip_forward
= 0
#
Controls source route verification
net.ipv4.conf.default.rp_filter
= 1
#
Do not accept source routing
net.ipv4.conf.default.accept_source_route
= 0
#
Controls the System Request debugging functionality of the kernel
kernel.sysrq
= 0
#
Controls whether core dumps will append the PID to the core filename.
#
Useful for debugging multi-threaded applications.
======================O/P
REMOVED======================================
[root@rhel6-test1 ~]# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
[root@rhel6-test1 ~]# sysctl -p |grep
net.ipv4.icmp_echo_ignore_all
[root@rhel6-test1 ~]# vim /etc/sysctl.conf
net.ipv4.icmp_echo_ignore_all=1 çç entered this at end of
file
Now initiate reload/re-read of configuration.
[root@rhel6-test1 ~]# sysctl –p
[root@rhel6-test1 ~]# sysctl -p |grep
net.ipv4.icmp_echo_ignore_all
net.ipv4.icmp_echo_ignore_all = 1
C:\Users\HP>ping 192.168.234.200 -t
Pinging
192.168.234.200 with 32 bytes of data:
Request
timed out.
Request
timed out.
Request
timed out.
Ping
statistics for 192.168.234.200:
Packets: Sent = 3, Received = 0, Lost = 3
(100% loss),
Control-C
^C
There is one more way to tune the parameter, I don’t know it is good
or not. But it is working.
I don’t know the other impact of following method, better to avoid and stick with conventional methods.
[root@rhel6-test1 ~]# ls -l /etc/sysctl.d
ls: cannot access /etc/sysctl.d: No such file or directory
[root@rhel6-test1 ~]# mkdir /etc/sysctl.d
[root@rhel6-test1 ~]# touch /etc/sysctl.d/myfile.conf
[root@rhel6-test1 ~]# vim /etc/sysctl.d/myfile.conf
net.ipv4.icmp_echo_ignore_all=1 çç entered following
[root@rhel6-test1 ~]# sysctl -p /etc/sysctl.d/myfile.conf
net.ipv4.icmp_echo_ignore_all = 1
[root@rhel6-test1 ~]# cat
/proc/sys/net/ipv4/icmp_echo_ignore_all
1
C:\Users\HP>ping 192.168.234.200 -t
Pinging
192.168.234.200 with 32 bytes of data:
Request
timed out.
Request
timed out.
Ping
statistics for 192.168.234.200:
Packets: Sent = 2, Received = 0, Lost = 2
(100% loss),
Control-C
^C
Reference & Good read:
No comments:
Post a Comment