Almost all kernel parameters, were defined as constants. However using sysctl you can modify these constants to fit to your needs.

Networking Sysctl Tweaks (edit /etc/sysctl.conf)

In networking, there are 5 layers:

  • Application Layer – Web Browser/ OS (Segment)
  • Transport Layer – TCP (Segments)
    • Reliable protocol – Whatever you send, the receiver must ack that it has got it.
    • If not getting ack, resend
  • Network Layer – IP (Packets)
  • Data Link Layer – hardware part is involved like MAC address etc (Frames)
  • Physical Layer – data flow thru the wire
  • Increase max open files to 100,000 from the default (typically 1024). In Linux, every open network socket requires a file descriptor. Increasing this limit will ensure that lingering TIME_WAIT sockets and other consumers of file descriptors don’t impact our ability to handle lots of concurrent requests.
  • Decrease the time that sockets stay in the TIME_WAIT state by lowering tcp_fin_timeout from its default of 60 seconds to 10. You can lower this even further, but too low, and you can run into socket close errors in networks with lots of jitter. We will also set tcp_tw_reuse to tell the kernel it can reuse sockets in the TIME_WAIT state.
  • We won’t tune the total TCP memory (tcp_mem), since this is automatically tuned based on available memory by Linux.
  • NOTE: Since some of these settings can be cached by networking services, it’s best to reboot to apply them properly (sysctl -p does not work reliably).

Increase TCP throughput via increasing the size of the interface queue.

Shell Limits

An application could be run as regular user on the host system. If so, you may need to give different limits to this user.

/etc/security/limits.conf (File Descriptors and Max # of processes)

  • Don’t set the hard limit in FD same as /proc/sys/fs/file-max. As this user could eat up all system FDs, then the entire system will run out of the FDs.


It needs to load the modified limits.conf

TCP Congestion Window

Finally, let’s increase the TCP congestion window from 1 to 10 segments. This is done on the interface, which makes it a more manual process than our sysctl settings. First, use ip route to find the default route, shown in bold below:

Copy that line, and paste it back to the ip route change command, adding initcwnd 10 to the end to increase the congestion window:

To make this persistent across reboots, you’ll need to add a few lines of bash like the following to a startup script somewhere. Often the easiest candidate is just pasting these lines into /etc/rc.local:

Once you’re done with all these changes, you’ll need to either bundle a new machine image, or integrate these changes into a system management package such as Chef or Puppet.

Virtual Memory Tweak

Swap file

discussed above

Page Cache

Under Linux, the Page Cache accelerates many accesses to files on non volatile storage. This happens because, when it first reads from or writes to data media like hard drives, Linux also stores data in unused areas of memory, which acts as a cache. If this data is read again later, it can be quickly read from this cache in memory.

vm.dirty_ratio (default=20)

Percentage of total available memory that contains free and reclaimable pages at which a process that is generating disk writes will start writing out dirty data.

vm.dirty_background_ratio (default=10)

This value determines the percentage of memory that can contain dirty pages before the background kernel flusher threads start to write dirty pages to disk. If you have 1GB of RAM and you set this to 10 then it would take 100MB of dirty pages to begin the flush process.

vm.dirty_expire_centisecs (default=3000)

Value is expressed in 1/100 of a second. It defines the age at which dirty pages are eligible to be written to disk by the kernel flusher threads. This means that the longer this value is the higher the odds of data loss but also more time in memory if the program needs to use it again.

File System Tweaks

Make sure that /etc/rc.local is executable, otherwise the changes will not get applied on reboot, a simple chmod +x /etc/rc.local should do the trick.

log in

Use demo/demo public access

reset password

Back to
log in
Choose A Format
Personality quiz
Trivia quiz