一、网络传输碎片(fragmentation)
1. 查看网络碎片的summary,netstat –s
[root@station2 ~]# netstat -s
Ip:
65837 total packets received
2707 with invalid addresses
0 forwarded
0 incoming packets discarded
49662 incoming packets delivered
38977 requests sent out
Icmp:
4024 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
destination unreachable: 4018
echo requests: 6
4022 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 4016
echo replies: 6
IcmpMsg:
InType3: 4018
InType8: 6
OutType0: 6
OutType3: 4016
Tcp:
878 active connections openings
674 passive connection openings
120 failed connection attempts
1 connection resets received
1 connections established
34722 segments received
28212 segments send out
15 segments retransmited
0 bad segments received.
213 resets sent
Udp:
2712 packets received
4016 packets to unknown port received.
0 packet receive errors
6728 packets sent
TcpExt:
671 TCP sockets finished time wait in fast timer
1603 delayed acks sent
Quick ack mode was activated 1 times
17071 packets header predicted
3252 acknowledgments not containing data received
4603 predicted acknowledgments
9 congestion windows recovered after partial ack
0 TCP data loss events
6 retransmits in slow start
9 other TCP timeouts
12 DSACKs sent for old packets
9 DSACKs received
29 connections reset due to unexpected data
IpExt:
InMcastPkts: 1
InBcastPkts: 4187
2. 查看网络中由于传输失效,重组失败的数据包
[root@station2 ~]# cat /proc/net/snmp | grep '^Ip:' | cut -f17 -d ' '
ReasmFails
0
#如果重组的数量很多,则说明网络存在问题,需要调整buffer,说明buffer size 太小了。
3. 出现碎片的原因
l DDos攻击。
l NFS协议产生。
l 网络有干扰,过于嘈杂。
l 网络有缺陷。
4. 调整碎片的buffer
#红色线为警告线,绿色线为安全线。
[root@station2 ~]# sysctl -a|grep ipfrag
net.ipv4.ipfrag_max_dist = 64
net.ipv4.ipfrag_secret_interval = 600
net.ipv4.ipfrag_time = 30
#该参数表示数据碎片在内存中存在的时间,30s后仍然未重组发送则放弃数据,s(秒)
net.ipv4.ipfrag_low_thresh = 196608
#该参数表示碎片数据达到参数值时开始重组,并尝试发送,byte
net.ipv4.ipfrag_high_thresh = 262144
#该参数表示碎片数据达到参数值时放弃数据,byte
二、 网络中断处理
1. 每一次网卡响应(每一个数据包),NIC都会向CPU申请硬中断,同时也会申请软中断,用于将数据接受到队列中。
2. 中断处理总是会抢占进程队列,也就是中断的优先级高于进程队列。如果用于数据传输的队列满了,则数据将会被丢弃。如果接受的数据包慢了,则数据也会被丢弃。需要防止出现这种高负载。
l 查看硬中断 /proc/interrupts
[root@station9 ~]# cat /proc/interrupts
CPU0 CPU1 CPU2 CPU3
0: 284392205 21995 22047 22071 IO-APIC-edge timer
1: 1 0 1 1 IO-APIC-edge i8042
8: 1 2 0 0 IO-APIC-edge rtc
9: 0 0 0 0 IO-APIC-level acpi
12: 2 1 1 0 IO-APIC-edge i8042
74: 0 0 0 0 IO-APIC-level uhci_hcd:usb4
82: 131 134 421406 421390 IO-APIC-level ehci_hcd:usb1, uhci_hcd:usb2
90: 11 21 22 8 IO-APIC-level uhci_hcd:usb3
98: 0 0 0 0 IO-APIC-level ahci
162: 21 0 0 282046 PCI-MSI eth0
177: 1426 1492 47987 45870 IO-APIC-level ioc0
NMI: 0 0 0 0
LOC: 284430478 284430487 284430483 284430491
ERR: 0
l 查看进程的软中断
[root@station9 ~]# ps axo pid,comm,util |grep softirq
3 ksoftirqd/0 0
6 ksoftirqd/1 0
9 ksoftirqd/2 0
12 ksoftirqd/3 0
3. 提升中断的处理能力
l 在一个中断中处理多个事物。
l 给每个事物分配一个固定的CPU时间片。
4. 调中断请求
l modinfo -p e1000
[root@station9 ~]# modinfo -p e1000
debug:Debug level (0=none,...,16=all)
copybreak:Maximum size of packet that is copied to a new buffer on receive
KumeranLockLoss:Enable Kumeran lock loss workaround
SmartPowerDownEnable:Enable PHY smart power down
InterruptThrottleRate:Interrupt Throttling Rate
RxAbsIntDelay:Receive Absolute Interrupt Delay
RxIntDelay:Receive Interrupt Delay
TxAbsIntDelay:Transmit Absolute Interrupt Delay
TxIntDelay:Transmit Interrupt Delay
XsumRX:Disable or enable Receive Checksum offload
FlowControl:Flow Control setting
AutoNeg:Advertised auto-negotiation setting
Duplex:Duplex setting
Speed:Speed setting
RxDescriptors:Number of receive descriptors
TxDescPower:Binary exponential size (2^X) of each transmit descriptor
TxDescriptors:Number of transmit descripto
l update /etc/modprobe.conf
[root@station9 ~]# vim /etc/modprobe.conf
alias eth0 e1000e
alias eth1 e1000e
alias eth2 e1000e
alias eth3 e1000e
options e1000e InterruptThrottleRate=1,3000
#每秒能够处理3000个数据请求,该数值越大则消耗的buffer就越大。
0:关闭(有0、1、3共三个值可取)
1:则表示系统根据流量自动判断
3:保守的处理,系统自动调节
三、 网络连接
1. 调整TCP三次握手建立之前的设置
net.ipv4.tcp_syn_retries = 5
#尝试5次连接。
net.ipv4.tcp_max_syn_backlog = 1024
#最多能存放1024条连接,每个连接最多尝试5次。
net.ipv4.tcp_tw_recycle = 0
#该参数设置成0 的时候表示不开状态不允许重试,1为允许。
2. 调整TCP三次握手建立之后的设置
net.ipv4.tcp_keepalive_time = 7200
#存活的定时器,默认为7200秒,代表若已经建立起来的连接在7200秒(2小时)内,没有做任何操作,则该连接自动中断。
net.ipv4.tcp_keepalive_intvl = 75
#内核侦测的时间间隔。
net.ipv4.tcp_keepalive_probes = 9
#内核侦测的次数。