This chapter describes how to tune Tru64 UNIX to improve your Internet server performance. It offers various configuration guidelines, describes several monitoring tools, and suggests primary and advanced tuning recommendations, including the following:
Improving internet server performance (Section 6.1)
Primary tuning recommendations (Section 6.2)
Advanced tuning recommendations (Section 6.3)
Not all recommendations apply to all configurations, and some provide only marginal performance improvements. Therefore, you must fully understand your configuration and workload, and then carefully read the documentation before applying any recommendation.
Note
Some attribute names have changed for Tru64 UNIX Version 5.0 and higher.
6.1 Improving Internet Server Performance
This section describes how to improve your Internet server performance. It offers various configuration guidelines and describes several monitoring tools, including:
Configuring hardware (Section 6.1.1)
Configuring memory and swap space (Section 6.1.2)
Logging IP addresses (Section 6.1.3)
Monitoring network statistics (Section 6.1.4)
Monitoring socket statistics (Section 6.1.5)
Monitoring virtual memory statistics (Section 6.1.6)
Gathering configuration information (Section 6.1.7)
The following hardware configuration guidelines can help to improve Internet server performance:
Make sure you have the latest version of the firmware for your system, disks, adapters, and controllers.
Ensure that you have sufficient memory and swap space to handle the workload. See Section 6.1.2 for more information.
Use high-performance storage hardware, including disks, adapters, and controllers in your Internet server configuration.
Use Logical Storage Manager (LSM) or hardware RAID storage configurations for high performance and high availability.
Use write-back caches in hardware RAID configurations to significantly improve Internet server performance.
Place the
/tmp
and
/var/tmp
directories on different file systems and, if possible, different disks.
For
optimal performance, place the directories on disks under control of a RAID
controller with the write-back cache option enabled.
6.1.2 Configuring Memory and Swap Space
You must provide sufficient memory and swap space to handle the server workload. Insufficient memory resources and swap space will cause performance problems. To configure memory and swap space, follow these steps:
Determine how much physical memory your workload requires.
Choose a swap space allocation mode, either immediate or deferred.
Determine how much swap space you need.
Configure the swap space to efficiently distribute the disk I/O.
In addition to the memory needed for system and application operations, each connection to an Internet server requires memory resources for the following:
Kernel socket structure
Internet protocol control block (inpcb)
structure
TCP control block structure
Any socket buffer space that is needed as packets arrive and are consumed
These memory resources total 1 KB for each connection endpoint (not including the socket buffer space), which means that you will need 10 MB of memory to accommodate 10,000 connections.
You must ensure that your server has enough memory to handle demanding peak loads. Configure ten times more memory than what the server requires on a busy day, so that you have sufficient memory to handle occasional spikes of activity.
There are no limitations on a server's ability to handle millions of
TCP connections if memory resources are available to service the connections.
However, if you do not have sufficient memory, the server will reject new
connection requests until enough existing connections are freed.
Use the
netstat -m
command to monitor the memory that is currently being
used by the network subsystem.
See
Section 6.1.4
for
more information on the
netstat
command.
6.1.3 Logging IP Addresses
If your Internet server logs client host names, the application software may force the system to perform a reverse DNS lookup in order to obtain the client's host name. Reverse DNS lookups are time-intensive and may cause performance problems on busy servers with many clients.
You can modify the Internet software to log client Internet Protocol (IP) addresses, instead of client host names, without losing any significant information. Logging IP addresses may significantly improve the efficiency of the Internet server.
Consult the documentation provided by your Internet server software vendor to determine how to disable the logging of client host names. For example, you can obtain information about modifying Apache HTTP Server software from the Apache HTTP Server documentation Web site at this URL:
http://httpd.apache.org/docs/
6.1.4 Monitoring Network Statistics
The
netstat
command displays network statistics,
including information about network routes and active sockets for each protocol.
The command also displays cumulative statistics for network interfaces, including
the number of incoming and outgoing packets and packet collisions, information
about memory used for network operations, and statistics related to IP, ICMP,
TCP, and UDP protocol layers.
Table 6-1
lists the
netstat
commands you can use to check network statistics.
Table 6-1: Tools for Monitoring Network Statistics
| Tools | Description | Reference |
netstat -i |
Displays excessive amounts of input errors (Ierrs), output errors (Oerrs), or collisions
(Coll), this may indicate a network problem. |
Section 2.4.5.1 |
netstat -is |
Checks for network device driver errors. | Section 2.4.5.2 |
netstat -m |
Determines if the network is using an excessive amount of memory in proportion to the total amount of memory installed in the system. | Section 2.4.5.3 |
netstat -an |
Determines the state of your existing network connections. | Section 2.4.5.4 |
netstat -p ip |
Checks for bad checksums, length problems, excessive redirects, and packets lost because of resource problems. | Section 2.4.5.5 |
netstat -p tcp |
Checks for retransmissions, out-of-order packets, and bad checksums. | Section 2.4.5.6 |
netstat -p udp |
Checks for bad checksums and full sockets. | Section 2.4.5.6 |
netstat -rs |
Displays routing statistics. | Section 2.4.5.7 |
netstat -s |
Displays statistics related to IP, ICMP, IGMP,TCP, and UDP protocol layers. | Section 2.4.5.8 |
sysconfig -q socket |
Displays the current attribute values. If the values show the queues are overflowing, you many need to increase the socket listen queue limit. | Section 6.1.5 |
vmstat |
Displays data on virtual memory usage. | Section 6.1.6 |
See
netstat(1)6.1.5 Monitoring Socket Statistics
Three
socket
subsystem attributes monitor socket
listen queue events:
The
sobacklog_hiwat
attribute counts the
maximum number of pending requests to any server socket.
The
sobacklog_drops
attribute counts the number of
times the system dropped a received SYN packet, because the number of queued
SYN_RCVD connections for a socket equaled the socket's backlog limit.
The
somaxconn_drops
attribute counts the number of
times the system dropped a received SYN packet, because the number of queued
SYN_RCVD connections for the socket equaled the upper limit on the backlog
length (somaxconn
attribute).
The initial value of these attributes at boot time is 0.
Use the
sysconfig -q
socket command to display the current attribute values.
If the values show that the queues are overflowing, you may need to increase
the socket listen queue limit.
For example:
#sysconfig -q socketsocket: pftimerbindcpu = 0 sbcompress_threshold = 0 sb_max = 1048576 sobacklog_drops = 0 sobacklog_hiwat = 21 somaxconn = 65535 somaxconn_drops = 0 sominconn = 65535 mbuf_ext_lock_count = 64 umc_min_len = 1024 umc = 0
We recommend that the value of the
sominconn
attribute
equal the value of the
somaxconn
attribute.
If so, the
value of
somaxconn_drops
will have the same value as
sobacklog_drops.
However, if the value of the
sominconn
attribute
is 0 (the default), and if one or more server applications uses an inadequate
value for the backlog argument to its
listen
system call,
the value of
sobacklog_drops
may increase at a rate that
is faster than the rate at which the
somaxconn_drops
counter
increases.
If this occurs, you may want to increase the value of the
sominconn
attribute.
See
Section 6.2.3.2
for more information
on the
sominconn
attribute.
6.1.6 Monitoring Virtual Memory Statistics
The
vmstat
command provides data on virtual memory
usage.
This may help you determine if a system is paging excessively, which
can degrade Internet server performance.
For example:
#vmstat 1Virtual Memory Statistics: (pagesize = 8192) procs memory pages intr cpu r w u act free wire fault cow zero react pin pout in sy cs us sy id 7 526 59 80K 758 45K 402M 94M 132M 1M 74M 139K 757 42K 1K 38 14 48 7 526 59 81K 278 45K 939 15 896 0 11 0 824 2K 1K 85 11 4 6 528 59 81K 285 45K 595 67 411 0 10 0 983 5K 2K 81 17 2 7 526 59 81K 353 45K 560 31 446 0 17 0 781 2K 1K 87 10 3 7 526 59 81K 353 45K 406 0 406 0 0 0 1K 4K 2K 85 13 2 7 527 59 81K 288 45K 406 0 406 0 0 0 1K 7K 4K 81 18 1 9 524 59 81K 350 45K 640 72 420 0 13 0 999 3K 2K 85 13 2 . . .
The values in the
memory
fields are
specified in 8-KB pages.
Check the size of the free page list (free).
Compare the number of free pages to the values for the active
pages (act) and the wired pages (wire).
The sum of the free, active, and wired pages should be close to the amount
of physical memory in your system.
Although the value for
free
should be small, if the value is consistently small (less than 128 pages)
and accompanied by excessive paging and swapping, you may have a physical
memory shortage.
Also, examine the pageout (pout) field.
If the number
of pageouts is consistently high, you may have insufficient memory.
You also
may have insufficient swap space or your swap space may be inefficiently configured.
Use the
swapon -s
command to display your swap device configuration,
and use the
iostat
command to determine which swap disk
is being used the most.
See
vmstat(1)swapon(8)iostat(1)6.1.7 Gathering Configuration Information
The
sys_check
script is a
ksh
script that gathers configuration information and formats this information
into an HTML file.
It warns you if it detects configuration problems, checks
your kernel subsystem attribute settings, and provides attribute tuning recommendations.
See
Section 2.3.3
for more information.
Be sure to use the latest version of
sys_check.
You
can obtain this from:
http://www.tru64unix.compaq.com/sys_check/sys_check.html
6.2 Primary Tuning Recommendations
There are many kernel subsystem attributes that affect Internet server performance. Internet servers include Web servers, ftp servers, mail servers and relays, proxy servers, caching servers, gateway systems, and firewall systems. This section offers primary tuning recommendations for some of the attributes for the following subsystems:
Internet (Section 6.2.1)
Process (Section 6.2.2)
Socket (Section 6.2.3)
Note
Some kernel subsystem attributes enable you to modify their value and apply the value to a running system. Other attributes require you to reboot the system to use a new value. See Section 3.3.1 to determine if an attribute can be tuned at run time.
The primary tuning recommendations provide the best performance improvement for most Internet server configurations. If performance is still deficient after applying these recommendations, you may be able to improve performance by modifying additional kernel subsystem attributes, as discussed in Section 6.3.
You can also use the Compaq Continuous Profiling Infrastructure (CPI, formerly known as DCPI) tool to obtain detailed information about system components that heavily utilize CPU cycles. CPI is offered as an Advanced Developement Kit. See to the following Web site for more information:
http://www.tru64unix.compaq.com/dcpi
6.2.1 Modifying Internet Attributes
You may be able to improve Internet server performance by tuning the
following Internet
inet
subsystem attributes:
tcbhashsize
(Section 6.2.1.1)
pmtu_enabled
(Section 6.2.1.2)
ipport_userreserved
(Section 6.2.1.3)
See
sys_attrs_inet(5)6.2.1.1 Increasing the Size of the TCP Hash Table
The
tcbhashsize
attribute specifies the number of
buckets in the Transmission Control Protocol (TCP)
inpcb
hash table.
The kernel must look up the connection block for every TCP packet
it receives; therefore, increasing the size of the table can speed up the
search and improve performance.
However, increasing the size of the hash table will cause a slight increase in wired memory. It can also cause a bottleneck at the TCP hash table in SMP systems.
The default value is 512 buckets.
The recommended value is 16384.
6.2.1.2 Disabling PMTU Discovery
Packets transmitted between servers are divided into equal-sized units to facilitate the transmission of the data over routers and small-packet networks, such as Ethernet networks.
When the
pmtu_enabled
attribute is enabled, the operating
system determines the largest common path maximum transmission unit (PMTU)
value between servers and uses it as the unit size.
A routing table entry
is also created for each client network that attempts to connect to the server.
If you have a poorly performing Internet server that handles mainly
remote traffic and the routing table increases to more than 1000 entries,
disabling the PMTU discovery can decrease the size of the routing table, which
may improve server efficiency.
However, if a server handles mainly local traffic
and only some remote traffic, disabling PMTU discovery can degrade bandwidth.
Use the
netstat -r
command to display the contents of the
routing table.
The default value is 1 (PMTU enabled).
The recommended value is 0 (PMTU
disabled).
6.2.1.3 Increasing the Number of Outgoing Connection Ports
When a TCP or UDP application creates an outgoing connection, the kernel dynamically allocates a nonreserved port number for each connection.
The kernel selects the port number from a range of values between
ipport_userreserved_min
and
ipport_userreserved.
Using the default attribute values, the range of outgoing ports begins at port 1024 and ends at port 5000, and the number of simultaneous outgoing connections is limited to 3976 (5000 minus 1024).
If you have a proxy server, caching server, gateway system, or firewall
system with a load of more than 4000 simultaneous connections, you can modify
the value of the
ipport_userreserved
attribute.
The default
value is 5000, which is the minimum value.
The recommended value is 65535,
which is the maximum value.
Do not specify a value that is greater than 65535
or lower than 5000.
6.2.2 Modifying Process Attributes
You may be able to improve Internet server performance by tuning the
following process
proc
subsystem attributes:
maxusers
(Section 6.2.2.1)
max_proc_per_user
(Section 6.2.2.2)
max_threads_per_user
(Section 6.2.2.3)
max_per_proc_data_size
(Section 6.2.2.4)
max_per_proc_address_space
(Section 6.2.2.5)
These attributes set limits on system resources. If your Internet server appears to be reaching the resource limits, you may want to increase the value of one or more of these attributes. However, increasing the value of these attributes will allow the system to consume more memory.
See
sys_attrs_proc(5)6.2.2.1 Increasing the Size of System Tables and Data Structures
System algorithms use the
maxusers
attribute to size
various system data structures and system tables.
Increasing the value of
maxusers
provides more system resources to processes.
However, this
will increase the amount of wired memory.
If your system experiences a lack of resources (for example,
Out of processes,
No more processes, or
pid table is full
messages) and you have enough memory, increase
the value of the
maxusers
attribute.
To determine an appropriate value for the
maxusers
attribute, you can double the default value until you improve performance.
For example, if you have up to 1 GB of memory, increase the value of the
maxusers
attribute to 512.
If you have up to 2 GB, increase the
value to 1024.
If you have an Internet, Web, proxy, caching, firewall, or
gateway server, increase the value of the
maxusers
attribute
to 2048.
The default value varies from 16 to 2048, depending on the amount of physical memory in the system. It is not recommended that you increase the value to more than 2048.
System administrators can change the
maxusers
attribute
with the following command:
#sysconfig -r proc maxusers=N
The value
N
is the desired new value.
This command triggers the automatic
expansion of the
pid table.
The resizing of other system
tables is not performed until you specify a new value for the
maxusers
attribute in the
/etc/sysconfigtab
file and
reboot the system.
6.2.2.2 Increasing the Number of Processes per User
The
max_proc_per_user
attribute specifies the maximum
number of processes that can be allocated at any one time to each user, except
superuser.
If your system experiences a lack of processes, increase the value of this attribute. If you have a multiprocess Internet server (for example, a server running IPlanet, Apache, CERN, or Zeus), you also may want to increase the value of this attribute. Note that increasing its value increases the amount of wired memory.
The default value is 64.
The recommended value is 2000.
The value you
choose must not be more than the maximum number of processes that can be started
by your system.
For Internet servers, these processes include CGI processes.
If you specify a value of 0 for this attribute, there is no limit on the number
of processes per user.
6.2.2.3 Increasing the Number of Threads per User
The
max_threads_per_user
attribute specifies the
maximum number of threads that can be allocated at any one time to each user,
except superuser.
If your system experiences a lack of threads, increase the value of this attribute. If you have a multithreaded Internet server (for example, a server running Netscape FastTrack or Netscape Enterprise), you may want to increase the value this attribute.
The default value is 256.
The recommended value is 4096.
The value must
not be more than the maximum number of threads that can be started by your
system.
6.2.2.4 Increasing the User Process Data Segment Size Limits
The
max_per_proc_data_size
attribute specifies the
maximum limit of data segment sizes.
Some large programs and large-memory
processes may not run unless you increase the values of this attribute.
Increase
the limits if you receive an
Out of process memory
message.
The default value is 1073741824 (1 GB).
The recommended value is 10737418240
(10 GB).
If your system has more than 10 GB of memory, you can further increase
this value.
6.2.2.5 Increasing the User Process Address Space Limits
The
max_per_proc_address_space
attribute specifies
the maximum limit of user process address space (number of bytes of virtual
memory).
Some large programs and large-memory processes may not run unless
you increase the value of this attribute.
However, increasing the address
space limits will cause a small increase in memory consumption.
The default value is 4294967296 (4 GB) for systems running Tru64 UNIX Version 5.0 or higher.
The recommended value is 10737418240 (10 GB).
If your system has more
than 10 GB of memory, you can further increase this value.
6.2.3 Modifying Socket Attributes
You may be able to improve Internet server performance by tuning the following socket attributes:
somaxconn
(Section 6.2.3.1)
sominconn
(Section 6.2.3.2)
sbcompress_threshold
(Section 6.2.3.3)
See
sys_attrs(5)6.2.3.1 Increasing the Maximum Number of Pending TCP Connections
The
somaxconn
attribute specifies the maximum number
of pending TCP connections (the socket listen queue limit) for each server
socket (for example, for the HTTP server socket).
Pending TCP connections
can be caused by lost packets in the Internet or denial of service attacks.
Busy Internet servers often experience large numbers of pending connections.
If the listen queue connection limit is too small, incoming connect requests
may be dropped.
The default value is 1024.
The recommended value is 65535, which is
the maximum value.
Do not specify a value that is higher than the maximum
value because this can cause unpredictable behavior.
6.2.3.2 Increasing the Minimum Number of Pending TCP Connections
The
sominconn
attribute specifies the minimum number
of pending TCP connections (backlog) for each server socket.
The attribute controls the maximum number of SYN packets that the system can
handle simultaneously before additional requests are discarded.
Network performance
can degrade if a client saturates a socket listen queue with erroneous TCP
SYN packets, which blocks other users from the queue.
The value of the
sominconn
attribute overrides the
application-specific
backlog
value, which may be set too
low for some server software.
If you do not have your application source code,
use the
sominconn
attribute to set a pending-connection
limit that is appropriate for your application.
The default value is 0.
The recommended value is 65535, which is the
maximum value.
It is recommended that the value of the
sominconn
attribute be the same as the value of the
somaxconn
attribute.
See
Section 6.2.3.1
for more information in the
somaxconn
attribute.
6.2.3.3 Enabling the mbuf Cluster Compression
The
sbcompress_threshold
attribute controls whether
mbuf
clusters are compressed at the socket layer.
By default,
mbuf
clusters are not compressed, which can cause proxy servers
and caching servers to consume all the available
mbuf
clusters.
This problem is more likely to occur if you are using FDDI instead of Ethernet.
See
Section 2.4.5.3
for information about monitoring
mbuf
clustering.
To enable
mbuf
cluster compression, modify the
sbcompress_threshold
attribute and specify a value.
Packets will
be copied into the existing
mbuf
clusters if the packet
size is less than this value.
The default value is 0 (mbuf
compression is disabled).
If you have a proxy server, caching server, gateway system, or firewall system,
the recommended value is 600 bytes.
6.3 Advanced Tuning Recommendations
This section offers advanced tuning recommendations for some of the attributes for the following subsystems:
Generic (Section 6.3.1)
Internet (Section 6.3.2)
Network (Section 6.3.3)
Socket (Section 6.3.4)
Virtual memory (Section 6.3.5)
These recommendations are appropriate only for systems that are primarily used as Internet servers and are configured with sufficient physical memory. Using a recommended attribute value in a non-Internet server may cause degradation in system performance.
Because Internet server configurations differ and a recommended value
may not provide optimal performance for all configurations, be careful when
modifying attributes.
Read the attribute descriptions and determine which
values are appropriate for your configuration.
If modifying an attribute does
not improve performance, you may want to return to the default value.
6.3.1 Modifying Generic Attributes
You may be able to improve Internet server performance by tuning the
kmemreserve_percent
generic (generic) subsystem
attribute.
This attribute increases the percentage of physical memory reserved
for kernel memory allocations that are less than or equal to the page size
(8 KB).
Increasing the value of
kmemreserve_percent
improves
network throughput by reducing the number of packets that are dropped while
the system is under a heavy network load.
However, increasing this value consumes
memory.
You may want to increase the value of the
kmemreserve_percent
attribute if the output of the
netstat
command
shows dropped packets, or if the output of the
vmstat -M
command shows dropped packets under the
fail_nowait
heading.
This may occur under a heavy network load.
The default value is 0 (the percentage of reserved physical memory will
be the smallest of 0.4 percent of available memory and 256 KB).
Increase the
value (up to a maximum of 75) by small increments until the output of the
vmstat -M
command shows no entries under the
fail_nowait
heading.
6.3.2 Modifying Internet Attributes
You may be able to improve Internet server performance by tuning the
following Internet
inet
subsystem attributes:
tcbhashnum
(Section 6.3.2.1)
inifaddr_hsize
(Section 6.3.2.2)
tcp_keepinit
(Section 6.3.2.3)
tcp_rexmit_interval_min
(Section 6.3.2.4)
tcp_keepalive_default
(Section 6.3.2.5)
tcp_msl
(Section 6.3.2.6)
ipport_userreserved_min
(Section 6.3.2.7)
ipqs
(Section 6.3.2.8)
ipqmaxlen
(Section 6.3.2.9)
See
sys_attrs_inet(5)6.3.2.1 Increasing the Number of TCP Hash Table
The
tcbhashnum
attribute specifies the number of
TCP hash tables.
Increasing the number of hash tables distributes the load
and may improve performance.
However, this will slightly increase the amount
of wired memory in the system.
The default value is 1 hash table, which is the minimum value. For busy Internet server SMP systems, the recommended value is 16. The maximum value is 64.
If you increase the number of hash tables, decrease the size of the
hash table.
See
Section 6.2.1.1
for more information.
In addition,
it is recommended that you make the value of this attribute the same as the
value of the
ipqs
attribute.
See
Section 6.3.2.8
for more information on the
ipqs
attribute.
6.3.2.2 Increasing the Number of Hash Buckets
The
inifaddr_hsize
attribute specifies the number
of hash buckets in the kernel interface alias table (in_ifaddr).
If a system is used to serve many different server domain names, each
of which are bound to a unique IP address, the code that matches arriving
packets to the right server address uses the hash table to speed lookup operations
for the IP addresses.
These addresses are usually set using the
ifconfig alias
or
ifconfig aliaslist
command.
Increasing the number of hash buckets in the table can improve performance
on systems that use large numbers of IP alias addresses.
The default value is 32 hash buckets. For most Internet servers that do not use interface IP aliases or if you are using less than 250 aliases, the recommended value is 32. If you are using more than 500 interface IP aliases, the recommended value is 512, which is the maximum value.
For the best performance, the value of this attribute must be rounded
down to the nearest power of 2.
6.3.2.3 Modifying the TCP Partial Connection Timeout Limit
The
tcp_keepinit
attribute specifies the amount of
time that a partially established TCP connection remains on the socket listen
queue before it times out.
The value of the attribute is in units of 0.5 seconds.
Partial connections consume socket listen queue slots and fill the queue with
connections in the
SYN_RCVD
state.
The default value is 150 units (75 seconds).
You do not need to modify
the TCP partial-connection timeout limit unless the value of the
somaxconn_drops
attribute often increases.
See
Section 6.1.5
for more information on the event counter.
If your socket queue limit is set to the maximum value, the default
value of this attribute is usually adequate.
If the
somaxconn_drops
attribute often increases, and increasing the socket queue limit
does not prevent the listen queue from filling up, you can decrease the value
of this attribute to make partial connections to time out sooner.
In addition, network performance can degrade if a client overfills a
socket listen queue with TCP SYN packets, which blocks other users from the
queue.
To eliminate this problem, increase the socket listen queue limit to
its maximum value.
If the system continues to drop SYN packets, decrease the
value of this attribute to 30 (15 seconds).
Monitor the values of the
sobacklog_drops
and
somaxconn_drops
event counters
to determine if the system is dropping packets.
Do not set the value of this attribute too low, because you may prematurely
break connections with clients on slow network paths or network paths that
lose many packets.
Do not set the value to less than 20 units (10 seconds).
6.3.2.4 Decreasing the Rate of TCP Retransmissions
The
tcp_rexmit_interval_min
attribute specifies the
minimum amount of time between the first TCP retransmission.
For some wide
area networks (WANs), the default value may be too small and premature retransmission
timeouts may occur, which cause duplicate transmission of packets and the
erroneous invocation of the TCP congestion-avoidance algorithms.
You can increase the value of this attribute to slow the rate of TCP retransmissions, which decreases congestion and improves performance.
The default value is 2 units (1 second). Not every connection needs a long retransmission time. Usually, the default value of this attribute is adequate. However, for some WANs, the default retransmission interval may be too small.
To check for retransmissions, use the
netstat -p tcp
command and examine the output for data packets retransmitted.
You can increase the value of this attribute to slow the rate of TCP retransmissions. The attribute is specified in units of 0.5 seconds.
Do not change the default value of this attribute unless you fully understand
TCP algorithms.
Do not specify a value that is less than 1 unit.
6.3.2.5 Enabling TCP Keepalive Functionality
Keepalive functionality enables the periodic transmission of messages on a connected socket to keep connections active and to time out inactive connections. Sockets that do not exit cleanly are cleaned up when the keepalive interval expires. If keepalive is not enabled, those sockets continue to exist until you reboot the system.
Applications enable keepalive for sockets by setting the
setsockopt
function's
SO_KEEPALIVE
option.
The default
value is 0 (keepalive is disabled).
To enable keepalive for programs that
do not set keepalive on their own, or if you do not have access to the application
source code, set this attribute to 1.
After you set the attribute, all new
connections will have keepalive enabled; existing connections will continue
to use the previous keepalive setting.
If you modify this attribute without rebooting the system, sockets that already exist will continue to use the old behavior until the applications are restarted.
If you enable keepalive, you can also configure the following TCP options for each socket:
The
tcp_keepidle
attribute specifies the
amount of idle time, in 0.5-second units, before sending a keepalive probe.
The default value for this attribute is 2 hours.
The
tcp_keepintvl
attribute specifies the
amount of time, in 0.5-second units, between retransmission of keepalive probes.
The default value for this attribute is 75 seconds.
The
tcp_keepcnt
attribute specifies the
maximum number of keepalive probes that are sent before the connection is
dropped.
The default value for this attribute is 8 probes.
The
tcp_keepinit
attribute specifies the
maximum amount of time, in 0.5-second units, before an initial connection
attempt times out.
The default value for this attribute is 75 seconds.
6.3.2.6 Increasing the TCP Connection Context Timeout Rate
The
tcp_msl
attribute determines the maximum lifetime
of a TCP segment and the timeout value for the
TIME_WAIT
state.
The TCP protocol includes a concept known as the Maximum Segment Lifetime
(MSL).
When a TCP connection enters the
TIME_WAIT
state,
it must remain in this state for twice the value of the MSL, or else undetected
data errors on future connections can occur.
You can decrease the value of this attribute to make the TCP connection context time out more quickly at the end of a connection. However, this will increase the chance of data corruption.
The default value is 60 units (30 seconds, which means that the TCP
connection remains in
TIME_WAIT
state for 60 seconds or
twice the value of the MSL).
The value of this attribute is set in units of
0.5 seconds.
The recommended value is the default value; if you use a different
value, there is the potential for data corruption.
Although the TCP specifications specify an MSL of 120 seconds, most TCP implementations use a value that is less than 120. The Internet FAQ Consortium Web site offers more information. For RFC793, see the following URL:
http://www.faqs.org/rfcs/rfc793.html
For RFC1122, see the following URL:
http://www.faqs.org/rfcs/rfc1172.html
In some situations, the default timeout value for the
TIME_WAIT
state is too large, so reducing the value of this attribute frees
connection resources sooner than the default behavior.
Do not reduce the value of this attribute unless you fully understand
the design and behavior of your network and the TCP protocol.
6.3.2.7 Modifying the Range for Outgoing Connection Ports
When a TCP or UDP application creates an outgoing connection, the kernel dynamically allocates a nonreserved port number for each connection.
The kernel selects the port number from a range of values between
ipport_userreserved_min
and
ipport_userreserved.
If your system requires a particular range of ports, you can modify the value of this attribute.
The default value is 1024.
The maximum value is 65535.
Do not specify
a value for this attribute that is greater than 65535 or less than 1024.
6.3.2.8 Increasing the Number of IP Input Queues
For SMP systems, increasing the number of IP input queues can reduce
lock contention at the input queue and distribute the load.
The
ipqs
attribute specifies the number of IP input queues.
The default value is 1 queue, which is the minimum value. For busy Internet server SMP systems, the recommended value is 16. The maximum value is 64.
It is recommended that you make the value of this attribute the same
as the value of the
tcbhashnum
attribute.
See
Section 6.2.1.1
for more information on the
tcbhashnum
attribute.
6.3.2.9 Increasing the Maximum Length of the IP Input Queue
If the network load is heavy, input packets may be dropped if the IP
input queue becomes filled.
The
ipqmaxlen
attribute specifies
the maximum length, in bytes, of the IP input queue (ipintrq)
before input packets are dropped.
If your system drops input packets, you may want to increase the value
of the
ipqmaxlen
attribute.
Check for dropped input packets
by using
dbx
to examine the
ipintrq
kernel structure.
For example:
#dbx -k /vmunix(dbx)print ipintrqstruct { ifq_head = (nil) ifq_tail = (nil) ifq_len = 0 ifq_maxlen = 512 ifq_drops = 128 ifq_slock = struct { sl_data = 0 sl_info = 0 sl_cpuid = 0 sl_lifms = 0 } }
If the
ifq_drops
field is not 0, the
system is dropping IP input packets.
The default value is 1024.
The minimum value is the default value; the
maximum value is 65535.
If your system is dropping input packets, the recommended
value is 2048.
You may also want to increase the value of the
ifqmaxlen
attribute, which controls the output queue.
See
Section 6.3.3.1
for more information on the
ifqmaxlen
attribute.
6.3.3 Modifying Network Attributes
You may be able to improve Internet server performance by tuning the
following Network
net
subsystem attributes:
ifqmaxlen
(Section 6.3.3.1)
screen_cachedepth
(Section 6.3.3.2)
screen_cachewidth
(Section 6.3.3.2)
screen_maxpend
(Section 6.3.3.3)
See
sys_attrs_net(5)6.3.3.1 Increasing the Number of Output Packets Before Packets are Dropped
If the network load is heavy, output packets may be dropped if the interface's
output queue becomes filled.
The
ifqmaxlen
attribute specifies
the number of output packets that can be queued to a network adapter before
packets are dropped.
You can use the
netstat -id
command to check for
dropped output packets.
If the command output shows a nonzero value in the
Drop
column for an interface, the system is dropping output packets
and you may want to increase the value of this attribute.
The default value is 1024.
The minimum value is the default value; the
maximum value is 65535.
If your system is dropping input packets, the recommended
value is 2048.
6.3.3.2 Reducing Screening Cache Misses
If your machine is acting as a screening router, or a screening firewall
running the
screend
facility, and has a high number of
concurrent pass-through connections, you could be experiencing screening cache
misses.
A screening cache miss can occur when the kernel screening table is
trying to screen a packet that does not have an entry, based on address/port
pairs and protocol.
In that case, the table must queue the packet and the
screend
daemon must examine it.
This can normally occur for the
first packet of a connection, and can also occur if the cache is too small
to hold many entries.
Check for screening cache misses by using
dbx
to
examine the number of screening cache hits and misses.
For example:
(dbx) p screen_cachemiss 616738 (dbx) p screen_cachehits 11080198
If the ratio of misses to hits is high, you may want to increase the
values of the
screen_cachedepth
and
screen_cachewidth
attributes.
The default value for the
screen_cachedepth
attribute
is 8, which is the minimum value.
If you have high screening cache miss rates,
the recommended value is 16, which is the maximum value.
The default value for the
screen_cachewidth
attribute
is 8, which is the minimum value.
If you have high screening cache miss rates,
the recommended value is 2048, which is the maximum value.
It is recommended that you first increase
screen_cachewidth
before increasing
screen_cachedepth.
Also note
that tuning these attributes will not necessarily reduce screening cache misses
to 0.
A reboot is required for the changes to take effect.
Increasing these values will cause a small increase in memory consumption.
6.3.3.3 Reducing the Screening Buffer Drops
If your machine is acting as a screening router, or a screening firewall
running the
screend
facility, and is under heavy network
load, you may be experiencing screening buffer drops.
You can use the
screenstat
command to view the current
status.
For example:
#/usr/sbin/screenstattotal packets screened: 11696910 total accepted: 11470734 total rejected: 225453 packets dropped: because buffer was full: 34723 because user was out of sync: 0 because too old: 0 total dropped: 34723
If the number of packets dropped
because buffer was full
is high, you may want to increase the value of the
screen_maxpend
attribute.
The default value is 32, which is the minimum value.
If you have a high screening buffer full value, the recommended value is 8192.
The maximum value is 16384.
Increasing this value will cause a small increase in memory consumption.
You must reboot the system to modify this attribute.
6.3.4 Modifying Socket Attributes
You may be able to improve Internet server performance by tuning the
sb_max
socket (socket) subsystem attribute.
In
addition, the
socket
subsystem attributes
sobacklog_hiwat,
sobacklog_drops, and
somaxconn_drops
track events related to socket listen queues.
By monitoring these
attributes, you can determine if the queues are overflowing.
Section 6.1.5
discusses these attributes.
The
sb_max
attribute specifies the maximum size of
a socket buffer.
Increasing the maximum size of a socket buffer may improve
performance if your applications can benefit from a large buffer size.
The default value is 1048576 bytes. If your applications require a socket buffer that is larger than the default value, increase the value of this attribute.
See
sys_attrs(5)6.3.5 Modifying Virtual Memory Attributes
You may be able to improve Internet server performance by tuning
ubc_maxpercent,
ubc_minpercent, and
ubc_borrowpercent
virtual memory
vm
attributes.
Busy Internet servers usually consume a moderate amount of virtual memory and use a large set of files. Both processes and the Unified Buffer Cache (UBC), which caches file-system data, share the physical memory that is not wired by the kernel.
Too much memory allocated to the UBC can cause excessive paging and swapping, which may degrade overall system performance. However, an insufficient amount of memory allocated to the UBC can degrade file system performance.
The
ubc_minpercent
attribute specifies the minimum
percentage of memory that only the UBC can utilize.
The remaining memory is
shared with processes.
The
ubc_maxpercent
attribute specifies
the maximum percentage of memory that the UBC can utilize.
The
ubc_borrowpercent
attribute specifies the UBC borrowing threshold.
Between the value of the
ubc_borrowpercent
attribute
and the value of the
ubc_maxpercent
attribute, the memory
that is allocated to the UBC is considered borrowed from processes.
When paging
begins, these borrowed pages are reclaimed first, until the amount of memory
allocated to the UBC decreases to the value of the
ubc_borrowpercent
attribute.
The default value for
ubc_minpercent
is 10 percent.
The default value for
ubc_maxpercent
is 100 percent.
The
default value for
ubc_borrowpercent
is 20 percent.
On a
typical Internet server, the default value for each attribute is usually adequate.
Also, if your disks are busy with file system I/O and the system has sufficient
free pages, use the default values.
Use the
vmstat
command to display information about
virtual memory, including the free page count.
If you have a low free page count, you may want to increase the memory available to processes by reducing the memory available to the UBC. You should attempt to keep in memory the working set of your processes, even if it increases the number of UBC misses.
You can reduce the default value of the
ubc_maxpercent
attribute in decrements of 10 percent.
Reducing the borrowed memory threshold by decreasing the value of the
ubc_borrowpercent
attribute may improve the system response time
when memory is low.
However, this may also reduce UBC performance.