# 编辑/etc/sysctl.conf文件
# 增加或修改以下参数
# 增大TCP窗口大小
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
# 启用TCP窗口缩放
net.ipv4.tcp_window_scaling = 1
# 优化TIME_WAIT状态
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
# 增大连接跟踪表大小
net.ipv4.ip_conntrack_max = 65536
net.ipv4.netfilter.ip_conntrack_max = 65536
# 禁用ICMP重定向
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
# 应用修改
sysctl -p
# 查看网络接口的中断号
cat /proc/interrupts | grep eth
# 设置CPU亲和性(假设使用CPU0处理eth0中断)
echo 1 > /proc/irq/[中断号]/smp_affinity
# 启用巨帧(如果网络支持)
ifconfig eth0 mtu 9000
# 调整队列长度
ifconfig eth0 txqueuelen 10000
# 启用多队列RSS(需要硬件支持)
ethtool -L eth0 combined 8
# 启用TCP快速打开
echo 3 > /proc/sys/net/ipv4/tcp_fastopen
# 调整拥塞控制算法(可选cubic, reno, bbr等)
echo "bbr" > /proc/sys/net/ipv4/tcp_congestion_control
# 增大最大半连接队列
echo 4096 > /proc/sys/net/ipv4/tcp_max_syn_backlog
# 安装IPVS
apt-get install ipvsadm # Debian/Ubuntu
yum install ipvsadm # CentOS/RHEL
# 配置负载均衡规则
ipvsadm -A -t 192.168.1.100:80 -s rr
ipvsadm -a -t 192.168.1.100:80 -r 192.168.1.101:80 -g
ipvsadm -a -t 192.168.1.100:80 -r 192.168.1.102:80 -g
# 查看状态
ipvsadm -ln
http {
upstream backend {
server 192.168.1.101:80 weight=5;
server 192.168.1.102:80;
server 192.168.1.103:80 backup;
# 负载均衡算法
# least_conn; # 最少连接
# ip_hash; # IP哈希
}
server {
listen 80;
location / {
proxy_pass http://backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
}
frontend http-in
bind *:80
default_backend servers
backend servers
balance roundrobin
server server1 192.168.1.101:80 check
server server2 192.168.1.102:80 check
server server3 192.168.1.103:80 check backup
# 健康检查
option httpchk GET /health
http-check expect status 200
# 安装Keepalived
apt-get install keepalived # Debian/Ubuntu
yum install keepalived # CentOS/RHEL
# 配置文件(/etc/keepalived/keepalived.conf)
vrrp_instance VI_1 {
state MASTER # 另一台设为BACKUP
interface eth0
virtual_router_id 51
priority 100 # BACKUP设为较低值如90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.100/24
}
}
# 实时监控网络流量
iftop -i eth0
# 查看网络连接状态
ss -s
netstat -s
# 带宽测试
iperf3 -s # 服务器端
iperf3 -c server_ip # 客户端
# IPVS状态监控
ipvsadm -ln --stats
# Nginx状态(需配置status模块)
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
# HAProxy状态
listen stats
bind *:1936
stats enable
stats uri /
stats hide-version
stats auth admin:password
# 安装DPDK
git clone http://dpdk.org/git/dpdk
cd dpdk
make config T=x86_64-native-linuxapp-gcc
make -j
# 绑定网卡到DPDK
./usertools/dpdk-devbind.py --bind=vfio-pci eth1
# 编译XDP程序
clang -O2 -target bpf -c xdp_prog.c -o xdp_prog.o
# 加载到网卡
ip link set dev eth0 xdp obj xdp_prog.o sec xdp
# 启用MPTCP
echo 1 > /proc/sys/net/mptcp/enabled
# 配置路径管理器
echo "fullmesh" > /proc/sys/net/mptcp/mptcp_path_manager
通过以上优化和配置,可以显著提升Linux系统的网络性能和实现高效的负载均衡。具体实施时应根据实际网络环境和应用需求进行调整。