== link:index.html[Index] -> link:other.html[Other information]

Other: System Tuning
--------------------

Depending on the environment you are running Cherokee into, the
default OS setting might require adjustments. In most cases the
default settings work fine for low-cost, commodity hardware.  However,
if you are running Cherokee in a high-end or benchmark environment,
it's recommended to check the following parameters.

Please, bear in mind that values in the examples suppose Cherokee
running on a system with at least 2GB of memory.


[[linux]]
Linux
~~~~~

The Linux kernel can auto-configure many of its internal limits
regarding memory sizes and resources. However, there are some tweaks
that we recommend you to configure by hand, including:


Time
^^^^

+/proc/sys/net/ipv4/tcp_timestamps+: Timestamps as defined in RFC1323.

----
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
----


Ephemeral port range
^^^^^^^^^^^^^^^^^^^^

+/proc/sys/net/ipv4/ip_local_port_range+: Range of local ports for
   outgoing connections. Actually quite small by default, 1024 to
   4999.

----
echo "1024 65535" > /proc/sys/net/ipv4/ip_local_port_range
----


Listen queue
^^^^^^^^^^^^

+/proc/sys/net/ipv4/tcp_syncookies+: Without SYN cookies, a much
   larger value for tcp_max_syn_backlog is required, but this consumes
   additional kernel memory and scales poorly (the hash table that
   stores the SYN records is of a fixed size).

----
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
----

+/proc/sys/net/ipv4/tcp_orphan_retries+: How may times to retry before
   killing TCP connection, closed by our side. Default value 7
   corresponds to 50sec-16min depending on RTO. If your machine is a
   loaded WEB server, you should think about lowering this value, such
   sockets may consume significant resources. Cf. tcp_max_orphans.

----
echo 2 > /proc/sys/net/ipv4/tcp_orphan_retries
----


TIME_WAIT
^^^^^^^^^

+/proc/sys/net/ipv4/tcp_max_tw_buckets+: Maximal number of timewait
   sockets held by the system simultaneously. If this number is
   exceeded time-wait socket is immediately destroyed and a warning is
   printed. This limit exists only to prevent simple DoS attacks, you
   _must_ not lower the limit artificially, but rather increase it
   (probably, after increasing installed memory), if network
   conditions require more than the default value.

----
echo 1800000 > /proc/sys/net/ipv4/tcp_max_tw_buckets
----

+/proc/sys/net/ipv4/tcp_tw_recycle+: Enable fast recycling TIME-WAIT
   sockets. Default value is 1. It should not be changed without
   advice/request of technical experts.

----
echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle
----

+/proc/sys/net/ipv4/tcp_fin_timeout+: Time to hold socket in state
   FIN-WAIT-2, if it was closed by our side.  Peer can be broken and
   never close its side, or even died unexpectedly.  Default value is
   60sec. Usual value used in 2.2 was 180 seconds, you may restore it,
   but remember that if your machine is even underloaded WEB server,
   you risk to overflow memory with kilotons of dead sockets,
   FIN-WAIT-2 sockets are less dangerous than FIN-WAIT-1, because they
   eat maximum 1.5K of memory, but they tend to live longer. Cf.
   tcp_max_orphans.

----
echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 5  > /proc/sys/net/ipv4/tcp_fin_timeout  # Benchmarking / Stressing
----


Network buffer size
^^^^^^^^^^^^^^^^^^^

+/proc/sys/net/ipv4/tcp_mem+: Determines how the TCP stack should
   behave for memory usage; each count is in memory pages (typically
   4KB). The first value is the low threshold for memory usage. The
   second value is the threshold for a memory pressure mode to begin
   to apply pressure to buffer usage. The third value is the maximum
   threshold. At this level, packets can be dropped to reduce memory
   usage. Increase the count for large BDP (but remember, it's memory
   pages, not bytes).

----
echo "50576 64768 98152"    > /proc/sys/net/ipv4/tcp_mem
echo "128000 200000 262144" > /proc/sys/net/ipv4/tcp_mem  # 1Gb
----


File descriptors
^^^^^^^^^^^^^^^^

+/proc/sys/fs/file-max+: This is basically the number of file
   descriptors available in the kernel. Which also affects the number
   of fd's a process can have open. For large sites you will
   definitely need to upgrade this, and for some OS'es you will need
   to use ulimit to increase the number of fds available for the
   server process.

----
echo 32767   > /proc/sys/fs/file-max
echo 2097152 > /proc/sys/fs/file-max
----


////////////////////////////////
Other Flags:

echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
echo 0 > /proc/sys/net/ipv4/tcp_sack
echo 0 > /proc/sys/net/ipv4/tcp_ecn
////////////////////////////////



MacOS X and BSD
~~~~~~~~~~~~~~~

Most of the following parameters apply to BSD systems and MacOS X:


Listen queue
^^^^^^^^^^^^

+kern.ipc.somaxconn+: This tuning increases the listen queue size for
   the OS (from a default value of 128), which enables the operating
   system to accept a greater number of new connections.

----
/sbin/sysctl –w kern.ipc.somaxconn=2048
----

+net.core.netdev_max_backlog+: This queue will build up in size when
   an interface receives packets faster than the kernel can process
   them. If this queue is too small (default is 300), we will begin to
   loose packets at the receiver, rather than on the network. One can
   set this value by:

----
/sbin/sysctl –w sys.net.core.netdev_max_backlog=2500
----



TIME_WAIT
^^^^^^^^^

+net.inet.tcp.msl+: After the connection was closed the socket enters
   the TIME_WAIT state. In this state it can live for 60 seconds by
   default. This time can be changed with sysctl (in milliseconds
   divided by 2. 2×30000 MSL = 60 seconds).

----
/sbin/sysctl -w "net.inet.tcp.msl=5000"
----


Ephemeral port range
^^^^^^^^^^^^^^^^^^^^

+net.inet.ip.portrange.first+: Outgoing connection are bind to the
    ports from the 49152 – 65535 range (16 thousands). Depending on
    the load of your server, it may be good to lower the `first` value
    (1024 – 65535). This parameter is specially important if keepalive
    is not being used.

----
/sbin/sysctl -w "net.inet.ip.portrange.first=2048"
----


File Descriptors
^^^^^^^^^^^^^^^^

+kern.maxfiles+: This parameter sets the file descriptor limit of the
   system, which allows Cherokee to handle more concurrent
   connections.

----
/sbin/sysctl -w "kern.maxfiles=2097152"
----

+kern.maxfilesperproc+: Maximum number of open descriptors per
   process.

----
/sbin/sysctl -w "kern.maxfilesperproc=65536"
----