2011

LAMP 시스템 조율

운좋은하루 2011. 10. 12. 11:39
728x90
반응형

Part1:LAMP 아키텍처 이해 http://www.ibm.com/developerworks/kr/library/l-tune-lamp-1/index.html
Part2:LAMP 아파치와 PHP 최적화 http://www.ibm.com/developerworks/kr/library/l-tune-lamp-2.html
Part3:LAMP MySQL 조율 http://www.ibm.com/developerworks/kr/library/l-tune-lamp-3.html

Swap Space and Paging

Virtual Memory, while absolutely essential to any modern operating system, can really, really hurt performance if used excessively.  Our friend the kernel provides us with a particularly useful variable known as the swappiness variable.  You can control on a scale of 0-100 how willing the system is to swap. A lower value means the system will try harder to not to swap.  A typical default value is “60.”  I recommend trying 40 or 30 if you notice your system is using more VM than you feel it should.

Try:

# echo 35 > /proc/sys/vm/swappiness

or edit /etc/sysctl.conf and add:

vm.swappiness = 35

and then execute:

# sysctl -p
Cool Under Pressure

Linux also has an amazing mechanism for caching frequently-accessed data.   We can manipulate this system to our advantage as well, albeit carefully.  vfs_cache_pressure is a variable that put simply, when tuned above 100, causes the system to more aggressively reclaim memory from cache.  Tuning this variable appropriately is essential to getting the level of performance you desire.  Too high and you will hurt performance, too low and the same holds true.  Careful experimentation with benchmarks and measures is probably the best route to go.

Try:

# echo 130 > /proc/sys/vm/vfs_cache_pressure

or edit /etc/sysctl.conf and add:

vm.vfs_cache_pressure = 130

and then execute:

# sysctl -p

Tuning TCP/IP kernel parameters

The tuning changes we made up to this point?adjusting the maximum number of file descriptors and open files, as well as updating configuration settings for Flash Media Server and Apache Web Server as described?allowed Flash Media Server to sustain over 1300 concurrent users with no audio degradation in our testing. This round of tests indicated that Novell's webcasts were improved by allowing almost three times the 500 users we could initially support.

However, there was still one more group of changes to the TCP/IP kernel settings in Linux that were required to complete our server tuning project.

A brief side step needs to be taken at this point to warn you about changing Linux kernel parameters. Use extreme caution when tuning TCP/IP parameters, as this is an advanced server administration technique. Any changes made to kernel tuning parameters should be tested well before using the configuration in a production environment. We recommend that users back up their current configuration by issuing the following command sequence before applying any changes (remember to verify the content in the file before proceeding):

sysctl -A > /tmp/sysctl.bak

Now, with our side step completed?assuming you've heeded our warning and have in your possession a backup file with all of your current settings?we can confidently proceed by adding the following lines anywhere in the /etc/sysctl.conf file:

# Disable response to broadcasts.
# You don't want yourself becoming a Smurf amplifier.
net.ipv4.icmp_echo_ignore_broadcasts = 1

# Filter packets not meant for this network.
net.ipv4.conf.eth0.rp_filter=1
net.ipv4.conf.lo.rp_filter=1
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1

net.core.rmem_max = 16777216
net.core.wmem_max = 16777216

# increase Linux autotuning TCP buffer limits
# min, default, and max number of bytes to use
net.ipv4.tcp_rmem = 4096 10000000 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216

# Disabling the following parameters will prevent a hacker
# from using a spoofing attack against the IP address of the server.
net.ipv4.conf.eth0.accept_source_route=0
net.ipv4.conf.lo.accept_source_route=0
net.ipv4.conf.default.accept_source_route=0
net.ipv4.conf.all.accept_source_route=0

# These commands configure the server to ignore redirects from
# machines that are listed as gateways. Redirects can be used to
# perform attacks, so we only want to allow them from trusted sources.
net.ipv4.conf.eth0.secure_redirects=1
net.ipv4.conf.lo.secure_redirects=1
net.ipv4.conf.default.secure_redirects=1
net.ipv4.conf.all.secure_redirects=1

# Don't allow ICMP redirects
net.ipv4.conf.eth0.accept_redirects=0
net.ipv4.conf.lo.accept_redirects=0
net.ipv4.conf.default.accept_redirects=0
net.ipv4.conf.all.accept_redirects=0

# If the server does not act as a router, it does not need to
# send redirects.
net.ipv4.conf.eth0.send_redirects=0
net.ipv4.conf.lo.send_redirects=0
net.ipv4.conf.default.send_redirects=0
net.ipv4.conf.all.send_redirects=0

# For servers that receive many connections at the same time, the
# TIME-WAIT sockets for new connections can be reused. This is useful
# in Web servers, seems to be good for Flash servers as well.
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_fin_timeout=30

# Move keepalive from 2hrs to 30 min. You may want to tune this up or down depending on your implementation
net.ipv4.tcp_keepalive_time=1800

# Help protect from denial-of-service (syn-flood) attack.
net.ipv4.tcp_max_syn_backlog=4096

You should add these changes to both Apache Web Server and Flash Media Server?if they are running on separate servers. To apply these changes, no restart is necessary. Simply type sysctl -p at the command prompt. These changes will now be applied automatically every time the server is restarted.

728x90
반응형