| tuning.7 (102582) | tuning.7 (107383) |
|---|---|
| 1.\" Copyright (c) 2001, Matthew Dillon. Terms and conditions are those of 2.\" the BSD Copyright as specified in the file "/usr/src/COPYRIGHT" in 3.\" the source tree. 4.\" | 1.\" Copyright (c) 2001, Matthew Dillon. Terms and conditions are those of 2.\" the BSD Copyright as specified in the file "/usr/src/COPYRIGHT" in 3.\" the source tree. 4.\" |
| 5.\" $FreeBSD: head/share/man/man7/tuning.7 102582 2002-08-29 20:34:06Z dillon $ | 5.\" $FreeBSD: head/share/man/man7/tuning.7 107383 2002-11-29 11:39:20Z ru $ |
| 6.\" 7.Dd June 25, 2002 8.Dt TUNING 7 9.Os 10.Sh NAME 11.Nm tuning 12.Nd performance tuning under FreeBSD 13.Sh SYSTEM SETUP - DISKLABEL, NEWFS, TUNEFS, SWAP --- 87 unchanged lines hidden (view full) --- 101.Pa /var/tmp , 102but the introduction of 103.Pa /var 104(and 105.Pa /var/tmp ) 106led to massive confusion 107by program writers so today programs haphazardly use one or the 108other and thus no real distinction can be made between the two. | 6.\" 7.Dd June 25, 2002 8.Dt TUNING 7 9.Os 10.Sh NAME 11.Nm tuning 12.Nd performance tuning under FreeBSD 13.Sh SYSTEM SETUP - DISKLABEL, NEWFS, TUNEFS, SWAP --- 87 unchanged lines hidden (view full) --- 101.Pa /var/tmp , 102but the introduction of 103.Pa /var 104(and 105.Pa /var/tmp ) 106led to massive confusion 107by program writers so today programs haphazardly use one or the 108other and thus no real distinction can be made between the two. |
| 109So it makes sense to have just one temporary directory and 110softlink to it from the other tmp directory locations. | 109So it makes sense to have just one temporary directory and 110softlink to it from the other 111.Pa tmp 112directory locations. |
| 111However you handle 112.Pa /tmp , 113the one thing you do not want to do is leave it sitting 114on the root partition where it might cause root to fill up or possibly 115corrupt root in a crash/reboot situation. 116.Pp 117The 118.Pa /usr --- 148 unchanged lines hidden (view full) --- 267.Xr sysinstall 8 268will typically enable softupdates automatically for non-root filesystems). 269Softupdates drastically improves meta-data performance, mainly file 270creation and deletion. 271We recommend enabling softupdates on most filesystems; however, there 272are two limitations to softupdates that you should be aware of when 273determining whether to use it on a filesystem. 274First, softupdates guarantees filesystem consistency in the | 113However you handle 114.Pa /tmp , 115the one thing you do not want to do is leave it sitting 116on the root partition where it might cause root to fill up or possibly 117corrupt root in a crash/reboot situation. 118.Pp 119The 120.Pa /usr --- 148 unchanged lines hidden (view full) --- 269.Xr sysinstall 8 270will typically enable softupdates automatically for non-root filesystems). 271Softupdates drastically improves meta-data performance, mainly file 272creation and deletion. 273We recommend enabling softupdates on most filesystems; however, there 274are two limitations to softupdates that you should be aware of when 275determining whether to use it on a filesystem. 276First, softupdates guarantees filesystem consistency in the |
| 275case of a crash but could very easily be several seconds (even a minute!) | 277case of a crash but could very easily be several seconds (even a minute!\&) |
| 276behind on pending write to the physical disk. 277If you crash you may lose more work 278than otherwise. 279Secondly, softupdates delays the freeing of filesystem 280blocks. 281If you have a filesystem (such as the root filesystem) which is 282close to full, doing a major update of it, e.g.\& 283.Dq Li "make installworld" , 284can run it out of space and cause the update to fail. 285For this reason, softupdates will not be enabled on the root filesystem | 278behind on pending write to the physical disk. 279If you crash you may lose more work 280than otherwise. 281Secondly, softupdates delays the freeing of filesystem 282blocks. 283If you have a filesystem (such as the root filesystem) which is 284close to full, doing a major update of it, e.g.\& 285.Dq Li "make installworld" , 286can run it out of space and cause the update to fail. 287For this reason, softupdates will not be enabled on the root filesystem |
| 286during a typical install. There is no loss of performance since the root | 288during a typical install. 289There is no loss of performance since the root |
| 287filesystem is rarely written to. 288.Pp 289A number of run-time 290.Xr mount 8 291options exist that can help you tune the system. 292The most obvious and most dangerous one is 293.Cm async . 294Do not ever use it; it is far too dangerous. --- 225 unchanged lines hidden (view full) --- 520However, in some environments, temporary network outages may be 521incorrectly identified as dead sessions, resulting in unexpectedly 522terminated TCP connections. 523In such environments, setting the sysctl to 0 may reduce the occurrence of 524TCP session disconnections. 525.Pp 526The 527.Va net.inet.tcp.delayed_ack | 290filesystem is rarely written to. 291.Pp 292A number of run-time 293.Xr mount 8 294options exist that can help you tune the system. 295The most obvious and most dangerous one is 296.Cm async . 297Do not ever use it; it is far too dangerous. --- 225 unchanged lines hidden (view full) --- 523However, in some environments, temporary network outages may be 524incorrectly identified as dead sessions, resulting in unexpectedly 525terminated TCP connections. 526In such environments, setting the sysctl to 0 may reduce the occurrence of 527TCP session disconnections. 528.Pp 529The 530.Va net.inet.tcp.delayed_ack |
| 528TCP feature is largly misunderstood. Historically speaking this feature | 531TCP feature is largly misunderstood. 532Historically speaking, this feature |
| 529was designed to allow the acknowledgement to transmitted data to be returned | 533was designed to allow the acknowledgement to transmitted data to be returned |
| 530along with the response. For example, when you type over a remote shell | 534along with the response. 535For example, when you type over a remote shell, |
| 531the acknowledgement to the character you send can be returned along with the | 536the acknowledgement to the character you send can be returned along with the |
| 532data representing the echo of the character. With delayed acks turned off 533the acknowledgement may be sent in its own packet before the remote service 534has a chance to echo the data it just received. This same concept also 535applies to any interactive protocol (e.g. SMTP, WWW, POP3) and can cut the 536number of tiny packets flowing across the network in half. The FreeBSD 537delayed-ack implementation also follows the TCP protocol rule that | 537data representing the echo of the character. 538With delayed acks turned off, 539the acknowledgement may be sent in its own packet, before the remote service 540has a chance to echo the data it just received. 541This same concept also 542applies to any interactive protocol (e.g. SMTP, WWW, POP3), and can cut the 543number of tiny packets flowing across the network in half. 544The 545.Fx 546delayed ACK implementation also follows the TCP protocol rule that |
| 538at least every other packet be acknowledged even if the standard 100ms | 547at least every other packet be acknowledged even if the standard 100ms |
| 539timeout has not yet passed. Normally the worst a delayed ack can do is | 548timeout has not yet passed. 549Normally the worst a delayed ACK can do is |
| 540slightly delay the teardown of a connection, or slightly delay the ramp-up | 550slightly delay the teardown of a connection, or slightly delay the ramp-up |
| 541of a slow-start TCP connection. While we aren't sure we believe that | 551of a slow-start TCP connection. 552While we are not sure we believe that |
| 542the several FAQs related to packages such as SAMBA and SQUID which advise | 553the several FAQs related to packages such as SAMBA and SQUID which advise |
| 543turning off delayed acks may be refering to the slow-start issue. In FreeBSD | 554turning off delayed acks may be refering to the slow-start issue. 555In 556.Fx , |
| 544it would be more beneficial to increase the slow-start flightsize via 545the 546.Va net.inet.tcp.slowstart_flightsize | 557it would be more beneficial to increase the slow-start flightsize via 558the 559.Va net.inet.tcp.slowstart_flightsize |
| 547sysctl rather then disable delayed acks. | 560sysctl rather than disable delayed acks. |
| 548.Pp 549The 550.Va net.inet.tcp.inflight_enable 551sysctl turns on bandwidth delay product limiting for all TCP connections. 552The system will attempt to calculate the bandwidth delay product for each 553connection and limit the amount of data queued to the network to just the | 561.Pp 562The 563.Va net.inet.tcp.inflight_enable 564sysctl turns on bandwidth delay product limiting for all TCP connections. 565The system will attempt to calculate the bandwidth delay product for each 566connection and limit the amount of data queued to the network to just the |
| 554amount required to maintain optimum throughput. This feature is useful | 567amount required to maintain optimum throughput. 568This feature is useful |
| 555if you are serving data over modems, GigE, or high speed WAN links (or 556any other link with a high bandwidth*delay product), especially if you are | 569if you are serving data over modems, GigE, or high speed WAN links (or 570any other link with a high bandwidth*delay product), especially if you are |
| 557also using window scaling or have configured a large send window. If 558you enable this option you should also be sure to set | 571also using window scaling or have configured a large send window. 572If you enable this option, you should also be sure to set |
| 559.Va net.inet.tcp.inflight_debug 560to 0 (disable debugging), and for production use setting 561.Va net.inet.tcp.inflight_min | 573.Va net.inet.tcp.inflight_debug 574to 0 (disable debugging), and for production use setting 575.Va net.inet.tcp.inflight_min |
| 562to at least 6144 may be beneficial. Note, however, that setting high | 576to at least 6144 may be beneficial. 577Note however, that setting high |
| 563minimums may effectively disable bandwidth limiting depending on the link. 564The limiting feature reduces the amount of data built up in intermediate 565router and switch packet queues as well as reduces the amount of data built | 578minimums may effectively disable bandwidth limiting depending on the link. 579The limiting feature reduces the amount of data built up in intermediate 580router and switch packet queues as well as reduces the amount of data built |
| 566up in the local host's interface queue. With fewer packets queued up, | 581up in the local host's interface queue. 582With fewer packets queued up, |
| 567interactive connections, especially over slow modems, will also be able | 583interactive connections, especially over slow modems, will also be able |
| 568to operate with lower round trip times. However, note that this feature 569only effects data transmission (uploading / server-side). It does not | 584to operate with lower round trip times. 585However, note that this feature 586only effects data transmission (uploading / server-side). 587It does not |
| 570effect data reception (downloading). 571.Pp 572The 573.Va net.inet.ip.portrange.* 574sysctls control the port number ranges automatically bound to TCP and UDP | 588effect data reception (downloading). 589.Pp 590The 591.Va net.inet.ip.portrange.* 592sysctls control the port number ranges automatically bound to TCP and UDP |
| 575sockets. There are three ranges: A low range, a default range, and a 576high range, selectable via an IP_PORTRANGE setsockopt() call. Most | 593sockets. 594There are three ranges: a low range, a default range, and a 595high range, selectable via the 596.Dv IP_PORTRANGE 597.Xr setsockopt 2 598call. 599Most |
| 577network programs use the default range which is controlled by 578.Va net.inet.ip.portrange.first 579and 580.Va net.inet.ip.portrange.last , | 600network programs use the default range which is controlled by 601.Va net.inet.ip.portrange.first 602and 603.Va net.inet.ip.portrange.last , |
| 581which defaults to 1024 and 5000 respectively. Bound port ranges are 582used for outgoing connections and it is possible to run the system out 583of ports under certain circumstances. This most commonly occurs when you are 584running a heavily loaded web proxy. The port range is not an issue 585when running serves which handle mainly incoming connections such as a 586normal web server, or has a limited number of outgoing connections such 587as a mail relay. For situations where you may run yourself out of 588ports we recommend increasing | 604which default to 1024 and 5000, respectively. 605Bound port ranges are 606used for outgoing connections, and it is possible to run the system out 607of ports under certain circumstances. 608This most commonly occurs when you are 609running a heavily loaded web proxy. 610The port range is not an issue 611when running serves which handle mainly incoming connections, such as a 612normal web server, or has a limited number of outgoing connections, such 613as a mail relay. 614For situations where you may run yourself out of 615ports, we recommend increasing |
| 589.Va net.inet.ip.portrange.last | 616.Va net.inet.ip.portrange.last |
| 590modestly. A value of 10000 or 20000 or 30000 may be reasonable. You should 591also consider firewall effects when changing the port range. Some firewalls | 617modestly. 618A value of 10000 or 20000 or 30000 may be reasonable. 619You should also consider firewall effects when changing the port range. 620Some firewalls |
| 592may block large ranges of ports (usually low-numbered ports) and expect systems | 621may block large ranges of ports (usually low-numbered ports) and expect systems |
| 593to use higher ranges of ports for outgoing connections. For this reason | 622to use higher ranges of ports for outgoing connections. 623For this reason, |
| 594we do not recommend that 595.Va net.inet.ip.portrange.first 596be lowered. 597.Pp 598The 599.Va kern.ipc.somaxconn 600sysctl limits the size of the listen queue for accepting new TCP connections. 601The default value of 128 is typically too low for robust handling of new --- 31 unchanged lines hidden (view full) --- 633and 634.Va vm.swap_idle_threshold2 635allows you to depress the priority of pages associated with idle processes 636more quickly then the normal pageout algorithm. 637This gives a helping hand 638to the pageout daemon. 639Do not turn this option on unless you need it, 640because the tradeoff you are making is to essentially pre-page memory sooner | 624we do not recommend that 625.Va net.inet.ip.portrange.first 626be lowered. 627.Pp 628The 629.Va kern.ipc.somaxconn 630sysctl limits the size of the listen queue for accepting new TCP connections. 631The default value of 128 is typically too low for robust handling of new --- 31 unchanged lines hidden (view full) --- 663and 664.Va vm.swap_idle_threshold2 665allows you to depress the priority of pages associated with idle processes 666more quickly then the normal pageout algorithm. 667This gives a helping hand 668to the pageout daemon. 669Do not turn this option on unless you need it, 670because the tradeoff you are making is to essentially pre-page memory sooner |
| 641rather then later, eating more swap and disk bandwidth. | 671rather than later, eating more swap and disk bandwidth. |
| 642In a small system 643this option will have a detrimental effect but in a large system that is 644already doing moderate paging this option allows the VM system to stage 645whole processes into and out of memory more easily. 646.Sh LOADER TUNABLES 647Some aspects of the system behavior may not be tunable at runtime because 648memory allocations they perform must occur early in the boot process. 649To change loader tunables, you must set their values in --- 200 unchanged lines hidden (view full) --- 850host can severely degrade the entire LAN. 851Second, optimize the network path 852as much as possible. 853For example, in 854.Xr firewall 7 855we describe a firewall protecting internal hosts with a topology where 856the externally visible hosts are not routed through it. 857Use 100BaseT rather | 672In a small system 673this option will have a detrimental effect but in a large system that is 674already doing moderate paging this option allows the VM system to stage 675whole processes into and out of memory more easily. 676.Sh LOADER TUNABLES 677Some aspects of the system behavior may not be tunable at runtime because 678memory allocations they perform must occur early in the boot process. 679To change loader tunables, you must set their values in --- 200 unchanged lines hidden (view full) --- 880host can severely degrade the entire LAN. 881Second, optimize the network path 882as much as possible. 883For example, in 884.Xr firewall 7 885we describe a firewall protecting internal hosts with a topology where 886the externally visible hosts are not routed through it. 887Use 100BaseT rather |
| 858than 10BaseT, or use 1000BaseT rather then 100BaseT, depending on your needs. | 888than 10BaseT, or use 1000BaseT rather than 100BaseT, depending on your needs. |
| 859Most bottlenecks occur at the WAN link (e.g.\& 860modem, T1, DSL, whatever). 861If expanding the link is not an option it may be possible to use the 862.Xr dummynet 4 863feature to implement peak shaving or other forms of traffic shaping to 864prevent the overloaded service (such as web services) from affecting other 865services (such as email), or vice versa. 866In home installations this could --- 39 unchanged lines hidden --- | 889Most bottlenecks occur at the WAN link (e.g.\& 890modem, T1, DSL, whatever). 891If expanding the link is not an option it may be possible to use the 892.Xr dummynet 4 893feature to implement peak shaving or other forms of traffic shaping to 894prevent the overloaded service (such as web services) from affecting other 895services (such as email), or vice versa. 896In home installations this could --- 39 unchanged lines hidden --- |