SoFunction
Updated on 2025-04-18

Detailed Guide to Linux Kernel Parameter Configuration and Verification

1. Introduction

In Linux system operation and performance optimization, the configuration of kernel parameters (sysctl) is crucial. Reasonable parameter adjustment can significantly improve network performance, system stability and resource utilization. However, it is not enough to just modify the parameters, and it is also critical to verify whether these parameters are effective.

This article will take actual cases as a basis to introduce in detail how to configure and verify Linux kernel parameters, covering the following content:

  • The role of common kernel parameters
  • How to set parameters correctly
  • How to verify whether the parameters are effective
  • Frequently Asked Questions

Target readers: System administrator, DevOps engineer, network engineer and Linux enthusiast.

2. The role of kernel parameters

In Linux systems, sysctl is used to dynamically adjust kernel parameters and affect system behavior. The following are several key parameters and their functions involved in this article:

parameter effect Default value (may vary by system)
Define the maximum length of the TCP listening queue, affecting high concurrent connection performance Usually128or4096
net.ipv4.ip_local_reserved_ports Reserve ports to prevent random allocation Default is empty
net.ipv4.ip_local_port_range Local TCP/UDP port range generally32768 60999
net.ipv4.tcp_tw_reuse Reuse allowedTIME_WAITState ports to improve connection multiplexing rate 0(Disable) or1(Enabled)
net.ipv4.tcp_max_syn_backlog The maximum length of the SYN queue affects the ability to resist SYN flood attacks generally128or1024
.netdev_max_backlog The maximum queue length for a network device to receive data packets generally1000

Adjustments to these parameters are usually used for:

  • Optimize high-concurrency servers (such as web servers, databases)
  • Prevent port exhaustion
  • Improve network throughput
  • Enhanced anti-DDoS attack capabilities

3. How to set kernel parameters

3.1 Temporary settings (restart failed)

Use the sysctl -w command to temporarily modify parameters, for example:

sysctl -w =65535

This method will fail after the system restarts and is suitable for temporary testing.

3.2 Permanent settings (restart still takes effect)

To make the parameters permanently effective, you need to modify /etc/ or create a custom configuration file under /etc//, for example:

echo "=65535" >> /etc/

Then execute sysctl -p to reload the configuration:

sysctl -p

Or specify a custom configuration file:

sysctl -p /etc//

3.3 Setting in container environments (such as Kubernetes/Docker)

In Kubernetes Pod configuration, sysctls can be set through securityContext:

apiVersion: v1
kind: Pod
metadata:
  name: sysctl-pod
spec:
  securityContext:
    sysctls:
    - name: 
      value: "65535"
    - name: net.ipv4.tcp_tw_reuse
      value: "1"

In Docker, you can use the --sysctl parameter:

docker run --sysctl =65535 my-image

4. How to verify whether the parameters are effective

4.1 Using the sysctl command

sysctl

Output example:

= 65535

4.2 Read directly the files under /proc/sys/

cat /proc/sys/net/core/somaxconn

Output example:

65535

4.3 Batch check all parameters

sysctl -a | grep -E '|net.ipv4.ip_local_reserved_ports|net.ipv4.ip_local_port_range|net.ipv4.tcp_tw_reuse|net.ipv4.tcp_max_syn_backlog|.netdev_max_backlog'

Output example:

= 65535
net.ipv4.ip_local_reserved_ports = 9100
net.ipv4.ip_local_port_range = 1024 61999
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_syn_backlog = 65535
.netdev_max_backlog = 5000

4.4 Verify in the container

If the parameters are set in the Kubernetes Pod or Docker container, you need to enter the container to perform the check:

kubectl exec -it <pod-name> -- sysctl

or

docker exec -it <container-id> sysctl

5. Troubleshooting of FAQs

5.1 The parameter does not take effect after modification

Possible reasons:

  • Configuration not reloaded: sysctl -p was not executed after modifying /etc/.
  • Container limitations: Some parameters are not allowed to be modified in container environments (such as kernel.* parameters).
  • Kernel version does not support: Some parameters may not exist in the new/old kernel.

5.2 Port range setting error

If the ip_local_port_range is set incorrectly, the application may not be able to obtain the port:

# Error example (scope too small)net.ipv4.ip_local_port_range = 1024 2000

The range should be ensured to be large enough (e.g. 1024 65535).

5.3 Parameter conflict

For example, enabling both net.ipv4.tcp_tw_reuse and net.ipv4.tcp_tw_recycle may cause connection problems in NAT environments (Tcp_tw_recycle has been removed on Linux 4.12+).

6. Best Practices

Test first and then apply: Use sysctl -w to temporarily adjust, observe the system stability before writing to the configuration file.

Monitoring impact: After adjusting the parameters, use tools such as ss -lnt, netstat -s to observe the network status.

Document record: Record all modified parameters and their reasons for convenience of subsequent maintenance.

7. Summary

This article details how to set and verify Linux kernel parameters, covering:

  • The role of key parameters
  • Temporary and permanent configuration methods
  • Special treatment in container environment
  • Verification method
  • Frequently Asked Questions

By rationally adjusting kernel parameters, server performance can be significantly improved, but it must be operated with caution to avoid causing instability problems. It is recommended to test it thoroughly before modification and make a backup.

This is the article about the detailed guide to Linux kernel parameter configuration and verification. For more related Linux kernel parameter content, please search for my previous articles or continue browsing the related articles below. I hope everyone will support me in the future!