Many of the OpenVZ users try to tweak sysctl.conf and are returned with error. OpenVZ kernel offers a conservative and stable kernel. Here is some information on sysctl.conf tweaking in OpenVZ virtual server instance. Our all tweaks related to system is on dedicated servers, if we tweak any cloud server, we mention the name of the vendor along with the tweak. Applying tweaks for other system on OpenVZ production server is not recommended.
Biggest performance boost of OpenVZ instance is not using more than 50% available RAM. In other words, if you need 6GB RAM, you should have 12GB RAM. It is an observed phenomenon due to unintentional push of swap from the host which during sudden load may decrease performance.
sysctl.conf Tweaking In OpenVZ Virtual Server Instance
OpenVZ is not really a true virtual machine, it is more like a container virtualization . There is only one single kernel running on the host operating systems and all the OpenVZ virtual instances. A kernel panic out of wrong configuration can bring down the whole system, hence most of the kernel settings are shared between the host and all guests. Actually you are not allowed to modify all those settings on OpenVZ virtual server instance because not all will work.
---
Most importantly, the sysadmin of the host, has configured to optimise everything. The sysctl interface changes the kernel parameters, immediately if possible and which settings will take change that depends on the OpenVZ kernel version. In other words, some values are writable.
Possibly you can open /etc/sysctl.conf and edit the configurations up to the below values :
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | net.ipv4.conf.default.rp_filter=1 net.ipv4.conf.all.rp_filter=1 net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.ip_forward=1 net.ipv4.conf.default.proxy_arp = 0 net.ipv4.conf.all.accept_redirects = 0 net.ipv6.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv6.conf.default.accept_redirects = 0 net.ipv4.icmp_echo_ignore_all = 1 net.ipv4.conf.all.secure_redirects = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 1 net.ipv4.conf.all.accept_source_route = 0 net.ipv6.conf.all.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0 net.ipv6.conf.default.accept_source_route = 0 net.ipv4.conf.all.log_martians = 1 net.ipv4.icmp_ignore_bogus_error_responses = 1 net.core.somaxconn = 4096 |
You can run :
1 | sysctl -p |
to test. There must not be errors like :
1 | sysctl: permission denied on key 'net.core.rmem_max' |
Output should be clean like :
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.all.rp_filter = 1 net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.conf.all.accept_redirects = 0 net.ipv6.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv6.conf.default.accept_redirects = 0 net.ipv4.icmp_echo_ignore_all = 1 net.ipv4.conf.all.secure_redirects = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.all.accept_source_route = 0 net.ipv6.conf.all.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0 net.ipv6.conf.default.accept_source_route = 0 net.ipv4.conf.all.log_martians = 1 net.ipv4.icmp_ignore_bogus_error_responses = 1 net.core.somaxconn = 4096 |
You can check all the parameters with :
1 | sysctl -A |
Of course you can check more information on OpenVZ Wiki.
Tagged With kernel sysctl tweaks , openvz change sysctl , sysctl conf tweaks , sysctl on openvz , tweaks sysctl conf