Tuning OpenStack Server Instance Can Give Better Networking Performance and Better Security. Example is Given With Ubuntu Server on HP Cloud. As basically we work with virtual machines, stability of an instance is far lesser than a real machine. We have to compromise between performance and stability by trial and error method. The best way to exert a server load is to assign it to a dev domain and purchase cheaper real human traffic. This is practical and real life test and monitor the resource consumption, log files etc. No tool basically can emulate the real world situation. This Guide For Tuning OpenStack Server Instance is Intended For The Advanced Users Only. We are taking it granted that MySQL or any other database is running on separate server, we are tuning a Nginx webserver running PHP5-FPM, XCache with WordPress as Frond End web software. You are spinning up an instance from latest manual OpenStack Snapshot.
Tuning OpenStack Server Instance (Ubuntu, HP Cloud) : TCP
Default allocated TCP buffer sizes for Linux too small. We can know the value by running this command :
1 | cat /proc/sys/net/ipv4/tcp_mem |
For a 4 GB instance, this will give this kind of value :
---
1 | 94638126184189276 |
First we are providing you the commands with cat to get your default values. You can keep them as record, do the changes by editing the file, reload the sysctl.conf to to reflect the changes.
1 2 3 4 5 6 7 8 | # socket memory cat /proc/sys/net/core/rmem_default cat /proc/sys/net/core/rmem_max # send socket memory cat /proc/sys/net/core/wmem_default cat /proc/sys/net/core/wmem_max # buffer cat /proc/sys/net/core/optmem_max |
We have to edit the file – /etc/sysctl.conf and then reload it by running sysctl -p command. Open with Nano :
1 | nano /etc/sysctl.conf |
There are many commented out lines. First, it is better to search with parameter within the file with ^ + W search function. If the line is not present, add it at the end of the file, write out and reload. These are the directions to be added.
1 2 3 4 5 6 7 8 9 | net.core.wmem_max=12582912 net.core.rmem_max=12582912 net.ipv4.tcp_rmem= 10240 87380 12582912 net.ipv4.tcp_wmem= 10240 87380 12582912 net.ipv4.tcp_window_scaling = 1 net.ipv4.tcp_timestamps = 1 net.ipv4.tcp_sack = 1 net.ipv4.tcp_no_metrics_save = 1 net.core.netdev_max_backlog = 5000 |
These are more than enough.
Tuning OpenStack Server Instance (Ubuntu, HP Cloud) : /proc filesystem
We have to edit the file – /etc/sysctl.conf and then reload it by running sysctl -p command. Open it with Nano and here is a sample parameters :
1 2 3 4 5 6 7 | net.ipv4.ip_forward = 1 kernel.shmall = 2097152 kernel.shmmax = 2147483648 kernel.shmmni = 4096 kernel.sem = 250 32000 100 128 fs.file-max = 65536 net.ipv4.ip_local_port_range = 1024 65000 |
These are direct changes to VM (memory) subsystem. We could use the command sysctl to view and temporarily edit the values. In that case, when we would reboot, the changes would go away. As our instance itself is a snapshot, we can play without going through so many steps. Grammatically, that is the correct method for a Physical Machine.
Tuning OpenStack Server Instance (Ubuntu, HP Cloud) : Security and the Full File
This is a sample /etc/sysctl.conf file :
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 | net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.icmp_ignore_bogus_error_responses = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.conf.all.log_martians = 1 net.ipv4.conf.default.log_martians = 1 net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0 net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.all.secure_redirects = 0 net.ipv4.conf.default.secure_redirects = 0 net.ipv4.ip_forward = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 kernel.exec-shield = 1 kernel.randomize_va_space = 1 # HP Cloud has no IPv6 # net.ipv6.conf.default.router_solicitations = 0 # net.ipv6.conf.default.accept_ra_rtr_pref = 0 # net.ipv6.conf.default.accept_ra_pinfo = 0 # net.ipv6.conf.default.accept_ra_defrtr = 0 # net.ipv6.conf.default.autoconf = 0 # net.ipv6.conf.default.dad_transmits = 0 # net.ipv6.conf.default.max_addresses = 1 # HP Cloud has no IPv6 above kept for future fs.file-max = 65535 kernel.pid_max = 65536 net.ipv4.ip_local_port_range = 2000 65000 net.ipv4.tcp_rmem = 4096 87380 8388608 net.ipv4.tcp_wmem = 4096 87380 8388608 net.core.rmem_max = 8388608 net.core.wmem_max = 8388608 net.core.netdev_max_backlog = 5000 net.ipv4.tcp_window_scaling = 1 |
Tuning OpenStack Server Instance (Ubuntu, HP Cloud) : Nginx Specific
These are applicable to either /etc/nginx/nginx.conf or /etc/nginx/sites-available/default (for one domain, one server setup) :
1 2 3 4 5 6 7 | # session and simultaneous connections for a session limit_zone slimits $binary_remote_addr 5m; limit_conn slimits 5; # Edit it, request to Host is only allowed if ($host !~ ^(thecustomizewindows.com|www.thecustomizewindows.com)$ ) { return 444; } |
These are usually maximum. Hotlinking images sucks resources but also give a feeble backlink. For SEO reasons, it is better to allow some method. It is better to use CORS header and configure CDN to block the usage of CSS and Javascript by the others.
Tagged With rmem_max openstack , tuning cloud server