Servers
数量: 150
类型：HTTP/HTTPS响应GET/POST请求，返回json数据并产生日志
稳定支持的并发会话数量：400K

系统相关配置
# grep -E ‘maxconn|nbproc’ /etc/haproxy/haproxy.cfg

maxconn     200000
nbproc           7

# cat /etc/security/limits.d/90-nproc.conf

# Default limit for number of user's processes to prevent
# accidental fork bombs.
# See rhbz #432903 for reasoning.

*          -    nproc     4096
root       -    nproc     unlimite

# cat /etc/security/limits.d/90-nofile.conf

*          -    nofile     200000

# cat /etc/sysctl.conf

# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
# sysctl.conf(5) for more details.

# Controls IP packet forwarding
net.ipv4.ip_forward = 1
net.ipv4.ip_nonlocal_bind = 1

# Controls source route verification
net.ipv4.conf.default.rp_filter = 0

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1

# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1

# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

# Controls the maximum size of a message, in bytes
kernel.msgmnb = 65536

# Controls the default maxmimum size of a mesage queue
kernel.msgmax = 65536

# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736

# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296

# Maximize ephemeral port range
net.ipv4.ip_local_port_range = 1024 65535

# ARP related
net.ipv4.conf.all.arp_notify = 1
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2

# General gigabit tuning
net.core.somaxconn = 32768
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.rmem_default = 16777216
net.core.wmem_default = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 87380 16777216
net.ipv4.tcp_mem = 94500000 915000000 927000000

# Give the kernel more memory for tcp
# which need with many (100k+) open socket connections
net.core.netdev_max_backlog = 262144
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_max_tw_buckets = 2000000
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_time = 1800
net.ipv4.tcp_slow_start_after_idle = 0

## Protect against tcp time-wait assassination hazards
## drop RST packets for sockets in the time-wait state
net.ipv4.tcp_rfc1337 = 1

# Enusre that immediatly subsequent connections use the new values
net.ipv4.route.flush = 1

# Increase system file descriptor limit
fs.file-max = 200000
kernel.pid_max = 65536

# Limit number of orphans, each orphan can eat up to 16M (max wmem) of unswappable memory
net.ipv4.tcp_max_orphans = 60000
net.ipv4.tcp_synack_retries = 3
net.ipv4.tcp_syn_retries = 3

生产线上HAProxy内核参数调优，首发于服务器安全维护工作室。