**Contents** [[!toc levels=3]] # Tuning the kernel ## Process and file descriptor limits **Before reading:** _These are mostly only demonstative values on how to tune your system for different needs. They are not some kind of an ultimate optional values. This article mostly aims to provide a quick overview on the ways to fine tune your system settings and being aware of the limitations._ ### maxusers The name is a bit misleading, because it doesn't set the number of users on the system, but used in the formula to calculate maximal number of allowed processes. You can find it in your kernel configuration file, something like this: maxusers 32 This is the default value, so if we look at the formulae we get process limit values: /usr/src/sys/param.h: #define NPROC (20 + 16 * MAXUSERS) /usr/src/sys/conf/param.c: #define MAXFILES (3 * (NPROC + MAXUSERS) + 80) So we got 532 for NPROC (maximal number of processes) and 1772 for MAXFILES (maximal number of open file descriptors). Some say that the maxusers should be set to the amount of RAM in megabytes. For reference, FreeBSD sets is automaticaly by this formula, but limits it's maximum to 384. Setting it to 64 is always a safe bet if you don't want too much experimenting. Just change it in your kernel configuration file: maxusers 64 Compile the new kernel with build.sh or manualy, install the new kernel and reboot. You can check your limits with sysctl: With maxusers 32 $ sysctl proc.curproc.rlimit.maxproc proc.curproc.rlimit.maxproc.soft = 160 proc.curproc.rlimit.maxproc.hard = 532 $ sysctl proc.curproc.rlimit.descriptors proc.curproc.rlimit.descriptors.soft = 64 proc.curproc.rlimit.descriptors.hard = 1772 With maxusers 64 You can check your limits with sysctl: $ sysctl proc.curproc.rlimit.maxproc proc.curproc.rlimit.maxproc.soft = 160 proc.curproc.rlimit.maxproc.hard = 1044 $ sysctl proc.curproc.rlimit.descriptors proc.curproc.rlimit.descriptors.soft = 64 proc.curproc.rlimit.descriptors.hard = 3404 ### login.conf So you can change the hard limits now. Let's see the soft limits. or with ulimit: $ ulimit -a core file size (blocks, -c) unlimited data seg size (kbytes, -d) 131072 file size (blocks, -f) unlimited max locked memory (kbytes, -l) 80920 max memory size (kbytes, -m) 242760 open files (-n) 64 pipe size (512 bytes, -p) 1 stack size (kbytes, -s) 2048 cpu time (seconds, -t) unlimited max user processes (-u) 160 virtual memory (kbytes, -v) 133120 You can set it with the file /etc/login.conf: default:\ :path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/pkg/bin /usr/pkg/sbin /usr/local/bin:\ :umask=022:\ :datasize-max=3072M:\ :datasize-cur=1024M:\ :maxproc-max=1044:\ :maxproc-cur=512:\ :openfiles-cur=256:\ :stacksize-cur=8M: Next time you start the sytem, all users belonging to the _default_ login group will have the following limits: $ ulimit -a coredump(blocks) unlimited data(KiB) 1048576 file(blocks) unlimited lockedmem(KiB) 124528 memory(KiB) 373584 nofiles(descriptors) 256 processes 512 stack(KiB) 8192 time(cpu-seconds) unlimited You may set different limits for different user, thus different services: database:\ :ignorenologin:\ :datasize=infinity:\ :maxproc=infinity:\ :openfiles-cur=1024:\ :stacksize-cur=48M: You should run this command after editing your login.conf: $ cap_mkdb /etc/login.conf You can assign the newly created login class to the desired user by doing something like this: $ usermod -L database pgsql Let's check our limits again with sysctl: $ sysctl proc.curproc.rlimit.maxproc proc.curproc.rlimit.maxproc.soft = 512 proc.curproc.rlimit.maxproc.hard = 1044 $ sysctl proc.curproc.rlimit.descriptors proc.curproc.rlimit.descriptors.soft = 256 proc.curproc.rlimit.descriptors.hard = 3404 Much reasonable for a modern system. ## System V interprocess communication Shared memory and semaphores are part of the System V IPC. Using and fine tuning shared memory and semaphores can give you increased performance on your NetBSD server. You can check it's settings with sysctl: $ sysctl kern.ipc kern.ipc.sysvmsg = 1 kern.ipc.sysvsem = 1 kern.ipc.sysvshm = 1 kern.ipc.shmmax = 8388608 kern.ipc.shmmni = 128 kern.ipc.shmseg = 128 kern.ipc.shmmaxpgs = 2048 kern.ipc.shm_use_phys = 0 kern.ipc.msgmni = 40 kern.ipc.msgseg = 2048 kern.ipc.semmni = 10 kern.ipc.semmns = 60 kern.ipc.semmnu = 30 As you can see, the default maximum size of shared memory segment (shmmax) is 8 megabytes by default, but for a postgresql server you will most likely need about 128 megabytes. Note, that you cannot set shmmax directly with syctl, but you need to set the value in pages size with _kern.ipc.shmmaxpgs_. The default PAGE_SIZE is 4096, so if you want to set it to 128M, you have to do: grimnismal# sysctl -w kern.ipc.shmmaxpgs=32768 kern.ipc.shmmaxpgs: 4096 -> 32768 So the formula is: 128 * 1024 * 1024 / 4096 = 32768 **You can make any sysctl change permanent by setting it in /etc/sysctl.conf** You can also get detailed information on System V interprocess communication (IPC) facilities on the system with the following command: $ ipcs IPC status from as of Mon Dec 3 18:52:00 2007 Message Queues: T ID KEY MODE OWNER GROUP Shared Memory: T ID KEY MODE OWNER GROUP m 65536 5432001 --rw------- pgsql pgsql Semaphores: T ID KEY MODE OWNER GROUP s 65536 5432001 --rw------- pgsql pgsql s 65537 5432002 --rw------- pgsql pgsql s 65538 5432003 --rw------- pgsql pgsql You can also force shared memory to stay in physical memory. This means that they will be never paged out to swap. You may set this behaviour with the _kern.ipc.shm_use_phys_ sysctl. ## TCP Performance ### Socket buffers TCP uses what is called the “congestion window” to determine how many packets can be sent at one time. The larger the congestion window size, the higher the throughput. The maximum congestion window is related to the amount of buffer space that the kernel allocates for each socket. So on high bandwidth line the bottleneck could be the buffer sizes. Here's the formula for a network link's throughput: Throughput = buffer size / latency So if we reorganise it a bit, we get the formula of the ideal buffer size: buffer size = 2 * delay * bandwidth The delay is the network latency, which is most commonly known as "ping". I think I don't have to introduce this tool: $ ping yahoo.com PING yahoo.com (66.94.234.13): 56 data bytes 64 bytes from 66.94.234.13: icmp_seq=0 ttl=50 time=195.596 ms 64 bytes from 66.94.234.13: icmp_seq=1 ttl=50 time=188.883 ms 64 bytes from 66.94.234.13: icmp_seq=2 ttl=51 time=192.023 ms ^C ----yahoo.com PING Statistics---- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 188.883/192.167/195.596/3.359 ms However ping(1) will give you the round-trip of the network link -- which is the twice of delay -- so the final formula is the following: buffer size = RTT * bandwidth Fortunately, there is an automatic control for those buffers in NetBSD. It can be checked and and enabled with sysctl: net.inet.tcp.recvbuf_auto = 0 net.inet.tcp.recvbuf_inc = 16384 net.inet.tcp.recvbuf_max = 262144 net.inet.tcp.sendbuf_auto = 0 net.inet.tcp.sendbuf_inc = 8192 net.inet.tcp.sendbuf_max = 262144 The default values for the maximal send and receive buffers are set to 256 KBytes, which is very tiny. A reasonable value for newer systems would be 16 MBytes, so you may set it to that value after you turned it on with sysctl: net.inet.tcp.recvbuf_auto=1 net.inet.tcp.sendbuf_auto=1 net.inet.tcp.sendbuf_max=16777216 net.inet.tcp.recvbuf_max=16777216 Just remember that your application has to avoid using SO_RCVBUF or SO_SNDBUF if it wants to take advantage of using automatically sized buffers. ### Increase the initial window size RFC 6928 permits the extension of the initial window size to 10 segments. By default NetBSD uses 4 segments as specified in the RFC 3390. You can increase it by using the following sysctl's: net.inet.tcp.init_win=10 net.inet.tcp.init_win_local=10 ### IP queue If you are seeing drops due to the limited IP queue (check the net.inet.ip.ifq.drops sysctl), you can increase that by using: net.inet.ip.ifq.maxlen = 4096 ### Other settings If you still are seeing low throughput, maybe it's time for desperate measures ! Try to change the congestion algorithm to cubic using: net.inet.tcp.congctl.selected=cubic Or try to decrease the limit (expressed in hz ticks) at which the system fires a delayed ACK (for an odd numbered packet). Usually one hz is 10ms but you may want to double check using the kern.clockrate sysctl, and dividing one second to the value there. So, to decrease delack_ticks to 50ms use: net.inet.tcp.delack_ticks=5 ## Disk I/O You may enable additional buffer queue strategies for better responsiveness under high disk I/O load. Enable them with the following lines in your kernel configuration file: options BUFQ_READPRIO options BUFQ_PRIOCSCAN ## Using optimized FLAGS with GCC NOTE: Trying to utilise heavy optimalisations can make your system hard to debug, cause unpredictable behaviour or kill your pet. Especially use of -mtune is highly discouraged, because it does not improve performance considerably or at all compared to -march=i686, and gcc4 can't handle it correctly at least on athlon CPUs. You can put something like this into your mk.conf, when you compile your packages and your system. CPUFLAGS+=-march=i686 COPTS+=-O2 FIXME: This is only for building world CFLAGS+="-O2 -march=i686" FIXME: For packages For more detailed information about the possible CFLAG values, please read the GNU C Compiler documentation [[!template id=man name="gcc" section="1"]]. # References * ["17.4. Managing Kernel Resources". PostgreSQL 8.3 Documentation. PostgreSQL Global Development Group.](http://www.postgresql.org/docs/8.3/static/kernel-resources.html) * ["Performance Tuning a NetBSD Server". Eric Radman](https://web.archive.org/web/20071202110649/http://eradman.com/article/bsdtuning1) * ["TCP Tuning Guide". Lawrence Berkeley National Laboratory](http://www-didc.lbl.gov/TCP-tuning/) # See also * [Configuration examples](../../examples/configuration_examples)