Linux Kernel Tuning for High-Performance Networking is a common requirement for VPS administrators. This guide provides practical instructions that you can follow on Ubuntu 22.04/24.04 or Debian 12, though most steps apply to other distributions as well.
Baseline Measurement
Performance benchmarks show that properly tuned kernel can handle significantly more concurrent connections than the default configuration. The key improvements come from adjusting worker processes and connection pooling.
# Kernel tuning: /etc/sysctl.d/99-performance.conf
cat << 'EOF' | sudo tee /etc/sysctl.d/99-performance.conf
# Network performance
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 65535
net.ipv4.tcp_max_syn_backlog = 65535
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 15
# Memory management
vm.swappiness = 10
vm.dirty_ratio = 15
vm.dirty_background_ratio = 5
# File descriptors
fs.file-max = 2097152
fs.nr_open = 2097152
EOF
sudo sysctl --system
Note that file paths may vary depending on your Linux distribution. The examples here are for Debian/Ubuntu; adjust paths accordingly for RHEL/CentOS-based systems.
Performance Considerations
If you encounter issues during setup, check the system logs first. Most problems can be diagnosed by examining the output of journalctl or the application-specific log files in /var/log/.
Kernel and OS Tuning
Regular maintenance is essential for keeping your kernel installation running smoothly. Schedule periodic reviews of log files, disk usage, and security updates to prevent issues before they occur.
# Benchmark before and after optimization
# CPU benchmark
sysbench cpu --cpu-max-prime=20000 run
# Memory benchmark
sysbench memory --memory-block-size=1M --memory-total-size=10G run
# Disk I/O benchmark
sysbench fileio --file-total-size=4G --file-test-mode=rndrw prepare
sysbench fileio --file-total-size=4G --file-test-mode=rndrw run
sysbench fileio --file-total-size=4G cleanup
The output should show the service running without errors. If you see any warning messages, address them before proceeding to the next step.
- Set up monitoring before going to production
- Document all configuration changes
- Test disaster recovery procedures regularly
- Use version control for configuration files
Application-Level Optimization
If you encounter issues during setup, check the system logs first. Most problems can be diagnosed by examining the output of journalctl or the application-specific log files in /var/log/.
# Kernel tuning: /etc/sysctl.d/99-performance.conf
cat << 'EOF' | sudo tee /etc/sysctl.d/99-performance.conf
# Network performance
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 65535
net.ipv4.tcp_max_syn_backlog = 65535
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 15
# Memory management
vm.swappiness = 10
vm.dirty_ratio = 15
vm.dirty_background_ratio = 5
# File descriptors
fs.file-max = 2097152
fs.nr_open = 2097152
EOF
sudo sysctl --system
Note that file paths may vary depending on your Linux distribution. The examples here are for Debian/Ubuntu; adjust paths accordingly for RHEL/CentOS-based systems.
Caching Strategy
The networking component plays a crucial role in the overall architecture. Understanding how it interacts with kernel will help you make better configuration decisions.
# Benchmark before and after optimization
# CPU benchmark
sysbench cpu --cpu-max-prime=20000 run
# Memory benchmark
sysbench memory --memory-block-size=1M --memory-total-size=10G run
# Disk I/O benchmark
sysbench fileio --file-total-size=4G --file-test-mode=rndrw prepare
sysbench fileio --file-total-size=4G --file-test-mode=rndrw run
sysbench fileio --file-total-size=4G cleanup
The configuration above sets the recommended values for a VPS with 2-4GB of RAM. Adjust the memory-related settings proportionally if your server has different specifications.
Configuration Options
Before making changes to the configuration, always create a backup of the existing files. This ensures you can quickly roll back if something goes wrong during the setup process.
- Enable firewall and allow only necessary ports
- Set up fail2ban for brute force protection
- Keep all software components up to date
Common Issues and Solutions
- Permission denied errors: Ensure files and directories have the correct ownership. Use
chown -Rto fix ownership andchmodfor permissions. - Service won't start: Check the logs with
journalctl -xe -u kernel. Common causes include port conflicts, missing configuration files, or insufficient permissions.
Wrapping Up
Following this guide, your kernel setup should be production-ready. Keep an eye on resource usage as your traffic grows and don't forget to test your backup and recovery procedures periodically.