🐞 fix:TSG-17752

2023-11-21 16:17:08 +08:00
parent 56b8c3fa7f
commit 954b379a52
2 changed files with 63 additions and 1 deletions
--- a/ansible/roles/traffic-engine/files/helm/templates/deployment-proxy.yaml
+++ b/ansible/roles/traffic-engine/files/helm/templates/deployment-proxy.yaml
@@ -169,6 +169,34 @@ spec:
          - "bash"
          - "-ec"
          - |
+            mount -o remount,rw /sys
+            # disable rpfilter
+            sysctl -w net.ipv4.conf.all.rp_filter=0
+            sysctl -w net.ipv4.conf.default.rp_filter=0
+
+            # fs
+            sysctl -w fs.file-max=1048576
+            sysctl -w net.core.somaxconn=131072
+
+            # tcp options about TIME_WAIT
+            sysctl -w net.ipv4.tcp_fin_timeout=10
+            sysctl -w net.ipv4.tcp_tw_reuse=1
+            sysctl -w net.ipv4.tcp_max_tw_buckets=4096
+            sysctl -w net.ipv4.tcp_max_syn_backlog=131072
+
+            # bbr
+            sysctl -w net.ipv4.tcp_congestion_control=bbr
+
+            # tcp feature
+            sysctl -w net.ipv4.tcp_ecn=0
+            sysctl -w net.ipv4.tcp_sack=1
+            sysctl -w net.ipv4.tcp_timestamps=1
+
+            # disable tcp windows scaling for kernel bugs
+            sysctl -w net.ipv4.tcp_window_scaling=0
+
+
+
            {{ template "traffic-engine.init" . }}
            ip tuntap add dev tap0 mode tap multi_queue
            /usr/sbin/ip link set tap0 address fe:65:b7:03:50:bd
@@ -233,7 +261,6 @@ spec:
            /usr/sbin/ip -6 rule add iif tap_c tab 102
            /usr/sbin/ip -6 rule add iif tap_s tab 102

-            mount -o remount,rw /sys
        securityContext:
          privileged: true
        env:
--- a/ansible/roles/tuned/files/tuned.conf
+++ b/ansible/roles/tuned/files/tuned.conf
@@ -43,6 +43,41 @@ assert2=${f:assertion:isolated_cores contains online CPU(s):${isolated_cores_exp
 /sys/devices/virtual/workqueue/*/cpumask = ${not_isolated_cpumask}
 /sys/devices/system/machinecheck/machinecheck*/ignore_ce = 1

+[sysctl]
+# read/write buffer
+net.core.rmem_default = 256960
+net.core.rmem_max = 33554432
+net.core.wmem_default = 256960
+net.core.wmem_max = 33554432
+
+# disable rpfilter
+net.ipv4.conf.all.rp_filter=0
+net.ipv4.conf.default.rp_filter=0
+
+# fs
+fs.file-max=1048576
+net.core.netdev_max_backlog=1000000
+net.core.somaxconn=131072
+
+# tcp options about TIME_WAIT
+net.ipv4.tcp_fin_timeout=10
+net.ipv4.tcp_tw_reuse=1
+net.ipv4.tcp_max_tw_buckets=4096
+net.ipv4.tcp_max_orphans=131072
+net.ipv4.tcp_max_syn_backlog=131072
+
+# bbr
+net.ipv4.tcp_congestion_control=bbr
+
+# tcp feature
+net.ipv4.tcp_ecn=0
+net.ipv4.tcp_sack=1
+net.ipv4.tcp_timestamps=1
+
+# disable tcp windows scaling for kernel bugs
+net.ipv4.tcp_window_scaling=0
+
+
 [systemd]
 cpu_affinity=${not_isolated_cores_expanded}