This document describes how to tune Compaq Tru64 UNIX in order to improve the performance of Internet servers, which include Web servers, ftp servers, mail servers and relays, proxy servers, gateway systems, and firewall systems. The recommendations result from testing Tru64 UNIX systems running Internet server software such as AltaVista (altavista.digital.com). Not all recommendations are appropriate for all types of systems.
Some of the information in this document applies only to systems running the latest version of Tru64 UNIX or systems that have the latest patches installed. You should install the latest patches that are recommended for your operating system version. See Tru64 UNIX Operating System Patches for more information.
This document is periodically updated as new information becomes available. For document revisions and information about changes since the last revision, see Recent Changes. You can access the latest version of this document at the following location: http://www.digital.com/internet/document/ias/tuning.html.
We value your comments and suggestions on the information in this document. Please mail your comments to ias-support@digital.com.
Copyright
Legal Notice
Recent Changes
This document's revision history is as follows:
Version 2.3 - December, 1998 (the latest version)
Version 2.2 - July, 1998
Version 2.1 - May, 1998
Version 2.0 - February, 1998
Version 1.2.2 - October, 1997
Version 1.2.1 - July, 1997
Version 1.2 - April, 1997
Version 1.1.1 - February, 1997
Version 1.1 - November, 1996
Version 1.0 - October, 1996
Version 2.3 of this document includes the following new information:
Description of memory requirements for Internet servers. See Configuring Memory for High Performance for information.
Description of the socket
subsystem attribute sb_max
. See Increasing the Maximum Size of a Socket Buffer for information.
Descriptions of the following inet
subsystem attributes:
tcbhashnum
- See Increasing the Number of TCP Hash
Tables for information. ipport_userreserved_min
- See Modifying the Range of
Outgoing Connection Ports for information. ipqs
- See Increasing the Number of IP Input Queues for
information. ipqmaxlen
- See Preventing Dropped Input Packets
for information. Description of the vm
subsystem attribute vm-maxvas
. See Increasing the Valid Virtual Address Space for information.
Descriptions of the following proc
subsystem attributes:
max-per-proc-data-size
- See Increasing
the Maximum Size of a Data Segment for information. max-per-proc-address-size
- See Increasing
the Maximum Amount of Process Address Space for information. Improved tuning recommendations for Internet servers. See Primary Internet Server Tuning Recommendations for information.
Return to the Table of Contents.
It is recommended that you run the latest version of DIGITAL UNIX on your Internet server, so you can utilize its performance enhancements. You should also install the latest patches for your operating system version, as recommended in this document.
The following patches are available for DIGITAL UNIX:
This patch provides additional tunable kernel attributes and other performance enhancements. For some versions of the operating system, this patch is included in the security patch that is described next.
The Internet server performance patch is not required for DIGITAL UNIX Version 3.2G and later v>
This patch protects your system from crashes and performance problems caused by remote sites. It enhances your system's security and also prevents or reduces the performance degradation caused by TCP SYN attacks.
The security patch for DIGITAL UNIX Version 3.2C, 3.2D, 3.2E, and 3.2F also includes the Internet server performance patch. If you install the security patch on a system running one of these versions, you do not have to install the Internet Server performance patch.
The security patch is not required for DIGITAL UNIX Version 4.0B and later versions.
See Ping Fix Security Patch for more information.
This patch provides additional Internet performance enhancements and tunable kernel attributes. If you are running DIGITAL UNIX Version 4.0A, 4.0B, or 4.0C, it is recommended that you install the network performance patch.
See Network Performance Patch for more information.
Use the Recommended Patch Table to determine which patches to install on your operating system. If "Yes" is specified in the table, you should install the patch; if "No" is specified, you do not need to install the patch because the patch is already included in the operating system. If "Not supported" is specified, you cannot install the patch on the operating system version.
DIGITAL UNIX Version | Internet Server Performance Patch | Ping Fix Security Patch | Network Performance Patch |
---|---|---|---|
Version 3.2C to 3.2F | Yes (or ping fix security patch) | Yes | Not supported |
Version 3.2G | No | Yes | Not supported |
Version 4.0A | No | Yes | Yes |
Version 4.0B | No | No | Yes |
Version 4.0C | No | No | Yes |
Version 4.0D | No | No | No |
Version 4.0E | No | No | No |
You can obtain patches by one of the following methods:
If you are running DIGITAL UNIX Version 3.2C, 3.2D, 3.2E, or 3.2F and you do not want to upgrade to the latest version of DIGITAL UNIX, you should install the patch that provides Internet server performance improvements. You must install this patch to use many of the tunable attributes described in this document. This patch is not required for DIGITAL UNIX Version 3.2G and later versions.
Note that the Internet server performance patch is included in the ping fix patch for DIGITAL UNIX Version 3.2C, 3.2D, 3.2E, and 3.2F. If you install the ping fix patch for these versions, you do not have to install the Internet server performance patch. See Ping Fix Security Patch for more information.
The Internet Server Performance Patch ID Table lists the patch identification numbers for specific versions of DIGITAL UNIX.
Internet Server Performance Patch Table
DIGITAL UNIX Version | Patch ID |
---|---|
Version 3.2C | OSF350-294 |
Version 3.2D-1 | OSF360-350294 |
Version 3.2D-2 | OSF365-350294 |
Version 3.2E-1 | OSF360-350294 |
Version 3.2E-2 | OSF365-350294 |
Version 3.2F | OSF370-350338 |
Because patch identification numbers change frequently, make sure that you obtain the most recent version of a patch.
To obtain the Internet server performance patch, perform the following tasks:
duv*.README
file, where *
specifies the
operating system version, and seach for the patch ID, as specified in the Internet Server Performance Patch ID Table. For example, if you are
running DIGITAL UNIX Version 3.2F, select the duv32fas00003-19980714.README
file and search for patch ID OSF370-350338.
duv*.tar
file, where *
specifies the operating system version. The dupatch
utility allows you to selectively install patches. See the README file for information.
Return to the Table of Contents.
It is recommended that you install the patch, appropriate for your operating system version, that will protect it from crashes caused by remote sites. The "ping fix" patch for DIGITAL UNIX Version 3.2C and later versions enhances your system's security and also prevents or reduces the performance degradation caused by TCP SYN attacks.
Note that the ping fix patch for DIGITAL UNIX Version 3.2C, 3.2D, 3.2E, and 3.2F also includes the Internet server performance patch. See Internet Server Performance Patch for more information.
The Ping Fix Security Patch Table lists the patch files for recent versions of DIGITAL UNIX.
DIGITAL UNIX Version | Patch File Name |
---|---|
Version 3.2C | v32c_ping_fix.tar |
Version 3.2D-1 | v3.2de1_ping_fix.tar |
Version 3.2E-1 | v3.2de1_ping_fix.tar |
Version 3.2D-2 | v3.2de2_ping_fix.tar |
Version 3.2E-2 | v3.2de2_ping_fix.tar |
Version 3.2F | v32f_ping_fix.tar |
Version 3.2G | v32g_ping_fix.tar |
Version 4.0 | v40_ping_fix.tar |
Version 4.0A | v40a_ping_fix.tar |
To obtain a ping fix security patch, access the ftp://ftp.service.digital.com/public/ping Web site. Click on the patch file name for the appropriate operating system version and download the tar file.
The ping fix patches for DIGITAL UNIX versions prior to Version 3.2C are also available at the ping fix ftp site.
Return to the Table of Contents.
If you are running DIGITAL UNIX Version 4.0A, 4.0B, or 4.0C, you should install the patch that provides additional network performance enhancements for Internet servers that handle thousands of simultaneous TCP connections.
The network performance patch provides the following performance enhancements:
To obtain the network performance patch, perform the following tasks:
duv*.README
file, where *
specifies the
operating system version, and seach for "network patch." For example, if you are
running DIGITAL UNIX Version 4.0B, search the duv40bas00008-19980821.README
file. duv*.tar
file, where *
specifies the operating system version. The dupatch
utility allows you to selectively install patches. See the README file for information.
Return to the Table of Contents.
The following hardware recommendations can help to improve Internet server performance:
See the DIGITAL UNIX System Configuration and Tuning manual for detailed information about configuring high-performance and high-availability systems.
Return to the Table of Contents.
Each connection to an Internet server requires enough memory resources for the following:
These memory resources total 1 KB for each connection endpoint (not including the socket buffer space), which means you need 10 MB of memory in order to accommodate 10,000 connections .
You must ensure that your server has enough memory to handle demanding peak loads. Configure ten times more memory than what the server requires on a busy day, so that you have sufficient memory to handle occasional spikes of activity.
There are no limitations on a server's ability to handle millions of TCP connections if
memory resources are available to service the connections. If memory is insufficient, the
server will reject new connection requests until enough existing connections are freed.
Use the netstat -m
command to monitor the memory that is currently
being used by the network subsystem. See Displaying Network Statistics
for information.
If your Internet server logs client host names, the application software may force the system to perform a reverse DNS lookup in order to obtain the client's host name. Reverse DNS lookups are time-intensive and may cause performance problems on busy servers with many clients.
Many applications can be modified to log client Internet Protocol (IP) addresses instead of client host names, without losing any significant information. Logging IP addresses may significantly improve the efficiency of the Internet server. Consult the documentation provided by the Internet server software vendor to determine how to disable the logging of client host names.
For example, you can obtain information about modifying Apache HTTP Server software from the Apache HTTP Server documentation site.
Return to the Table of Contents.
The Internet Daemon (inetd) handles a limited number of service invocations in a one-minute period of time. The default is a maximum of 500 connection requests. If the number of requests exceeds this limit, inetd will not accept additional requests for that service.
If your Internet server receives more than eight requests per second for a service that
is spawned by inetd (for example, POP-3, ftp, and mail servers),
increase the default connection request limit. You can check the /usr/adm/messages
log file to determine if a service has been shut down. For example, the file may contain
an entry such as the following:
ftp/tcp server failing (looping), service terminated
Because the inetd daemon does not spawn any known HTTP server, the connection request limit does not affect HTTP service.
To increase the connection request limit, edit the /sbin/init.d/inetd startup script, and specify the -R n option in the command line that invokes the inetd daemon. For example, specifying inetd -R 4000 allows the daemon to accept 4000 requests per minute for a service. Then, restart the inetd daemon.
Return to the Table of Contents.
You may be able to improve Internet server performance by modifying the default values of some kernel subsystem attributes. Use the recommended attribute values that are described in this document as a starting point for tuning your Internet server.
See Displaying and Modifying Kernel Attribute Values for information about displaying the current, maximum, and minimum values and for information about modifying attributes. Some of the attributes described in this document are available only if you running a the latest versions of DIGITAL UNIX or have a particular patch installed. See the Kernel Attribute Support Table for more information.
Because Internet server configurations differ and a recommended value may not provide optimal performance for all configurations, you should be careful when modifying attributes. Read the attribute descriptions and determine which values are appropriate for your configuration. If modifying an attribute does not improve performance, you may want to return to the default value.
The recommendations described in this document are appropriate only for systems that are primarily used as Internet servers and are configured with sufficient physical memory. Using a recommended attribute value in a non-Internet server may cause a degradation in system performance.
See Primary Internet Server Tuning Recommendations for information about the tuning recommendations that provide the best performance benefit for Internet servers. In addition, see the DIGITAL UNIX System Configuration and Tuning manual for detailed information about tuning DIGITAL UNIX for various configurations.
The following sections describe:
Return to the Table of Contents.
The socket subsystem attributes control the maximum number of pending connection attempts per server socket (that is, the maximum depth of the listen or SYN queue) and other behavior. You may be able to improve Internet server performance by tuning the following socket subsystem attributes:
mbuf
cluster compression In addition, the socket subsystem attributes sobacklog_hiwat, sobacklog_drops, and somaxconn_drops track events related to socket listen queues. By monitoring these attributes, you can determine if the queues are overflowing. See Displaying Socket Statistics for more information.
Return to the Table of Contents.
The socket subsystem attribute somaxconn specifies the maximum number of pending TCP connections (the socket listen queue limit) for each server socket (for example, for the HTTP server socket). Busy Internet servers often experience large numbers of pending connections. If the listen queue connection limit is too small, incoming connect requests may be dropped. Pending TCP connections can be caused by lost packets in the Internet or denial of service attacks.
Default value: 1024 (or 8 on an unpatched DIGITAL UNIX Version 3.2 system)
Recommended value: Increase the somaxconn attribute to the maximum value, except on low memory systems. The maximum value is 32767, except on systems that are running DIGITAL UNIX Version 4.0D or later versions (or Version 4.0A, 4.0B, or 4.0C with the Network Performance Patch installed), which have a maximum value of 65,535. Specifying a value that is higher than the maximum value can cause unpredictable behavior.
See Displaying and Modifying Kernel Attribute Values for information.
Return to Modifying Socket Subsystem Attributes.
The socket subsystem attribute sominconn specifies the minimum number of pending TCP connections (backlog) for each server socket. The attribute controls how many SYN packets can be handled simultaneously before additional requests are discarded. Network performance can degrade if a client saturates a socket listen queue with erroneous TCP SYN packets, effectively blocking other users from the queue.
The value of the sominconn attribute overrides the application-specific backlog value, which may be set too low for some server software. If you do not have your application source code, you can use the sominconn attribute to set a sufficient pending-connection quota.
Default value: 0
Recommended value: Increase the value of the sominconn attribute to the maximum value. The maximum value is 32,767, except on systems running DIGITAL UNIX Version 4.0D or later versions (or Version 4.0A, 4.0B, or 4.0C with the Network Performance Patch installed), which have a maximum value of 65535. The value of the sominconn attribute should be the same as the value of the somaxconn attribute.
See Displaying and Modifying Kernel Attribute Values for information.
Return to Modifying Socket Subsystem Attributes.
mbuf
Cluster CompressionThe socket
subsystem attribute sbcompress_threshold controls
whether mbuf
clusters are compressed. By default, mbuf
clusters
are not compressed, which can cause proxy servers to consume all the available mbuf
clusters. This problem is more likely to occur if you are using FDDI, instead of Ethernet.
See Displaying Network Statistics for information about mbuf
clustering.
To enable mbuf
cluster compression, specify 600 for the value of the sbcompress_threshold
attribute. Packets will be copied into the existing mbuf
clusters if the
packet size is less than this value.
Note
If you are running a version of DIGITAL UNIX prior to Version 4.0E, you must use dbx to modify the value of the sbcompress_threshold attribute.
Default value: 0 (no mbuf
compression)
Recommended value: Specify 600 for the value of the sbcompress_threshold attribute if you have a proxy server.
See Displaying and Modifying Kernel Attribute Values for information.
Return to Modifying Socket Subsystem Attributes.
If you require a large socket buffer, increase the maximum socket buffer size. To do this, increase the value of the socket subsystem attribute sb_max before increasing the socket buffer size.
The inet
subsystem attribute tcp_sendspace
specifies the
default transmit buffer size for a TCP socket. The
Default value: 131072 bytes (or 1048576 bytes if you are running DIGITAL UNIX Version 4.0E)
See Displaying and Modifying Kernel Attribute Values for information.
Return to Modifying Socket Subsystem Attributes.
You may be able to improve Internet server performance by tuning the following Internet (inet) subsystem attributes:
Return to the Table of Contents.
You can modify the size of the hash table that the kernel uses to look up Transmission
Control Protocol (TCP) control blocks. The inet
subsystem attribute tcbhashsize
specifies the number of hash buckets in the kernel TCP connection table (the number of
buckets in the inpcb hash table). The kernel must look up the connection block
for every TCP packet it receives, so increasing the size of the table can speed the search
and improve performance.
Default value: 32 (or 512 if you are running DIGITAL UNIX Version 4.0E or later versions)
Recommended value: For Internet servers, increase the value of the tcbhashsize attribute. For systems running DIGITAL UNIX Version 4.0D (or Version 4.0A, 4.0B, or 4.0C with the Network Performance Patch installed), set the attribute value to 16,384.
For systems running DIGITAL UNIX Version 4.0A, 4.0B, or 4.0C without the Network Performance Patch installed, set the attribute value to 1024. Using a value that is higher than the maximum value will disable use of a hash table.
See Displaying and Modifying Kernel Attribute Values.
Return to Modifying Internet Subsystem Attributes.
You can increase the number of hash tables that the kernel uses to look up Transmission Control Protocol (TCP) control blocks. If you have an SMP system, you may be able to reduce head lock contention at the TCP hash table by increasing the number of hash tables. Because the kernel must look up the connection block for every TCP packet it receives, a bottleneck may occur at the TCP hash table in SMP systems. Increasing the number of tables distributes the load and may improve performance.
The inet subsystem attribute tcbhashnum specifies the number of TCP hash tables.
The tcbhashnum attribute is available only on DIGITAL UNIX Version 4.0E or later versions.
Default value: 1
Recommended value: For busy Internet server SMP systems, increase the value of the tcbhashnum attribute to 16. The minimum value is 1 (the default); the maximum value is 64.
It is recommended that you make the value of the tcbhashnum attribute the same as the value of the inet subsystem attribute ipqs. See Increasing the Number of IP Input Queues for information.
See Displaying and Modifying Kernel Attribute Values.
Return to Modifying Internet Subsystem Attributes.
The inet
subsystem attribute inifaddr_hsize
specifies the
number of hash buckets in the kernel interface alias table (in_ifaddr
). If a
system is used as a server for many different server domain names, each of which are bound
to a unique IP address, the code that matches arriving packets to the right server address
uses the hash table to speed lookup operations for the IP addresses. These addresses are
usually set using the ifconfig alias or ifconfig
aliaslist command. Increasing the number of hash buckets in the table can
improve performance on systems that use large numbers of IP alias addresses.
Default value: 32
Recommended value: The maximum value of the inifaddr_hsize
attribute is 512. For the best performance, the value of the inifaddr_hsize
attribute is always rounded down to the nearest power of 2. If you are using more than 500
interface IP aliases, specify the maximum value of 512. If you are using less than 250
aliases, use the default value of 32. For most Internet servers that do not use interface
IP aliases, the default value is adequate.
See Displaying and Modifying Kernel Attribute Values.
Return to Modifying Internet Subsystem Attributes.
The inet
subsystem attribute tcp_keepinit
specifies the
amount of time that a partially established TCP connection remains on the socket listen
queue before it times out. The value of the attribute is in units of 0.5 seconds. Partial
connections consume listen queue slots and fill the queue with connections in the SYN_RCVD
state.
Default value: 150 units (75 seconds)
Recommended value: If increasing the somaxconn limit does not prevent the listen queue from filling up, or if the default grows to an excessive length, you can reduce tcp_keepinit and cause partial connections to time out sooner. However, do not set the value too low, because you may prematurely break connections associated with clients on network paths that are slow or network paths that lose many packets. Do not set the value to less than 20 units (10 seconds). If you have a 32767 socket queue limit, the default (75 seconds) is usually adequate.
In addition, network performance can degrade if a client overfills a socket listen
queue with TCP SYN packets, effectively blocking other users from the queue. To eliminate
this problem, increase the value of the sominconn
attribute to its maximum
value. If the system continues to drop SYN packets, decrease the value of the tcp_keepinit
attribute to 30 (15 seconds). Monitor the values of the sobacklog_drops
and somaxconn_drops
attributes to determine if the system is dropping packets. See Displaying
Socket Statistics for more information on the event counters.
See Displaying and Modifying Kernel Attribute Values.
Return to Modifying Internet Subsystem Attributes.
The inet
subsystem attribute tcp_rexmit_interval_min
specifies the minimum amount of time between the first TCP retransmission. For some wide
area networks (WANs), the default value may be too small, causing premature retransmission
timeouts. This may cause duplicate transmission of packets and the erroneous invocation of
the TCP congestion-avoidance algorithms.
Default value: 2 units (1.0 second)
Recommended value: The tcp_rexmit_interval_min
attribute is
specified in units of 0.5 seconds. You can increase the value of the attribute to slow the
rate of TCP retransmissions, which decreases congestion and improves performance. However,
not every connection needs a long retransmission time. Usually, the default value is
adequate. Do not specify a value that is less than 1 unit. Do not change the attribute
unless you fully understand TCP algorithms and your network topology.
See Displaying and Modifying Kernel Attribute Values.
Return to Modifying Internet Subsystem Attributes.
TCP keepalive functionality enables the periodic transmission of messages on a
connected socket, in order to time out inactive connections. If you set the inet
subsystem attribute tcp_keepalive_default to 1 in order to enable keepalive
functionality, sockets that do not exit cleanly are cleaned up when the keepalive interval
expires. If keepalive is not enabled, those sockets will continue to exist until you
reboot the system.
Applications enable keepalive for sockets by setting the setsockopt
function's SO_KEEPALIVE
option. To override programs that do not set
keepalive on their own or if you do not have access to the application sources, you can
enable keepalive for all sockets.
If you enable keepalive, you can also configure the following TCP options for each socket:
tcp_keepidle
attribute specifies the amount of
idle time, in 0.5 second units, before sending a keepalive probe. The default interval is
2 hours. tcp_keepintvl
attribute specifies the amount of
time, in 0.5 second units, between retransmission of keepalive probes. The default
interval is 75 seconds. tcp_keepcnt
attribute specifies the maximum
number of keepalive probes that are sent before the connection is dropped. The default is
8 probes. tcp_keepinit
attribute specifies the maximum
amount of time, in 0.5 second units, before an initial connection attempt times out. The
default is 75 seconds. Default value: 0 (disabled)
Recommended value: To override programs that do not set keepalive on their own,
or if you do not have access to the application sources, set the tcp_keepalive_default
attribute to 1 in order to enable keepalive for all sockets. After you set the attribute,
all new connections will have keepalive enabled; existing connections will continue to use
the previous keepalive setting.
See Displaying and Modifying Kernel Attribute Values.
Return to Modifying Internet Subsystem Attributes.
You can make the TCP connection context time out more quickly at the end of a connection. However, this will increase the chance of data corruption.
The TCP protocol includes a concept known as the Maximum Segment Lifetime (MSL). When a
TCP connection enters the TIME_WAIT
state, it must remain in this state for
twice the value of the MSL, or else undetected data errors on future connections can
occur. The inet
subsystem attribute tcp_msl
determines the
maximum lifetime of a TCP segment and the timeout value for the TIME_WAIT
state. The value of the attribute is set in units of 0.5 seconds.
Although the TCP specifications specify an MSL of 120 seconds, most TCP implementations use a value that is less than 120. See RFC793 and RFC1122 available from the "Index to Internet Requests for Comment" document maintained by the Ohio State University Web site:
http://www.cis.ohio-state.edu/hypertext/information/rfc.html
Default value: 60 units (30 seconds, which means that the TCP connection remains
in TIME_WAIT
state for 60 seconds or twice the value of the MSL)
Recommended value: In some situations, the default timeout value for the TIME_WAIT
state (60 seconds) is too large, so reducing the value of the tcp_msl
attribute frees connection resources sooner than the default behavior.
However, do not reduce the value of the tcp_msl
attribute unless you fully
understand the design and behavior of your network and the TCP protocol. It is strongly
recommended that you use the default value; otherwise, there is the potential for data
corruption.
See Displaying and Modifying Kernel Attribute Values.
Return to Modifying Internet Subsystem Attributes.
When a TCP or UDP application creates an outgoing connection, the kernel dynamically allocates a nonreserved port number for each connection.
The kernel selects the port number from a range of values between the value of the inet
subsystem attribute ipport_userreserved_min
(if you are running DIGITAL UNIX
Version 4.0E or later versions) or 1024 (if you are running a prior version) and the value
of the ipport_userreserved
attribute.
Using the default values, the number of simultaneous outgoing connections is limited to 3976 (5000 minus 1024).
Default value: 5000
Recommended value: If your system requires many outgoing ports, you can increase
the value of the ipport_userreserved
attribute. The maximum value of the ipport_userreserved
attribute is 65000. If your system is a proxy server (for example, a Squid Caching Server
or a firewall system) with a load of more than 4000 simultaneous connections, increase the
value of the ipport_userreserved
attribute to the maximum value of 65000.
If you are running DIGITAL UNIX Version 4.0E or later versions, you can also modify the range of outgoing ports. See Modifying the Range of Outgoing Ports for information.
Note Do not specify a value that is less than 5000 or greater
than 65000 for the |
See Displaying and Modifying Kernel Attribute Values.
Return to Modifying Internet Subsystem Attributes.
When a TCP or UDP application creates an outgoing connection, the kernel dynamically
allocates a nonreserved port number for each connection. The kernel selects the port
number from a range of values between the value of the inet
subsystem
attribute ipport_userreserved_min
(if you are running DIGITAL UNIX Version
4.0E or later versions) or 1024 (if you are running a prior version) and the value of the ipport_userreserved
attribute.
Using the default values, the range of outgoing ports starts at 1024 and stops at 5000.
Default value: 1024 (ipport_userreserved_min
) and 5000 (ipport_userreserved
)
Recommended value: If your system requires outgoing ports from a particular
range, you can modify the values of the inet
subsystem attributes ipport_userreserved_min
and ipport_userreserved
.
The maximum values of the ipport_userreserved_min
and ipport_userreserved
attributes are 65000.
The ipport_userreserved_min attribute is available only on DIGITAL UNIX Version 4.0E or later versions. For systems running previous versions, the starting point for outgoing ports is fixed at 1024.
Note Do not specify a value for the Do not reduce the |
See Displaying and Modifying Kernel Attribute Values.
Return to Modifying Internet Subsystem Attributes.
Packets transmitted between servers are fragmented into units of a specific size
(usually 576-byte units), in order to ease transmission of the data over routers and
small-packet networks, such as Ethernet networks. When the inet
subsystem
attribute pmtu_enabled
is enabled (the default behavior), the system
determines the largest common path maximum transmission unit (PMTU) value between servers
and uses it as the unit size. The system also creates a routing table entry for each
client network that attempts to connect to the server.
On an Internet server that handles local traffic and some remote traffic, enabling the use of a PMTU can improve bandwidth. However, if an Internet server handles traffic among many remote clients, enabling the use of a PMTU can cause an excessive increase in the size of the kernel routing tables, which can reduce server efficiency.
Default value: 1 (enabled)
Recommended value: If an Internet server has poor performance and the routing
table increases to more than 1000 entries, set the value of the pmtu_enabled
attribute to 0 to disable the use of PMTU protocol. Use the netstat -rn
command to display the contents of the routing table.
See Displaying and Modifying Kernel Attribute Values.
Return to Modifying Internet Subsystem Attributes.
For SMP systems, you may be able to reduce lock contention at the IP input queue by increasing the number of queues and distributing the load. The inet subsystem attribute ipqs specifies the number of IP input queues.
The ipqs attribute is available only on DIGITAL UNIX Version 4.0E or later versions.
Default value: 1
Recommended value: For busy Internet server SMP systems, increase the value of the ipqs attribute to 16. The minimum value is 1; the maximum value is 64.
It is recommended that you make the value of the ipqs attribute the same as the value of the inet subsystem attribute tcbhashnum. See Increasing the Number of TCP Hash Tables for information.
See Displaying and Modifying Kernel Attribute Values.
Return to Modifying Internet Subsystem Attributes.
If the IP input queue overflows under a heavy network load, input packets may be dropped.
The inet subsystem attribute ipqmaxlen controls the maximum number of packets that can be on the input queue. If the system drops input packets, you may want to increase the value of the ipqmaxlen attribute.
Check for dropped packets by using dbx to examine the ipintrq kernel structure. For example:
# dbx -k /vmunix (dbx) print ipintrq struct { ifq_head = (nil) ifq_tail = (nil) ifq_len = 0 ifq_maxlen = 512 ifq_drops = 0 . . .
If the ifq_drops field is not zero, increase the value of the ipqmaxlen attribute.
Default value: 512
Recommended value: You may want to increase the value of the ipqmaxlen attribute to 2000. The minimum value is 512; the maximum value is 65535.
The
See Displaying and Modifying Kernel Attribute Values.
Return to Modifying Internet Subsystem Attributes.
You may be able to improve Internet server performance by modifying the values of the following virtual memory (vm) subsystem attributes:
Return to the Table of Contents.
Busy Internet servers usually consume a moderate amount of virtual memory and also use a large set of files. The virtual memory subsystem and the Unified Buffer Cache (UBC), which caches file system data, share the physical memory that is not wired by the kernel.
The vm
subsystem attribute ubc-maxpercent specifies the
percentage of memory allocated to the UBC. Too much memory allocated to the UBC may cause
excessive paging and swapping, which may degrade overall system performance. However, an
insufficient amount of memory allocated to the UBC may degrade file system performance.
Default value: 100 (percent)
Recommended value: Usually, you do not have to adjust the default value of the ubc-maxpercent on a typical Internet server.
If you have a low free page count, you can increase the memory available to processes by reducing the percentage of memory allocated to the UBC. You should attempt to keep in memory the working set of your processes, even if this means increasing the number of UBC misses. Reduce the default value of the ubc-maxpercent attribute in decrements of 10 percent.
If your disks are busy with file system I/O and the system has sufficient free pages, you may want to increase the ubc-maxpercent attribute to the default value (100 percent).
Use the vmstat command to display information about virtual memory, including the free page count. See Displaying Virtual Memory Statistics for information.
See Displaying and Modifying Kernel Attribute Values.
Return to Modifying Virtual Memory Subsystem Attributes.
The vm
subsystem attribute vm-mapentries
specifies the
maximum number of memory-mapped files in a user process, and limits the number of
memory-mapped files available to each process. Each map entry describes one unique
disjoint portion of a virtual address space.
Default value: 200
Recommended value: You may want to increase the value of the vm
subsystem attribute vm-mapentries
for very-large memory systems. Because
Internet servers map files into memory, for busy systems running multithreaded Internet
server software, you may want to increase the value to 20000. This will increase the limit
on file mapping. However, this attribute affects all processes, and increasing its value
will increase the demand for memory.
See Displaying and Modifying Kernel Attribute Values.
Return to the Modifying Virtual Memory Subsystem Attributes.
The vm
subsystem attribute vm-vpagemax
specifies the maximum
number of virtual pages within a process' address space that can be given individual
protection attributes. These protection attributes differ from the protection attributes
associated with the other pages in the address space.
Changing the protection attributes of a single page within a virtual memory region causes all pages within that region to be treated as though they had individual protection attributes. For example, each thread of a multithreaded task has a user stack in the stack region for the process in which it runs. Because multithreaded tasks have guard pages (that is, pages that do not have read/write access) inserted between the user stacks for the threads, all pages in the stack region for the process are treated as though they have individual protection attributes.
Default value: vm-maxvas
attribute (the size of valid virtual
address space in bytes) divided by 8192
Recommended value: If a stack region for a multithreaded task exceeds 16 KB
pages, you may want to increase the value of the vm-vpagemax
attribute For
example, if the value of the vm-maxvas
attribute is 1 GB (the default), set
the value of vm-vpagemax
to 131072 pages (1073741824/8192=131072). This value
improves the efficiency of Internet servers that maintain large tables or resident images.
However, this attribute affects all processes, and increasing its value will increase the
demand for memory.
See Displaying and Modifying Kernel Attribute Values.
Return to Modifying Virtual Memory Subsystem Attributes.
The vm subsystem attribute vm-maxvas specifies the maximum amount of valid virtual address space for a process (that is, the sum of all the valid pages).
Default value: 1073741824 bytes (1 GB)
Recommended value: If you have an Internet, Web, proxy, firewall, or gateway server, increase the value of the vm-maxvas attribute to 10737418240 (10 GB).
See Displaying and Modifying Kernel Attribute Values.
Return to Modifying Virtual Memory Subsystem Attributes.
You may be able to improve your Internet server performance by modifying the values of the following process (proc) subsystem attributes:
The previous attributes set limits on system resources. If your Internet server appears to be hitting resource limits, you may want to increase the value of one or more of these attributes. However, increasing the value of these attributes consumes additional memory resources.
The two primary types of Internet servers are multi-process and multithreaded Internet servers. To tune multi-process Internet servers, such as Netscape Communications Version 1.12, Apache, CERN, and Zeus, you may want to modify the value of the max-proc-per-user attribute.
To tune multithreaded Internet servers, such as Netscape FastTrack or Netscape
Enterprise, you may want to modify the value of the max-threads-per-user
attribute. Also, because multithreaded Internet servers are more likely to use memory
mapped files, you may also want to modify the values of the vm
subsystem
attributes vm-mapentries and vm-vpagemax.
Return to the Table of Contents.
The proc
subsystem attributes maxusers
controls the
allocation of some system resources to the kernel. System algorithms use the maxusers
attribute to size various system data structures and to determine the amount of space
allocated to system tables. For example, the system process table is used to determine the
maximum number of active processes that can be running at one time.
Default value: System dependent
Recommended value: You can increase the value of the maxusers
attribute in order to allocate more system resources for use by the kernel. However,
increasing the value of maxusers
increases the amount of wired memory
consumed by the kernel.
If your system experiences a lack of resources (for example, Out of processes
or No more processes
messages) and you have sufficient memory, increase the
value of the maxusers
attribute.
To determine an appropriate value for the maxusers
attribute, you can
double the value until you improve performance. It is not recommended that you increase
the value of the maxusers
attribute to more than 2048.
For example, if you have up to 1 GB of memory, increase the value of the maxusers
attribute to 512. If you have up to 2 GB, increase the value to 1024. If you have an
Internet, Web, proxy, firewall, or gateway server, increase the value of the maxusers
attribute to 2048.
One systems running DIGITAL UNIX versions 3.2C to 3.2G, the maxusers attribute can only be modified by using the system configuration file.
See Displaying and Modifying Kernel Attribute Values.
Return to Modifying Process Subsystem Attributes.
The proc
subsystem attribute max-proc-per-user
specifies the
maximum number of processes that the system can allocate to each user at one time.
Superuser is not affected by this limit.
Default value: 64
Recommended value: If your system experiences a lack of processes, you may want
to increase the value of the max-proc-per-user
attribute. The value must be
more than the maximum number of processes that will be started by your system. For
Internet servers, these processes include CGI processes.
Note that increasing the value of max-proc-per-user
increases the amount
of wired memory consumed by the kernel.
If you plan to run more than 64 Internet server daemons simultaneously, increase the
value of the max-proc-per-user
attribute value to 512. On a very busy server
with sufficient memory, you can use a higher value. Increasing this value can improve the
performance of multiprocessor Internet servers.
See Displaying and Modifying Kernel Attribute Values.
Return to Modifying Process Subsystem Attributes.
The proc
subsystem attribute max-threads-per-user
specifies
the maximum number of threads that can be allocated to each user at one time. Superuser is
not affected by this limit.
Default value: 256
Recommended value: If your Internet server experiences a lack of threads,
increase the value of the max-threads-per-user
attribute. The value must be
more than the maximum number of threads that will be started by your system. You can
increase the value of the max-threads-per-user
attribute to 512. On a very
busy server with sufficient memory, you can use a higher value, such as 4096. Increasing
this value can improve the performance of multithreaded Internet servers.
Note that increasing the value of max-threads-per-user
increases the
amount of wired memory consumed by the kernel.
See Displaying and Modifying Kernel Attribute Values.
Return to Modifying Process Subsystem Attributes.
The proc subsystem attribute max-per-proc-data-size controls the maximum size of a user process data segment.
Default value: 1073741824 bytes (1 GB)
Recommended value: If you have an Internet server, increase the value of the max-per-proc-data-size attribute to 10737418240 (10 GB).
See Displaying and Modifying Kernel Attribute Values.
Return to Modifying Process Subsystem Attributes.
The proc subsystem attribute max-per-proc-address-space controls the maximum amount of user process address space, which is the maximum number of valid virtual regions.
Default value: 1073741824 bytes (1 GB)
Recommended value: If you have an Internet server, increase the value of the max-per-proc-address-space attribute to 10737418240 (10 GB).
See Displaying and Modifying Kernel Attribute Values.
Return to Modifying Process Subsystem Attributes.
You can display and modify the values of the kernel attributes that can improve Internet server performance. However, not all versions of DIGITAL UNIX support the attributes described in this document, and some versions require operating system patches. See Installing Operating System Patches for information about which versions of DIGITAL UNIX support these attributes or require patches.
You can use the dxkerneltuner graphical user interface (GUI), the sysconfig command, or the sysconfigdb command to display and modify attribute values. However, some older versions of DIGITAL UNIX restrict the methods that you can use to modify and display attributes. In some cases, you must use dbx to display and modify kernel variables.
The Kernel Attribute Support Table provides the following information about the conditions under which different versions of DIGITAL UNIX support the attributes described in this document:
Kernel Attribute Support Table
Attribute | Version 3.2C, 3.2D, 3.2E, or 3.2F | Version 3.2G | Version 4.0 | Version 4.0A, 4.0B, or 4.0C | Version 4.0D | Version 4.0E |
---|---|---|---|---|---|---|
somaxconn | * | * | * | * | * | * |
sominconn | Internet server or ping fix patch | * | * | * | * | * |
sb_max | Internet server or ping fix patch | * | * | * | * | * |
sbcompress_threshold | - | - | - | Must use dbx | Must use dbx | * |
sobacklog_hiwat | - | - | - | Network patch or must use dbx | * | * |
sobacklog_drops | - | - | - | Network patch or must use dbx | * | * |
somaxconn_drops | - | - | - | Network patch or must use dbx | * | * |
tcbhashsize | Internet server or ping fix patch | * | * | * | * | * |
tcbhashnum | - | - | - | - | - | * |
inifaddr_hsize | Internet server or ping fix patch | * | * | * | * | * |
tcp_keepinit | Internet server or ping fix patch | * | * | * | * | * |
tcp_rexmit_interval_min | - | - | - | Network patch or must use dbx | * | * |
tcp_msl | Internet server or ping fix patch | * | - | * | * | * |
ipport_userreserved | Internet server or ping fix patch and must use dbx | Internet server or ping fix patch and must use dbx | - | Network patch or must use dbx | * | * |
ipport_userreserved_min | - | - | - | - | - | * |
pmtu_enabled | - | - | * | * | * | * |
tcp_keepalive_default | - | - | - | Network patch | * | * |
ipqs | - | - | - | - | - | * |
ipqmaxlen | - | - | - | - | - | * |
ubc-maxpercent | * | * | * | * | * | * |
vm-mapentries | * | * | * | * | * | * |
vm-vpagemax | * | * | * | * | * | * |
maxusers | Must display with dbx and modify in the system configuration file | Must display with dbx and modify in the system configuration file | * | * | * | * |
max-proc-per-user | * | * | * | * | * | * |
max-threads-per-user | * | * | * | * | * | * |
In addition, you can use the methods described in Testing Attribute Support to determine if your version of DIGITAL UNIX support a particular attribute.
The following sections contain information about the following:
Return to the Table of Contents.
To determine if your version of DIGITAL UNIX supports an attribute, use one of the following methods:
If you do not specify an attribute, the system displays all the subsystem attributes that can be modified with the sysconfig or sysconfigdb command. If the subsystem is not configured, the operating system displays a message similar to the following:
framework error: subsystem 'inet' not found
If you specify an attribute, only information about that attribute is displayed. For example:
# sysconfig -q inet tcbhashsize inet: tcbhashsize = 32
If the attribute is not supported or if it cannot be accessed by using sysconfig, the operating system displays a message similar to the following:
inet: tcbhashsize = unknown attribute
# dbx -k /vmunix dbx version 3.11.10 Type 'help' for help. stopped at [thread_block:2097,0xfffffc00002a7a10] Source not available warning: Files compiled -g3: parameter values probably wrong (dbx) p tcp_keepalive_default "tcp_keepalive_default" is not defined or not active (dbx)
See the sysconfig.8 and dbx.8 reference pages for more information about using these commands.
Return to the Table of Contents.
There are various methods you can use to display attribute values. The method you use depends on the version of DIGITAL UNIX you are running, as specified in the Kernel Attribute Support Table.
Use the following methods to display attribute values:
If you specify an attribute, only information about that attribute is displayed. For example:
# sysconfig -q vm ubc-maxpercent vm: ubc-maxpercent = 100
If you specify an attribute, only information about that attribute is displayed. For example:
# sysconfig -Q proc maxusers proc: maxusers - type=INT op=CQ min_val=8 max_val=4096
dbx p attribute
For example:
# dbx -k /vmunix dbx version 3.11.10 Type 'help' for help. stopped at [thread_block:2097,0xfffffc00002a7a10] Source not available warning: Files compiled -g3: parameter values probably wrong (dbx) p ipport_userreserved 5000 (dbx)
See the dxkerneltuner.8X, sysconfig.8, sysconfigdb.8, and dbx.8 reference pages for information about using the GUI and commands.
Return to the Table of Contents.
The /etc/sysconfigtab subsystem attribute database file contains modifications to the default attribute values. There are various methods you can use to modify attribute values. The method you use depends on the version of DIGITAL UNIX you are running, as specified in the Kernel Attribute Support Table, and whether you want to temporarily or permanently modify an attribute.
Note Use either the Kernel Tuner (dxkerneltuner), the sysconfig -r command, or the sysconfigdb command to modify attribute values in the sysconfigtab file. Do not manually modify the file. |
Return to the Table of Contents.
You may be able to temporarily modify an attribute by changing only its current (runtime) value. This allows you to determine if modifying an attribute will improve your system performance. Not all attributes are runtime tunable.
Temporary modifications are lost when you reboot the system.
To modify an attribute's current (runtime) value, use one of the following methods:
sysconfig -r subsystem attribute=value
For example:
# sysconfig -r inet tcp_keepinit=30 tcp_keepinit: reconfigured
dbx patch attribute=value
For example:
# dbx -k /vmunix dbx version 3.11.10 Type 'help' for help. stopped at [thread_block:2097,0xfffffc00002a7a10] Source not available warning: Files compiled -g3: parameter values probably wrong (dbx) patch ipport_userreserved=60000 60000 (dbx)
However, modifications made with the dbx patch command are lost when you rebuild the kernel.
In addition, you can use the dbx assign command to
temporarily modify the current (runtime) value of an attribute, as well as the on-disk /vmunix
image value. This modification will be lost when you reboot the kernel.
See the dxkerneltuner.8X, sysconfig.8, and dbx.8 reference pages for information about using the GUI and commands.
Return to the Table of Contents.
To modify an attribute's permanent (boottime) value, use one of the following methods:
sysconfigdb -a -f stanza_file subsystem
The stanza_file is a specially-formatted file that contains the name of the subsystem and a list of attributes and their values. This file is merged into the sysconfigtab file. See the stanza.4 reference page for information on creating a stanza-formatted file. To use the new attribute value, you must invoke the sysconfig -r command or reboot the system.
See the dxkerneltuner.8X and sysconfigdb.8 reference pages for information about using the GUI and command. See the System Administration manual for information about modifying the system configuration file.
Return to the Table of Contents.
You can use various methods to monitor the behavior of your Internet server and to diagnose performance problems:
This command displays a list of active sockets for each network protocol, information about network routes, and cumulative statistics for network interfaces, including the number of incoming and outgoing packets and the number of packet collisions. The netstat command also displays information about memory used for network operations. See Displaying Network Statistics for more information about monitoring the network.
This command displays information about process threads, virtual memory usage (page lists, page faults, pageins, and pageouts), interrupts, and CPU usage (percentages of user, system and idle times). The vmstat command first reports statistics since boottime; subsequent reports are the statistics since a specified interval of time. See Displaying Virtual Memory Statistics for information about monitoring the virtual memory subsystem and paging and swapping activity.
The socket subsystem attributes sobacklog_hiwat, sobacklog_drops, and somaxconn_drops track events related to socket listen queues. By monitoring these attributes, you can determine if the queues are overflowing. See Displaying Socket Statistics for more information on the event counters.
Return to the Table of Contents.
The netstat command displays network statistics, including information about network routes and active sockets for each protocol. The command also displays cumulative statistics for network interfaces, including the number of incoming and outgoing packets and packet collisions, information about memory used for network operations, and statistics related to IP, ICMP, TCP, and UDP protocol layers. You can use the netstat command to identify problems by looking for large numbers of bad checksums, retransmissions, and error packets.
Some problems to look for are as follows:
mbuf
clusters.
Use this command to determine if the network is using an excessive amount of memory in
proportion to the total amount of memory installed in the system. If the netstat
-m command shows several requests for memory (mbuf
) clusters
delayed or denied, this means that your system was temporarily short of physical memory. The
following example is from a firewall server with 128 MB memory that does not have mbuf
cluster compression enabled:
# netstat -m 2521 Kbytes for small data mbufs (peak usage 9462 Kbytes) 78262 Kbytes for mbuf clusters (peak usage 97924 Kbytes) 8730 Kbytes for sockets (peak usage 14120 Kbytes) 9202 Kbytes for protocol control blocks (peak usage 14551 2 Kbytes for routing table (peak usage 2 Kbytes) 2 Kbytes for socket names (peak usage 4 Kbytes) 4 Kbytes for packet headers (peak usage 32 Kbytes) 39773 requests for mbufs denied 0 calls to protocol drain routines 98727 Kbytes allocated to network
The previous example shows 39773 requests for memory were denied. This indicates a
problem because this value should be 0. The example also shows that 78 MB of memory has
been assigned to mbuf
clusters, and that 98 MB of memory is being consumed by
the network subsystem.
If you increase the value of the socket subsystem attribute sbcompress_threshold
to 600, the memory allocated to the network subsystem immediately decreases to 18 MB,
because compression at the kernel socket buffer interface results in a more efficient use
of memory. See Enabling mbuf
Cluster
Clustering.
# netstat -an | grep tcp | awk '{print $6}' | sort | uniq -c 1 CLOSE_WAIT 58 ESTABLISHED 2 FIN_WAIT_1 3 FIN_WAIT_2 17 LISTEN 1 SYN_RCVD 15749 TIME_WAIT #
For Internet servers, the majority of connections usually are in a TIME_WAIT
state. Note that there are almost 16,000 sockets being used, which requires 16 MB of
memory. See Configuring Memory for High Performance for more
information.
See the netstat.8 reference page for more information.
Return to the Table of Contents.
The vmstat command provides data on virtual memory usage. This may help you determine if a system is paging excessively, which can degrade Internet server performance. For example:
# vmstat 1 Virtual Memory Statistics: (pagesize = 8192) procs memory pages intr cpu r w u act free wire fault cow zero react pin pout in sy cs us sy id 2 66 25 6417 3497 1570 155K 38K 50K 0 46K 0 4 290 165 0 2 98 4 65 24 6421 3493 1570 120 9 81 0 8 0 585 865 335 37 16 48 2 66 25 6421 3493 1570 69 0 69 0 0 0 570 968 368 8 22 69 4 65 24 6421 3493 1570 69 0 69 0 0 0 554 768 370 2 14 84 4 65 24 6421 3493 1570 69 0 69 0 0 0 865 1K 404 4 20 76 . . .
Check the size of the free page list (free). Compare the number of free pages to the values for the active pages (act) and the wired pages (wire). The sum of the free, active, and wired pages should be close to the amount of physical memory in your system. Although the value for free should be small, if the value is consistently small (less than 128 pages) and accompanied by excessive paging and swapping, you may have a physical memory shortage.
Also, examine the pageout (pout) field. If the number of pageouts is consistently high, you may have insufficient memory. You also may have insufficient swap space or your swap space may be configured inefficiently. Use the swapon -s command to display your swap device configuration, and use the iostat command to determine which swap disk is being used the most.
See the vmstat.8, swapon.8, and iostat.8 reference pages for more information.
Return to the Table of Contents.
Three socket subsystem attributes monitor socket listen queue events:
somaxconn
attribute). The initial value of these attributes at boottime is 0. Use the sysconfig
-q socket
command to display the current attribute values. If the values
show that the queues are overflowing, you may need to increase the socket listen queue
limit.
It is recommended that the value of the sominconn
attribute equal the
value of the somaxconn
attribute. If so, the value of somaxconn_drops
will have the same value as sobacklog_drops
.
However, if the value of the sominconn
attribute is 0 (the default), and
if one or more server applications uses an inadequate value for the backlog argument to
its listen
system call, the value of sobacklog_drops
may
increase at a rate that is faster than the rate at which the somaxconn_drops
counter increases. If this occurs, you may want to increase the value of the sominconn
attribute. See Increasing the Minimum Number of Pending TCP
Connections for information.
Return to the Table of Contents.
This section contains information that you can use to identify and solve Internet server performance problems. These recommendations were developed from experience with Internet servers and have succeeded in improving performance.
If you have encountered performance issues and successfully applied a solution, we would like to hear from you. Please send your suggestions to ias-support@digital.com.
The following tasks can help you to solve performance problems:
See Monitoring Internet Servers for information about monitoring the network, the virtual memory subsystem, and network socket statistics.
See the Recommended Patch Table for information about operating system patches that can improve performance.
See Primary Internet Server Tuning Recommendations for a list of attributes that can be tuned to improve performance.
See Using the sys_check Tool for information about using sys_check to diagnose performance problems, gather system statistics, and provide kernel attribute tuning recommendations.
See Preventing Web Page Request Denials on Netscape Enterprise Servers for more information.
Return to the Table of Contents.
This section provides information about the Internet server tuning recommendations that provide the best performance improvement and are applicable to most configurations. The recommendations include the attribute value and a reference to additional information.
The primary recommendations for Internet servers, which include Web servers, proxy servers, gateway systems, and firewall systems are as follows:
Tune the following socket subsystem attributes:
Tune the following inet subsystem attributes:
Tune the following vm subsystem attributes:
Tune the following proc subsystem attributes:
For only proxy servers, gateway systems, and firewall systems, apply the following recommendations in addition to the previous recommendations:
Tune the following socket subsystem attribute:
Tune the following inet subsystem attribute:
See Displaying and Modifying Kernel Attribute Values for information about displaying the current, maximum, and minimum values and for information about modifying attributes.
Return to the Table of Contents.
The sys_check tool is a ksh script that gathers performance information for a DIGITAL UNIX configuration and formats this information into an HTML file. Use sys_check to check your configuration and attribute settings. The tool provides warnings and attribute tuning recommendations if necessary.
To obtain the sys_check script, call your customer service representative or access the following location:
ftp://ftp.digital.com/pub/DEC/IAS/sys_check/sys_check.html.
This FTP directory also contains the sys_check.html file, which contains information about using sys_check features. Be sure you are using the latest version of sys_check.html.
Return to the Table of Contents.
After several hours of use, Netscape Enterprise Server users may receive "forbidden" messages in response to Web page requests. In addition, the errors file may contain a "URL could not load" message, where URL specifies the location of the requested page.
If this occurs, the system may have used all of its available memory-mapped files because the value of the vm-mapentries attribute is set too low. See Increasing the Maximum Number of Memory-Mapped Files for more information.
Return to the Table of Contents.
Member of the Internet Link Exchange | Free Home Pages at GeoCities |