Moderate TCP Tuning in Linux for Web Servers

Most of the useful TCP Tuning settings are already included in current Linux Kernels but if you are unsure or are using an older Linux Kernel you can set those Values explicitly.

Better TCP Slow Start

Most of the Time TCP has a init CWND Size of 3 (Linux above 3.0 has initcwnd 10). What this means is that after the SYN ACK Handshake & Request of the Client the Server can instantly send 3 TCP Data Packets which would be about 1400*3 Bytes. In case of a initcwnd of 10 – 10*1400 Bytes can be sent instantly before receiving a ACK from the Client. This would probably include a whole HTML Page and reduce the round trips needed to get the Content to the Client
Lets set these Values with iproute2:

ip route change default via 10.5.8.1 dev eth0 initcwnd 10

Or if you want to set it permanently you can put it in your /etc/network/interfaces config (for debian)
iface eth0 inet static
address 10.5.8.3
netmask 255.255.255.0
network 10.5.8.0
broadcast 10.5.8.255
gateway 10.5.8.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 8.8.8.8
dns-search example.com
up ip route change default via 10.5.8.1 dev eth0 initcwnd 10

adapt it to your default gateway accordingly of course.

tcp_slow_start_after_idle

Another Function of the TCP Slow Start (which saved the Internet ca. 1990) is to increase the Window Size when no Packet Loss occurs. e.g. after 5 Round trips the Window Size would be increased from 10 to 20 and so on.
But the bold Option above would reset this value as soon as the connection is idle for 3 Seconds, which would be a bit sad for keep alive as an already working connection would be reset to the “slow” starting state.

Add this line in your /etc/sysctl.conf file to disable Slow Start Reset in your Server:

net.ipv4.tcp_slow_start_after_idle=0

Firewalls, etc

Of course you have to set these Options on those Servers that are receiving the Connections of your Users. E.g. Your Reverse Proxy or Firewall.

35 thoughts on “Moderate TCP Tuning in Linux for Web Servers

Comments are closed.