TCP 堆栈调整

我有几个 Oracle Linux 6 系统作为系统日志远程接收器。我非常确定 TCP 堆栈已过载，并且我一直在尝试对其进行调整。但是，我的谷歌搜索已经结束，我不知道下一步该尝试什么。我已经浏览过这些网站

• https://www.cyberciti.biz/faq/linux-tcp-tuning/
• http://veithen.github.io/2014/01/01/how-tcp-backlog-works-in-linux.html
• https://www.cyberciti.biz/files/linux-kernel/Documentation/networking/ip-sysctl.txt

还伴随着一堆无用的东西。这是迄今为止我尝试过的调整：

net.core.wmem_max = 12582912
net.core.rmem_max = 12582912
net.core.netdev_max_backlog = 5000
net.ipv4.tcp_rmem = 10240 87380 12582912
net.ipv4.tcp_wmem = 10240 87380 12582912
net.ipv4.tcp_max_syn_backlog = 2048

而且，我仍然会收到未应答的数据包。（来源是一个仅发送零长度数据包的测试应用程序。）

2017-12-12 15:25:41.053937 IP SENDER.34394 > RECEIVER.514: Flags [S], seq 1418245921, win 18352, options [mss 9176,sackOK,TS val 1117377413 ecr 0,nop,wscale 7], length 0
2017-12-12 15:25:42.053458 IP SENDER.34394 > RECEIVER.514: Flags [S], seq 1418245921, win 18352, options [mss 9176,sackOK,TS val 1117378413 ecr 0,nop,wscale 7], length 0
2017-12-12 15:25:44.053578 IP SENDER.34394 > RECEIVER.514: Flags [S], seq 1418245921, win 18352, options [mss 9176,sackOK,TS val 1117380413 ecr 0,nop,wscale 7], length 0
2017-12-12 15:25:48.053582 IP SENDER.34394 > RECEIVER.514: Flags [S], seq 1418245921, win 18352, options [mss 9176,sackOK,TS val 1117384413 ecr 0,nop,wscale 7], length 0
2017-12-12 15:25:56.053803 IP SENDER.34394 > RECEIVER.514: Flags [S], seq 1418245921, win 18352, options [mss 9176,sackOK,TS val 1117392413 ecr 0,nop,wscale 7], length 0
2017-12-12 15:26:12.055312 IP SENDER.34394 > RECEIVER.514: Flags [S], seq 4104732283, win 18352, options [mss 9176,sackOK,TS val 1117408413 ecr 0,nop,wscale 7], length 0

而且，如果我的接收器确实应答了传入请求，则在 RST 连接之前，它似乎会多次尝试忽略测试 FIN 标志：

2017-12-12 15:25:55.632684 IP SENDER.56008 > RECEIVER.514: Flags [S], seq 3551538126, win 18352, options [mss 9176,sackOK,TS val 1117391991 ecr 0,nop,wscale 7], length 0
2017-12-12 15:25:56.632380 IP SENDER.56008 > RECEIVER.514: Flags [S], seq 3551538126, win 18352, options [mss 9176,sackOK,TS val 1117392991 ecr 0,nop,wscale 7], length 0
2017-12-12 15:25:58.631714 IP SENDER.56008 > RECEIVER.514: Flags [S], seq 3551538126, win 18352, options [mss 9176,sackOK,TS val 1117394991 ecr 0,nop,wscale 7], length 0
2017-12-12 15:26:02.632298 IP SENDER.56008 > RECEIVER.514: Flags [S], seq 3551538126, win 18352, options [mss 9176,sackOK,TS val 1117398991 ecr 0,nop,wscale 7], length 0
2017-12-12 15:26:10.632477 IP SENDER.56008 > RECEIVER.514: Flags [S], seq 3551538126, win 18352, options [mss 9176,sackOK,TS val 1117406991 ecr 0,nop,wscale 7], length 0
2017-12-12 15:26:10.632517 IP RECEIVER.514 > SENDER.56008: Flags [S.], seq 1010914189, ack 3551538127, win 14480, options [mss 1460,sackOK,TS val 1002368883 ecr 1117406991,nop,wscale 8], length 0
2017-12-12 15:26:10.632983 IP SENDER.56008 > RECEIVER.514: Flags [.], ack 1, win 144, options [nop,nop,TS val 1117406991 ecr 1002368883], length 0
2017-12-12 15:26:10.664428 IP SENDER.56008 > RECEIVER.514: Flags [F.], seq 1, ack 1, win 144, options [nop,nop,TS val 1117407023 ecr 1002368883], length 0
2017-12-12 15:26:10.865080 IP SENDER.56008 > RECEIVER.514: Flags [F.], seq 1, ack 1, win 144, options [nop,nop,TS val 1117407224 ecr 1002368883], length 0
2017-12-12 15:26:11.267436 IP SENDER.56008 > RECEIVER.514: Flags [F.], seq 1, ack 1, win 144, options [nop,nop,TS val 1117407626 ecr 1002368883], length 0
2017-12-12 15:26:11.772951 IP RECEIVER.514 > SENDER.56008: Flags [S.], seq 1010914189, ack 3551538127, win 14480, options [mss 1460,sackOK,TS val 1002370024 ecr 1117407626,nop,wscale 8], length 0
2017-12-12 15:26:11.773690 IP SENDER.56008 > RECEIVER.514: Flags [.], ack 1, win 144, options [nop,nop,TS val 1117408132 ecr 1002368883], length 0
2017-12-12 15:26:12.071025 IP SENDER.56008 > RECEIVER.514: Flags [F.], seq 1, ack 1, win 144, options [nop,nop,TS val 1117408430 ecr 1002368883], length 0
2017-12-12 15:26:13.679547 IP SENDER.56008 > RECEIVER.514: Flags [F.], seq 1, ack 1, win 144, options [nop,nop,TS val 1117410038 ecr 1002368883], length 0
2017-12-12 15:26:13.772915 IP RECEIVER.514 > SENDER.56008: Flags [S.], seq 1010914189, ack 3551538127, win 14480, options [mss 1460,sackOK,TS val 1002372024 ecr 1117410038,nop,wscale 8], length 0
2017-12-12 15:26:13.773784 IP SENDER.56008 > RECEIVER.514: Flags [.], ack 1, win 144, options [nop,nop,TS val 1117410132 ecr 1002368883], length 0
2017-12-12 15:26:16.895194 IP SENDER.56008 > RECEIVER.514: Flags [F.], seq 1, ack 1, win 144, options [nop,nop,TS val 1117413254 ecr 1002368883], length 0
2017-12-12 15:26:23.327789 IP SENDER.56008 > RECEIVER.514: Flags [F.], seq 1, ack 1, win 144, options [nop,nop,TS val 1117419686 ecr 1002368883], length 0
2017-12-12 15:26:23.327833 IP RECEIVER.514 > SENDER.56008: Flags [R], seq 1010914190, win 0, length 0

所以，我认为我仍然积压，因为我的 TCP 堆栈没有像应有的那样快速地处理所有传入的数据包。但是，如果没有更好的文档参考和更好地理解 TCP 堆栈设置如何相互交互，我不想开始搞乱进一步的设置。

为了加分，还有人有比netstat -i实时跟踪 TCP 堆栈更好的实用程序吗？

更新：

• 这些主机不是负载平衡的，但我确实有 keepalived 运行虚拟 IP 地址，因此如果主系统死机，我会进行一些故障转移。
• 这些主机是 VMware 之上的 OL6 VM。