sysctl.conf optimal openvz values for proxy?

[ICPH]

Hello, im having OpenVZ VPS on my dedicated server and on the VPS im trying to run proxy using SSH socks, Dante, shadowsocks. Currently using shadowsocks. But no amtter which proxy im using, when i turn on torrent client on my home PC, proxy fails for couple of minutes to work (proxy data). Like it is overloaded or something, even websites do not load in my proxiffied home PC web browser.


So i read my proxy provider (shadowproxy) tutorial on which values i need to add into sysctl.conf:

fs.file-max = 51200


net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.netdev_max_backlog = 250000
net.core.somaxconn = 4096


net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_fastopen = 3
net.ipv4.tcp_mem = 25600 51200 102400
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
net.ipv4.tcp_mtu_probing = 1
net.ipv4.tcp_congestion_control = hybla

So i tried, but as im on OpenVZ, im getting permissions denied on following:

¨error: permission denied on key 'fs.file-max'
error: permission denied on key 'net.core.rmem_max'
error: permission denied on key 'net.core.wmem_max'
error: permission denied on key 'net.core.netdev_max_backlog'
net.core.somaxconn = 4096
error: permission denied on key 'net.ipv4.tcp_tw_reuse'
error: permission denied on key 'net.ipv4.tcp_tw_recycle'
error: permission denied on key 'net.ipv4.tcp_fin_timeout'
error: permission denied on key 'net.ipv4.tcp_keepalive_time'
error: permission denied on key 'net.ipv4.ip_local_port_range'
error: permission denied on key 'net.ipv4.tcp_max_syn_backlog'
error: permission denied on key 'net.ipv4.tcp_max_tw_buckets'
error: permission denied on key 'net.ipv4.tcp_mem'
error: permission denied on key 'net.ipv4.tcp_rmem'
error: permission denied on key 'net.ipv4.tcp_wmem'
error: permission denied on key 'net.ipv4.tcp_mtu_probing'
error: permission denied on key 'net.ipv4.tcp_congestion_control'

So i taken a look on my dedicated host openvz server:


cat /etc/sysctl.conf|grep =|grep -v "#"
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 1
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 0
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.ip_conntrack_max=32760
net.ipv4.conf.default.proxy_arp=0
net.ipv4.conf.default.send_redirects=1
net.ipv4.conf.all.send_redirects=0
vm.swappiness = 10
net.netfilter.nf_conntrack_tcp_timeout_established=600


on the VPS it looks like this:

cat /etc/sysctl.conf|grep =|grep -v "#"


net.ipv4.ip_forward = 1
net.ipv4.tcp_syncookies = 1
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 86400

(without newly added lines suggested by by the proxy developer)


ULIMIT -a


# ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 191532
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 10240
cpu time               (seconds, -t) unlimited
max user processes              (-u) 191532
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited


lsof|wc -l


6539


# sysctl fs.file-nr
fs.file-nr = 1200       0       2451492


So i wanted to ask if you can suggest what should i do to increase my VPS performance to be able to handle all connections and make proxy not stop responding? I can tweak both host and guest values. Or if you want me to do any linux command to get better picture, let me know i will execute.


cat /proc/user_beancounters


only failcnt value is privvmpages, rest zero failcnt

# cat /proc/user_beancounters|grep num
            numproc                       101                  324                 5000                 5000                    0
            numtcpsock                     25                  648                40000                40000                    0
            numflock                        9                  162                 5000                 5000                    0
            numpty                          2                    3                 2500                 2500                    0
            numsiginfo                      1                   87                 5000                 5000                    0
            numothersock                  252                  774                40000                40000                    0
            numfile                      1399                 7730               120000               120000                    0
            numiptent                      26                  179                 5000                 5000                    0

Thank you alot

 

[TheLinuxBug]

sysctl configurations do not work on OpenVZ as it is not true virtualization, it is a container with a chrooted environment.  As such, all of these configurations are handled by the kernel on the hostnode, making changes inside your openvz vps is not possible because you have no kernel access.  If you want to be able to tweak the speed and use the settings you are trying to use, get a KVM vps, and then I would suggest this article for tuning.


my 2 cents.


Cheers!

 

[ICPH]

you have no kernel access.

in this case i do have access also to the host server (physical openvz server). How should i tweak the configuration please?