IBM REDP-4285-00 User Manual

Page of 170
4285ch04.fm
Draft Document for Review May 4, 2007 11:35 am
104
 
Linux Performance and Tuning Guidelines
#       disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
SELINUXTYPE=targeted
If you decide to use SELinux with your Linux-based server, its settings can be tweaked to 
better accommodate your environment. On a running system, check whether the working set 
of the cached Linux Security Modules (LSM) permissions exceeds the default Access Vector 
Cache (AVC) size of 512 entries.
Check /selinux/avc/hash_stats for the length of the longest chain. Anything over 10 signals 
a likely bottleneck.
If the system experiences a bottleneck in the Access Vector Cache (for example, on a heavily 
loaded firewall), try to resize /selinux/avc/cache_threshold to a slightly higher value and 
recheck the hash stats. 
4.2.5  Compiling the kernel
Creating and compiling your own kernel has far less of an impact on improving system 
performance than often thought. Modern kernels shipped with most Linux distributions are 
modular—they load only the parts that are used. Recompiling the kernel can decrease kernel 
size and its overall behavior (for example, real-time behavior). Changing certain parameters 
in the source code might also yield some system performance. However, non-standard 
kernels are not covered in the support subscription that is provided with most Enterprise 
Linux distributions. Additionally, the extensive ISV application and IBM hardware certifications 
that are provided for Enterprise Linux distributions are nullified if a non-standard kernel is 
used.
Having said that, performance improvements can be gained with a custom-made kernel, but 
they hardly justify the challenges you face running an unsupported kernel in an enterprise 
environment. While this is true for commercial workloads, if scientific workloads such as high 
performance computing are your area of interest, custom kernels might nevertheless be of 
interest to you.
Also do not attempt to use special compiler flags such as -C09 when recompiling the kernel. 
The source code for the Linux kernel has been hand-tuned to match the GNU C compiler. 
Using special compiler flags might at best decrease the kernel performance and at worst 
break the code.
Keep in mind that unless you really know what you are doing, you might actually decrease 
system performance due to wrong kernel parameters. 
4.3  Changing kernel parameters
Although modifying and recompiling the kernel source code is not recommended for most 
users, the Linux kernel features yet another means of tweaking kernel parameters. The proc 
Tip: To check for usage statistics of the access vector cache you may alternatively use the 
avcstat
 utility.