SinYu Network 新语网络 --

2012年服务器更新

xiaoyu — Mon, 14 May 2012 16:29:54 +0000

为了支持用户更好的技术要求和专业服务. 我们始终根据技术发展，坚持维护更新服务器软硬件. 尽可能完美我们的服务.

因安全原因，我们仅列出部分更新内容.

在2012年05月我们更新了服务器以下主要配置：

1. MySQL 数据库升级到 5.5.24 x64

2.phpMyAdmin 升级到 3.5.1

3. PHP 升级到 5.4.3

在2010年2月我们更新了服务器以下主要配置：

1. MySQL 数据库升级到 5.1.43 2010.2.25

2. php 升级到了 5.2.13 2010.2.27

在2010年3月我们更新了服务器以下主要配置：

1. MySQL 数据库升级到 5.1.44 2010.3.14

在2010年4月我们更新了服务器以下主要配置：

1. MySQL 数据库升级到 5.1.45 2010.4.10

2. phpMyAdmin 升级到 3.3.2-rc1 2010.4.10

3. MySQL 数据库升级到 5.1.46 2010.4.25

在2010年5月我们更新了服务器以下主要配置：

1. phpMyAdmin 升级到 3.3.3

2. MySQL 数据库升级到 5.1.47

在2010年6月我们更新了服务器以下主要配置：

1. MySQL 数据库升级到 5.1.48

2.phpMyAdmin 升级到 3.3.4

在2010年7月我们更新了服务器以下主要配置：

1. 服务器安装配置了.NET 4.0 版本
2. 更新了FASTCGI到最新版本
3. 更新WINCACH到最新版本

4. 开始使用PHP5.3版本 PHP5.3.3

5. MySQL 数据库升级到 5.1.49

6. phpMyAdmin 升级到 3.3.5

在2010年9月我们更新了服务器以下主要配置：

1. MySQL 数据库升级到 5.1.50

2. phpMyAdmin 升级到 3.3.7

在2010年10月我们更新了服务器以下主要配置：

1. MySQL 数据库升级到 5.1.51

2. phpMyAdmin 升级到 3.3.8

在2010年11月我们更新了服务器以下主要配置：

1. MySQL 数据库升级到 5.1.52

在2010年12月我们更新了服务器以下主要配置：

1. MySQL 数据库升级到 5.1.53

2. php 升级到 PHP5.3.4

3. 增加 iirf url Rewrite 此功能仍在观察使用中..

4. MySQL 数据库升级到 5.1.54 逐步考虑升级到v5.5.x版本.

在2011年2月我们更新了服务器以下主要配置：

1.php 升级到 PHP5.3.5

2. phpMyAdmin 升级到 3.3.9

在2011年3月我们更新了服务器以下主要配置：

1. MySQL 数据库升级到 5.1.56

2. php 升级到 PHP5.3.6

在2011年7月我们更新了服务器以下主要配置：

1. MySQL 数据库升级到 5.1.58

2. phpMyAdmin 升级到 3.4.3.2

在2011年11月我们更新了服务器以下主要配置：

1. MySQL 数据库升级到 5.1.59

2. phpMyAdmin 升级到 3.4.7

在2011年12月我们更新了服务器以下主要配置：

1. MySQL 数据库升级到 5.1.60

2. phpMyAdmin 升级到 3.4.9

在2012年01月我们更新了服务器以下主要配置：

1. PHP 升级到 5.3.9

2.MySQL 数据库升级到 5.1.61

在2012年03月我们更新了服务器以下主要配置：

1. PHP 升级到 5.4.0

2.MySQL 数据库升级到 5.5.21 x64

3. 服务器全部更新软硬件全部更换. 服务器性能将有大的改善提高.

4. 增加可选项PHP5.3.10 x64版本支持即服务器可同时支持多个PHP版本

5. 增加RAM Disk 以内存作为硬盘服务器存储. 执行速度大为改善.

在2012年04月我们更新了服务器以下主要配置：

1. MySQL 数据库升级到 5.5.22 x64

2.phpMyAdmin 升级到 3.5

3. PHP 升级到 5.4.0 x64

Dig command

xiaoyu — Wed, 18 Apr 2012 19:09:32 +0000

Usage: dig [@global-server] [domain] [q-type] [q-class] {q-opt}
{global-d-opt} host [@local-server] {local-d-opt}
[ host [@local-server] {local-d-opt} [...]]
Where: domain is in the Domain Name System
q-class is one of (in,hs,ch,…) [default: in]
q-type is one of (a,any,mx,ns,soa,hinfo,axfr,txt,…) [default:a]
(Use ixfr=version for type ixfr)

q-opt is one of:
-x dot-notation (shortcut for reverse lookups)
-i (use IP6.INT for IPv6 reverse lookups)
-f filename (batch mode)
-b address[#port] (bind to source address/port)
-p port (specify port number)
-q name (specify query name)
-t type (specify query type)
-c class (specify query class)
-k keyfile (specify tsig key file)
-y [hmac:]name:key (specify named base64 tsig key)
-4 (use IPv4 query transport only)
-6 (use IPv6 query transport only)
-m (enable memory usage debugging)
d-opt is of the form +keyword[=value], where keyword is:
+[no]vc (TCP mode)
+[no]tcp (TCP mode, alternate syntax)
+time=### (Set query timeout) [5]
+tries=### (Set number of UDP attempts) [3]
+retry=### (Set number of UDP retries) [2]
+domain=### (Set default domainname)
+bufsize=### (Set EDNS0 Max UDP packet size)
+ndots=### (Set NDOTS value)
+edns=### (Set EDNS version)
+[no]search (Set whether to use searchlist)
+[no]showsearch (Search with intermediate results)
+[no]defname (Ditto)
+[no]recurse (Recursive mode)
+[no]ignore (Don’t revert to TCP for TC responses.)
+[no]fail (Don’t try next server on SERVFAIL)
+[no]besteffort (Try to parse even illegal messages)
+[no]aaonly (Set AA flag in query (+[no]aaflag))
+[no]adflag (Set AD flag in query)
+[no]cdflag (Set CD flag in query)
+[no]cl (Control display of class in records)
+[no]cmd (Control display of command line)
+[no]comments (Control display of comment lines)
+[no]question (Control display of question)
+[no]answer (Control display of answer)
+[no]authority (Control display of authority)
+[no]additional (Control display of additional)
+[no]stats (Control display of statistics)
+[no]short (Disable everything except short
form of answer)
+[no]ttlid (Control display of ttls in records)
+[no]all (Set or clear all display flags)
+[no]qr (Print question before sending)
+[no]nssearch (Search all authoritative nameservers)
+[no]identify (ID responders in short answers)
+[no]trace (Trace delegation down from root)
+[no]dnssec (Request DNSSEC records)
+[no]nsid (Request Name Server ID)
+[no]multiline (Print records in an expanded format)
global d-opts and servers (before host name) affect all queries.
local d-opts and servers (after host name) affect only that lookup.
-h (print help and exit)
-v (print version and exit)

How do I enable DNSSEC and sign my zone?

xiaoyu — Tue, 17 Apr 2012 17:18:28 +0000

To enable DNSSEC you must digitally create private and public keys and generate a Declaration of Signing record during the domain name signing process.

There are a number of resources on the Internet for those familiar with DNS. Refer to your nameserver documentation for more details.

Prerequisites for the Zone Signing Process:

Set your domain name to use DNSSEC-aware nameservers. If you are hosting your own nameservers, you must enable DNSSEC on them.
Determine the algorithm you want to use to sign your zone file. The domain name’s registry specifies the algorithms they support. The following algorithms are in use for DNSSEC:
- 0 — Reserved
- 1 — RSA/MD5 [RSAMD6]
- 2 — Diffie-Hellman [DH]
- 3 — DSA/SHA-1 [DSA]
- 4 — Elliptic Curve [ECC]
- 5 — RSA/SHA-1 [RSASHA1]
- 252 — Indirect [INDIRECT]
- 253 — Private [PRIVATEDNS]
- 254 — Private [PRIVATEOID]
- 255 — Reserved

The General Zone Signing Process

Specifics for this process are determined by your DNSSEC-aware nameservers and the domain name’s registry.

Generate a zone signing key.
Generate a key signing key.
Sign the zone and generate signed zone records.
Generate the declaration of signing (DS) record. Use the information in this record to enable DNSSEC for your domain name registered with us.

Tools:

1. http://www.dnssecmonitor.org/index.php

2.http://dnssectest.sidn.nl/index.php

3. http://test.dnssec-or-not.net/

4. http://verisigninc.com/en_US/why-verisign/innovation-initiatives/labs/tools/index.xhtml

5. http://dnsviz.net

6. http://dnssec-debugger.verisignlabs.com

通知：升级到新服务器

xiaoyu — Tue, 13 Mar 2012 03:06:52 +0000

已升级到新服务器,部分配置仍需要时间完成. 目前IPv6 代理服务暂停. 配置好后开放服务. 已购买服务的，将顺延服务期.

未来几天将移动到新服务器
请备份自己的文件
我们购买了新服务器

期间可能中断网站服务.

The next few days will be moved to a new server
Please back up your files
We purchased a new server
May be interrupted during the web service.

A quick NAT64/DNS64 setup

xiaoyu — Fri, 09 Mar 2012 18:39:08 +0000

So you want to play around with an IPv6-only network! Great! One problem, lots of content is still on IPv4 A possible solution or workaround? Using NAT64 & DNS64 to let IPv6-only hosts communicate with IPv4 hosts. The gist of it is that you send your DNS lookup requests to a caching DNS recursor that forges (or rather creates) AAAA records for hosts that do not naturally have them configured. That DNS server creates the AAAA records using an IPv6 range will be configured on the NAT64 portion. That NAT64 machine is going to handle the translation of IPv6 to IPv4.

I’ll use ISC’s BIND9 for the DNS64 component, and Tayga for the NAT64. Because Tayga is designed for Linux, this will cover setting up a Linux based NAT64/DNS64 system. Start by installing the latest stable BIND9 daemon on your target machine. Next, pick a range of IPv6 addresses to generate the AAAAs from. We’ll go with our standard documentation prefix and specify 2001:DB8:1:FFFF::/96. Assuming you have proper routing control over your network, you’ll statically route the /64 you carved it from to the NAT64 machine. A very simple BIND9 named.conf.options can look like this:

options {
        directory "/var/cache/bind";
        auth-nxdomain no;
        listen-on-v6 { any; };
        allow-query { any; };
        dns64 2001:db8:1:ffff::/96 {
                clients { any; };
        };
};

You’ll want to lock down allow-query to whatever ranges/networks you plan on allowing DNS64 looksups with, as well as any specific IPv6 address you want it listening on. In the meantime, the above configuration will let any range query so you can test quickly. Start up the DNS daemon, and start making some queries against it for IPv4-only hostnames, they aren’t hard to find. Then try some queries for hosts you know have AAAA records. You’ll find that it doesn’t mangle them and will give you their proper AAAA record.

Next step is configuring Tayga. I’ve been installing both NAT64 and DNS64 components on the same machine, because I found that for a small network the load and traffic isn’t that much. So on the same machine, install Tayga from a package or source. Configure the tayga.conf file with:

tun-device nat64
ipv4-addr 192.168.0.1
prefix 2001:db8:1:ffff::/96
dynamic-pool 192.168.0.0/24

Next thing I did after reading the Tayga READMEs and FAQ on their site, was set up a quick shell script to fire off, eventually called from rc.local and called it start64.sh:

#!/bin/bash
tayga --mktun
ip link set nat64 up
ip addr add 192.168.0.1 dev nat64
ip addr add 2001:db8:1::1 dev nat64
ip route add 192.168.0.0/24 dev nat64
ip route add 2001:db8:1:ffff::/96 dev nat64
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o nat64 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i nat64 -o eth0 -j ACCEPT
tayga
/etc/init.d/bind start

So from an IPv6-only host, set your resolver to 2001:db8:1::1 (for this example), and try reaching an IPv4 only hostname with pings, traces, or connecting to the services run on it.

Now, to cover things that will need editing and additional configuration:

IPv6 address(es) that BIND9 listens on
IPv6 ranges that BIND9 will allow queries from
actual IPv6 range used for NAT64
adding ip6tables rules to restrict which IPv6 ranges are even allowed to use the NAT64 portion

Advanced tricks: BGP Anycast

So let us assume you want to try and blanket a network with these boxes for whatever reason, but perhaps the best of all: just to do it Set aside a /48 to use for the NAT64/DNS64. Add on either BIRD or Quagga to the machine, and configure that to announce the /48 specific to an upstream router, ideally as part of your iBGP mesh and as a route-reflector client. Configure both BIND9 & Tayga to use a /96 out of that /48. Use the same config on all the machines that will act as anycast nodes. I’ve tested this between two locations by running a wget of an ISO from an IPv4-only hostname, and pulled the /48 announcement from the node I saw the traffic going over. The wget didn’t even hiccup, and instead reported “Read error at byte 504296054/4312793088 (Connection reset by peer). Retrying.” and then kept pulling down the file without issue. Perhaps more failover testing could be done, but I was happy with the results.

Caveat: IPv4 literals will not work since they aren’t hostnames with A records that can have AAAA records created.

http://ipvsix.me/?p=106

Basic BGP configuration for IPv6

xiaoyu — Fri, 09 Mar 2012 18:31:23 +0000

So you have your ASN and just got your PI (Provider-Independent Address Allocation) straight from an RIR, or perhaps a LoA (Letter of Authority) to announce some PA (Provider-Assigned Address Allocation) space from your ISP. You’ll need to start getting that announced out there to your peers, customers and transits. So lets use some documentation prefixes and ASNs and sort out a basic working config. I’ll base the examples on my experience with Brocade NetIron software on XMRs, which can translate over to Quagga or Cisco IOS with a few tweaks.

Assuming you are familiar with BGP4+ with IPv4, IPv6 is not so different or any more complex when getting started. Lets start off with some numbers:

Upstream ISP ASN: 64500 Your ASN: 64501 Specific /126 configured on interfaces out of allocated /64: 2001:db8:0:1::/126 PA allocation to announce: 2001:db8:1234::/48

Start off with making certain that you’ve configured IPv6 on your upstream facing interface, and they’ve configured your side, and you can ping each other over the link. The upstream provider’s configuration can be done as so:

isp#conf t
isp#(config)ipv6 prefix-list as64501-ipv6-filter seq 1 permit 2001:db8:1234::/48
isp#(config)router bgp
isp#(config-bgp)nei 2001:db8:0:1::2 remote-as 64501
isp#(config-bgp)nei 2001:db8:0:1::2 desc Customer_Name
isp#(config-bgp)no nei 2001:db8:0:1::2 activate
isp#(config-bgp)add ipv6 uni
isp#(config-bgp-af)nei 2001:db8:0:1::2 activate
isp#(config-bgp-af)nei 2001:db8:0:1::2 filter-list as64501-ipv6-filter in
isp#(config-bgp-af)exit
isp#wr mem

So the breakdown of these steps is:

enter configuration mode on router
build a filter to restrict what the customer (you) are allowed to announce (seq optional but required for multiple entries in list)
enter BGP configuration mode
create a specific session using target/destination IPv6 address and ASN of customer
optionally add a description of the session perhaps to track who it is more clearly
you don’t want IPv4 routes going out or coming in over the session, IPv6 routes only
change address-family for IPv6 specific BGP settings
activate sending and learning IPv6 routes over the session
apply the filter for accepting INBOUND routes from you/customer
exit & then write out the config

On the customer side it is similar but not exact:

you#conf t
you#(config)ipv6 prefix-list outbound-ipv6-filter seq 1 permit 2001:db8:1234::/48
you#(config)router bgp
you#(config-bgp)nei 2001:db8:0:1::1 remote-as 64500
you#(config-bgp)nei 2001:db8:0:1::1 desc ISP_Name
you#(config-bgp)no nei 2001:db8:0:1::1 activate
you#(config-bgp)add ipv6 uni
you#(config-bgp-af)network 2001:db8:1234::/48
you#(config-bgp-af)nei 2001:db8:0:1::1 activate
you#(config-bgp-af)nei 2001:db8:0:1::1 filter-list outbound-ipv6-filter out
you#(config-bgp-af)exit
you#wr mem

The differences being:
1) outbound filter list on your session to the ISP
2) network statement for the allocation to be announced by BGP

You’ll also need some sort of anchor route so BGP knows to announce the route. This can be either a local null-route or static-route for the covering prefix, or an IP out of the prefix configured on an interface. So once BGP is configured, and establishes between both routers, the ISP side should see something similar to:

isp#sh ipv6 bgp nei 2001:db8:0:1::2 routes
       There are 1 accepted routes from neighbor 2001:db8:0:1::2
Searching for matching routes, use ^C to quit...
Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED
       E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH m:NOT-INSTALLED-MULTIPATH
       S:SUPPRESSED F:FILTERED s:STALE
       Prefix             Next Hop        Metric     LocPrf     Weight  Status
1      2001:db8:1234::/48  2001:db8:0:1::2
                                          1          140        0       E
         AS_PATH: 64501

And that should be it. You can obviously play around with peer-groups, route-maps, etc. Communities should work as long as your ISP offers them, so be sure to ask. Ideally there is at least a blackhole community in place. That should allow you to announce a specific range or IP that you want to have null-routed upstream in cases of abuse or attacks. That filter could look like either of the following, depending on how specific they allow you to announce:

ipv6 prefix-list as64501-ipv6-filter seq 1 permit 2001:db8:1234::/48 le 64

or

ipv6 prefix-list as64501-ipv6-filter seq 1 permit 2001:db8:1234::/48 le 128

With the obvious requirement that the BGP sessions would need to be configured as blackhole community enabled on both sides.

http://ipvsix.me/?p=181

使用srvany.exe将任何程序作为Windows服务运行

xiaoyu — Tue, 28 Feb 2012 13:33:36 +0000

srvany.exe是什么？

srvany.exe是Microsoft Windows Resource Kits工具集的一个实用的小工具，用于将任何EXE程序作为Windows服务运行。也就是说srvany只是其注册程序的服务外壳，这个特性对于我们来说非常实用，我们可以通过它让我们的程序以SYSTEM账户启动，或者实现随机器启动而自启动，也可以隐藏不必要的窗口，比如说控制台窗口等等。

如何获取？

你可以通过下载并安装Microsoft Windows Resource Kits获得或者可以通过我分享的下载地址1（国内线路）、下载地址2（国外线路）得到。

如何使用？

当你获取到srvany后并决定将某程序作为服务启动后，请先将srvany安装为系统服务，具体的安装方法有很多，比如说可以通过Microsoft Windows Resource Kits中另外一个实用的小工具instsrv.exe进行安装（下载地址），将srvany.exe和instsrv.exe拷贝到C:\Windows\System32\后，我们可以通过下面的命令行进行srvany.exe的服务安装：

instsrv ServiceName C:\Windows\System32\srvany.exe

ServiceName即你自己定义的服务名称，可以是要作为系统服务启动的应用程序的名称。

安装完毕后，我们需要对srvany.exe进行配置，以便于能够加载我们指定的程序，配置的方法是，开始 – 运行 – regedit，打开注册表，定位到下面的路径。

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServiceName

同样的ServiceName是你刚才安装服务时自定义的服务名称。

如果该服务名下没有Parameters项目，则对服务名称项目右击新建项，名称为Parameters，然后定位到Parameters项，新建以下几个字符串值。

名称 Application 值为你要作为服务运行的程序地址。
名称 AppDirectory 值为你要作为服务运行的程序所在文件夹路径。
名称 AppParameters 值为你要作为服务运行的程序启动所需要的参数。

比如这里是个配置实例，我们这里配置的服务名称是NGINX，其余是nginx的安装配置情况。

当然还有一个比较简单的做法，那就是将下面的文本保存为*.reg文件，然后双击导入注册表。

Windows Registry Editor Version 5.00 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\服务名称\Parameters]
"Application"="值为你要作为服务运行的程序地址"
"AppDirectory"="值为你要作为服务运行的程序所在文件夹路径"
"AppParameters"="值为你要作为服务运行的程序启动所需要的参数"

2011年7月14日更新

找到微软的官方文章《如何创建用户定义的服务》，大家可以看一看。

2012年2月27日更新

今天有朋友问到将某窗体程序通过srvany作为服务运行的时候，桌面右下角图标和窗体无法显示，这个就涉及到服务的运行方式了，一般服务程序是不包含窗体的，所以系统默认可能会抑制这些服务程序产生的窗体，如果你的服务程序比较特殊，确实需要出现窗体，可以参考下面的办法：

控制面板 – 管理工具 – 服务（或者开始 – 运行 – services.msc 确认）打开服务管理器，选择你刚刚安装并需要展示窗体的服务，然后右击选择属性，切换到 “登录” 选项卡，勾选上 “允许服务与桌面交互” 然后按确定保存，重启你的服务，看看窗体是否出现了：

srvany_instsrv

IPv6 in Wifi network

xiaoyu — Tue, 28 Feb 2012 01:46:57 +0000

我们于2009年在wifi网内部署了 ipv6, 并且在可以自动翻墙实现自由访问国际互联网络. 无需安装任何软件和配置.

任何移动设备均可使用.

我们将继续提供更多技术服务.

We Beginning in 2009, Wifi network deployment of ipv6， and Automatically over the wall to achieve the freedom to access the Internet.

No needed software to install and configure.

Any mobile device can be used.We will continue to provide more technical services.

Tuning Windows for TCP/IP performance

xiaoyu — Sat, 25 Feb 2012 23:58:12 +0000

REGISTRY KEYS

In all versions of Windows, add the keys described below. Certain keys/values depend on the operating system installed (noted in the Value name column where different).

Subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters

Value name Value data Description
TcpTimedWaitDelay 0x0000001e
(Hex 0x0000001e = decimal 30. This value sets the wait time to 30 seconds.)

This key determines the time that must elapse before TCP/IP can release a closed connection and reuse its resources. This interval between closure and release is known as the TIME_WAIT state or twice the maximum segment lifetime (2MSL) state. During this time, reopening the connection to the client and server costs less than establishing a new connection. By reducing the value of this entry, TCP/IP can release closed connections faster and provide more resources for new connections. Adjust this parameter if the running application requires rapid release, the creation of new connections, or an adjustment because of a low throughput caused by multiple connections in the TIME_WAIT state.
MaxUserPort (minimum) 32768 This key determines the highest port number that TCP/IP can assign when an application requests an available user port from the system.
TcpMaxDataRetranmission 5 (seconds) This key determines how many times TCP retransmits an unacknowledged data segment on an existing connection.
Subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters

Value name
Value data

Description
EnableDynamicBacklog 00000001

These keys, if many connection attempts are received simultaneously, increase the default number of pending connections that are supported by the operating system.
These values request a minimum of 20 and a maximum of 1000 available connections. The number of available connections is increased by 10 each time that there are fewer than the minimum number of available connections.

MinimumDynamicBacklog 00000020
MaximumDynamicBacklog 00001000
DynamicBacklogGrowthDelta 00000010
KeepAliveInterval 1 (second) This key determines how often TCP repeats keep-alive transmissions when no response is received.

Subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{Interface GUID}*

* {Interface GUID} is different for every system.

Value name
Value data

Description
TcpNoDelay

(Windows 2008 R1 & R2 only) 1 0 to enable Nagle’s algorithm, 1 to disable, not present by default
TcpAckFrequency

(Windows XP, Windows 2003, and Windows 2008 R1 & R2) 1 TCP/IP can be the source of some significant remote method delays. You can increase TCP performance by immediately acknowledging incoming TCP segments, in all situations.

NOTE: Some documentation states that this value may be placed directly under HKLM\SYSTEM\CurrentControlSet\Services\Tcpip or HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters. After testing, it was determined that the setting only takes effect when placed under the actual {Interface GUID} key.
Your .reg file for Windows 2008 would look something like this:

Remember to reboot the server computer after making the registry changes.

On Windows 2008 (R1&R2), you must also disable autotuning:

Open a command prompt and execute the following command:
netsh int tcp set global autotuninglevel=disabled

The default level is “normal.” The possible settings include:

disabled: uses a fixed value for the tcp receive window. Limits it to 64KB (limited at 65535).
highlyrestricted: allows the receive window to grow beyond its default value, very conservatively
restricted: somewhat restricted growth of the tcp receive window beyond its default value
normal: default value, allows the receive window to grow to accommodate most conditions
experimental: allows the receive window to grow to accommodate extreme scenarios (not recommended as it can degrade performance in common scenarios; only intended for research purposes. It enables RWIN values of over 16 MB)

http://kb.globalscape.com/KnowledgebaseArticle10438.aspx

http://technet.microsoft.com/en-us/library/cc783904(v=ws.10).aspx

TCPNoDelay
Updated: March 28, 2003

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

HKLM\SOFTWARE\Microsoft\MSMQ\Parameters

Data type Range Default value

REG_DWORD 0 | 1 0
Description

Disables nagling. Nagling is a TCP feature that combines several small packets into a single, larger packet for more efficient transmission.

By default, Message Queuing (also known as MSMQ) enables nagling on the TCP sockets it uses. This improves overall performance, but it might briefly delay transmission of smaller packets. If the delay is undesirable or unacceptable, then you can add this entry to the registry to disable nagling.

Value Meaning
0 Nagling is enabled.

1 Nagling is disabled.

This entry does not exist in the registry by default. You can add it by using the registry editor Regedit.exe.

Lower Your Ping with TcpAckFrequency & TCPNoDelay

A few hints to lower your ping in many online games:

1) Run regedit and find the following location…

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\

Parameters\Interfaces\

2) Add a new DWORD (32-bit) named “TcpAckFrequency” and set its value to “1″ under the desired interface.

3) Add a new DWORD (32-bit) named “TCPNoDelay” and set its value to “1″ as well.

4) Next, find this location…

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSMQ\Parameters

5) Add a new DWORD (32-bit) naned “TCPNoDelay” and set its value to “1″.

6) Close regedit, reboot, and you’re done.

Buff_Goldberg_Web_Servers_Should_Turn_Off_Nagle_to_Avoid_Unnecessary_200_ms_Delays_1999

TcpAckFrequency & TCPNoDelay

ftp用户密码修改：Serv-U客户端ftp账号账户密码修改及远程管理Serv-U服务端ftp的方法

xiaoyu — Sat, 25 Feb 2012 14:11:56 +0000

强大的ftp服务器搭建软件Serv-U可以定义用户账户修改密码权限，但是其本身未没有提供web页面的修改，所以ftp用户希望修改账号密码，还需要借助第三方工具。志文工作室通过本文介绍两种修改和管理账户密码的方法，以及远程管理serv-U服务器的步骤。

一、修改ftp客户端账号密码的方法

可以在客户端ftp软件里面改，也可以在cmd运行命令行下改，但前提是SERVER-U服务端已经开启了该账户修改密码的权限。

1.使用windows自带的cmd工具修改

a.在“开始-运行”中输入” ftp ” 后按回车运行，看到提示符“ftp>”
b.输入连接ftp命令“open ftp连接IP”，如：open ftp 127.0.0.1
c.按提示输入User（用户名），Password（密码）(注意：屏幕并不显示您输入的密码)。当屏幕上出现“230 User logged in, proceed.”表示FTP已连接成功!
d.此时输入命令“quote site pswd 旧密码新密码”回车，屏幕上出现230 Password changed okay.表示密码已经修改成功！
e.输入bye 退出。此时即可使用新的密码连接该ftp账号了。

2.使用第三方ftp软件修改

这里介绍的是使用著名的ftp连接工具flashxp修改密码的方法，步骤如下：
a.启动flashxp，使用账户及密码登陆到远程ftp。
b.菜单栏选择“查看 – 显示原始命令行”，或者按快捷键“ctrl+R”调用命令执行窗口。
c.在原始命令行中输入命令：
site pswd 旧密码新密码
当信息回显窗口提示信息“230 Password changed okay.” 则表示密码修改成功！

3.其它FTP软件修改

如使用leapftp等ftp连接软件修改密码的方法与使用flashxp相似，只需运行原始命令” site pswd 旧密码新密码” 即可。