Last active
October 20, 2022 06:49
-
-
Save Rachitlohani/43d7e46cc19b179591ed to your computer and use it in GitHub Desktop.
network
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#def 60 | |
net.ipv4.tcp_fin_timeout=20 | |
#def 9 | |
net.ipv4.tcp_keepalive_probes=5 | |
#def 32768 | |
net.ipv4.tcp_max_orphans=32768 | |
#def 10240 | |
net.core.optmem_max=20480 | |
#def 110592 | |
net.core.rmem_default=16777216 | |
#def 131071 | |
net.core.rmem_max=16777216 | |
#def 110592 | |
net.core.wmem_default=16777216 | |
#def 131071 | |
net.core.wmem_max=16777216 | |
#def 128 | |
net.core.somaxconn=500 | |
#def 0 | |
net.ipv4.tcp_orphan_retries = 1 | |
#def 180000 | |
net.ipv4.tcp_max_tw_buckets=540000 | |
#def 1024 | |
#net.ipv4.tcp_max_tw_buckets_ub=540000 | |
#disable IP packet forwarding. No performance gain | |
net.ipv4.ip_forward = 0 | |
# source route verification. Almost no perf gain | |
net.ipv4.conf.default.rp_filter = 1 | |
#Disable source routing. No Perf gain | |
net.ipv4.conf.default.accept_source_route = 0 | |
#enable kernel debug | |
kernel.sysrq = 1 | |
#append the pid to the dump file | |
kernel.core_uses_pid = 1 | |
#disable syn cookies. Just an overhead to prevent DDOS attack | |
net.ipv4.tcp_syncookies = 0 | |
#max size of a kernel packet | |
kernel.msgmnb = 65536 | |
#max message queue | |
kernel.msgmax = 65536 | |
#maxshared segment size, in bytes | |
kernel.shmmax = 68719476736 | |
#maximum number of shared memory segments, in pages | |
kernel.shmall = 4294967296 | |
#Decrease the time default value for tcp_fin_timeout connection | |
net.ipv4.tcp_fin_timeout = 30 | |
#Decrease the time default value for tcp_keepalive_time connection | |
net.ipv4.tcp_keepalive_time = 1800 | |
#Turn off the tcp_window_scaling | |
net.ipv4.tcp_window_scaling = 0 | |
#Turn off the tcp_sack | |
net.ipv4.tcp_sack = 0 | |
#Turn off the tcp_timestamps | |
net.ipv4.tcp_timestamps = 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Tuned system.
Tcp memory
net.core.rmem_max=16777216
net.core.wmem_max=16777216
net.ipv4.tcp_rmem=4096 87380 16777216
net.ipv4.tcp_wmem=4096 65536 16777216
Increase the number of incoming connections that can queue up before dropping
net.core.somaxconn = 262144
Big queue for the network device
net.core.netdev_max_backlog=30000
Apache Scaling suggests 1000 ?
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
Lots of local ports for connections
net.ipv4.tcp_max_tw_buckets = 1000000
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_synack_retries = 0
These ensure that TIME_WAIT ports either get reused or closed fast.
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_tw_recycle = 1
Security
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_rfc1337 = 1
Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.eth1.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 30
Tuning the FS
fs.file-max = 5049800
Tuning the VM - According to
http://kb.pert.geant2.net/PERTKB/ApacheScaling
vm.min_free_kbytes = 204800
vm.page-cluster = 20
Apache suggests 200 but most say 0....
vm.swappiness = 10