gleicon/do_sysctl.conf

## do_sysctl.conf
# Protection from SYN flood attack.
net.ipv4.tcp_syncookies = 1

# Martians? Don't care.
net.ipv4.conf.all.log_martians = 0

# Discourage Linux from swapping idle server processes to disk (default = 60)
vm.swappiness = 10
vm.dirty_ratio = 60
vm.dirty_background_ratio = 2

# Increase number of incoming connections that can queue up before dropping.
net.core.somaxconn = 65535

# Handle SYN floods and large numbers of valid HTTPS connections.
net.ipv4.tcp_max_syn_backlog = 30000

# Increase the length of the network device input queue.
net.core.netdev_max_backlog = 5000

# Increase system file descriptor limit so we will (probably)
# never run out under lots of concurrent requests.
# (Per-process limit is set in /etc/security/limits.conf)
fs.file-max = 1000000
fs.nr_open = 1000000

# Widen the port range used for outgoing connections.
net.ipv4.ip_local_port_range = 1024 65535

# Up network memory.
net.core.wmem_max = 12582912
net.core.rmem_max = 12582912
net.ipv4.tcp_rmem = 10240 87380 12582912
net.ipv4.tcp_wmem = 10240 87380 12582912

# Up conntrack entries by 3x.
net.netfilter.nf_conntrack_max = 196608

# Disable source routing and redirects.
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.accept_source_route = 0

# Disable packet forwarding.
net.ipv4.ip_forward = 0
net.ipv6.conf.all.forwarding = 0

# Disable TCP slow start on idle connections.
net.ipv4.tcp_slow_start_after_idle = 0

# Disconnect dead TCP connections after 15 seconds.
net.ipv4.tcp_keepalive_time = 15
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_keepalive_probes = 5

# Allow a high number of timewait sockets.
net.ipv4.tcp_max_tw_buckets = 2000000

# Timeout broken connections faster (amount of time to wait for FIN).
net.ipv4.tcp_fin_timeout = 5

# Let the networking stack reuse TIME_WAIT connections when it thinks
# it's safe to do so.
net.ipv4.tcp_tw_reuse = 1
# aggresive non-nat time-wait recycle. test at your own risk. harmful for behind NAT computers.
net.ipv4.tcp_tw_recycle = 1

# Set the wait time between keepalive interval probes (from 75 sec to 15).
net.ipv4.tcp_keepalive_intvl = 6

# Set the number of probes before timing out (from 9 sec to 5 sec).
net.ipv4.tcp_keepalive_probes = 2

# Disable tcp window scaling
net.ipv4.tcp_window_scaling=0

# optimize for low latency, turn off tcp nagle
net.ipv4.tcp_low_latency=1
	# Protection from SYN flood attack.
	net.ipv4.tcp_syncookies = 1

	# Martians? Don't care.
	net.ipv4.conf.all.log_martians = 0

	# Discourage Linux from swapping idle server processes to disk (default = 60)
	vm.swappiness = 10
	vm.dirty_ratio = 60
	vm.dirty_background_ratio = 2

	# Increase number of incoming connections that can queue up before dropping.
	net.core.somaxconn = 65535

	# Handle SYN floods and large numbers of valid HTTPS connections.
	net.ipv4.tcp_max_syn_backlog = 30000

	# Increase the length of the network device input queue.
	net.core.netdev_max_backlog = 5000

	# Increase system file descriptor limit so we will (probably)
	# never run out under lots of concurrent requests.
	# (Per-process limit is set in /etc/security/limits.conf)
	fs.file-max = 1000000
	fs.nr_open = 1000000

	# Widen the port range used for outgoing connections.
	net.ipv4.ip_local_port_range = 1024 65535

	# Up network memory.
	net.core.wmem_max = 12582912
	net.core.rmem_max = 12582912
	net.ipv4.tcp_rmem = 10240 87380 12582912
	net.ipv4.tcp_wmem = 10240 87380 12582912

	# Up conntrack entries by 3x.
	net.netfilter.nf_conntrack_max = 196608

	# Disable source routing and redirects.
	net.ipv4.conf.all.send_redirects = 0
	net.ipv4.conf.all.accept_redirects = 0
	net.ipv4.conf.all.accept_source_route = 0

	# Disable packet forwarding.
	net.ipv4.ip_forward = 0
	net.ipv6.conf.all.forwarding = 0

	# Disable TCP slow start on idle connections.
	net.ipv4.tcp_slow_start_after_idle = 0

	# Disconnect dead TCP connections after 15 seconds.
	net.ipv4.tcp_keepalive_time = 15
	net.ipv4.tcp_keepalive_intvl = 15
	net.ipv4.tcp_keepalive_probes = 5

	# Allow a high number of timewait sockets.
	net.ipv4.tcp_max_tw_buckets = 2000000

	# Timeout broken connections faster (amount of time to wait for FIN).
	net.ipv4.tcp_fin_timeout = 5

	# Let the networking stack reuse TIME_WAIT connections when it thinks
	# it's safe to do so.
	net.ipv4.tcp_tw_reuse = 1
	# aggresive non-nat time-wait recycle. test at your own risk. harmful for behind NAT computers.
	net.ipv4.tcp_tw_recycle = 1

	# Set the wait time between keepalive interval probes (from 75 sec to 15).
	net.ipv4.tcp_keepalive_intvl = 6

	# Set the number of probes before timing out (from 9 sec to 5 sec).
	net.ipv4.tcp_keepalive_probes = 2

	# Disable tcp window scaling
	net.ipv4.tcp_window_scaling=0

	# optimize for low latency, turn off tcp nagle
	net.ipv4.tcp_low_latency=1