Skip to content

Instantly share code, notes, and snippets.

@hiteshjasani
Forked from jkordish/sysctl.yml
Created November 22, 2016 17:16
Show Gist options
  • Save hiteshjasani/5792ef0d28aeee46b7887278b7786538 to your computer and use it in GitHub Desktop.
Save hiteshjasani/5792ef0d28aeee46b7887278b7786538 to your computer and use it in GitHub Desktop.
ansible sysctl for ec2. perferrably used for 1g nics.
- hosts: localhost
tasks:
- name: update sysctl
action: sysctl state=present reload=yes {{ item }}
with_items:
# max open files
- name=fs.file-max value=65535
# lets not use swap.
- name=vm.swappiness value=0
# enable syn coockies. this can actually cause overhead.
- name=net.ipv4.tcp_syncookies value=1
# This allows reusing sockets in TIME_WAIT state for new connections when it is safe from protocol viewpoint.
- name=net.ipv4.tcp_tw_reuse value=1
# Max rx/tx buffer size (16M) - defaults high but can scale down.
- name=net.core.rmem_max value=16777216
- name=net.core.wmem_max value=16777216
- name=net.core.rmem_default value=16777216
- name=net.core.wmem_default value=16777216
- name=net.ipv4.tcp_rmem value="4096 87380 16777216"
- name=net.ipv4.tcp_wmem value="4096 65536 16777216"
# Increase the maximum amount of option memory buffers // specifies the maximum buffer size allowed per socket.
- name=net.core.optmem_max value=40960
# Increase max number of sockets allowed in TIME_WAIT
- name=net.ipv4.tcp_max_tw_buckets value=2000000
# Increase max half-open connections
- name=net.ipv4.tcp_max_syn_backlog value=30000
# Increase max TCP orphans
# These are sockets which have been closed and no longer have a file handle attached to them
- name=net.ipv4.tcp_max_orphans value=262144
# Max listen queue backlog
- name=net.core.somaxconn value=4096
# Max number of packets that can be queued on interface input
# If kernel is receiving packets faster than can be processed
# this queue increases
- name=net.core.netdev_max_backlog value=50000
# Only retry creating TCP connections twice
# Minimize the time it takes for a connection attempt to fail
- name=net.ipv4.tcp_synack_retries value=2
- name=net.ipv4.tcp_syn_retries value=2
# Timeout closing of TCP connections after 7 seconds
- name=net.ipv4.tcp_fin_timeout value=7
# Avoid falling back to slow start after a connection goes idle
# keeps our cwnd(congestion window size) large with the keep alive connections
- name=net.ipv4.tcp_slow_start_after_idle value=0
# determines the number of probes before timing out
- name=net.ipv4.tcp_keepalive_probes value=5
# Determines the wait time between isAlive interval probes
- name=net.ipv4.tcp_keepalive_intvl value=3
# Disable TCP timestamps -- saves 12 bytes
- name=net.ipv4.tcp_timestamps value=0
# Selective acknowledgements - This option selectively acknowledges each segment in a TCP window.
# This is especially good on very lossy connections (connections that loose a lot of data in the transfer)
# since this makes it possible to only retransmit specific parts of the TCP window which lost data and not
# the whole TCP window as the old standards told us to do.
- name=net.ipv4.tcp_sack value=1
# Enabling tcp window scaling
# Enabling tcp_window_scaling enables a special TCP option which makes it possible to scale these windows to a larger size,
# and hence reduces bandwidth losses due to not utilizing the whole connection.
- name=net.ipv4.tcp_window_scaling value=1
# Causes the kernel to actively send RST packets when a service is overloaded. So no data is dropped.
- name=net.ipv4.tcp_abort_on_overflow value=1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment