Created
November 15, 2015 16:43
-
-
Save janeczku/5043ed50be8d6a9b1907 to your computer and use it in GitHub Desktop.
Scaleway C1 sysctl network performance tweaks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Performance Tweak | |
| net.core.rmem_max=12582912 | |
| net.core.wmem_max=12582912 | |
| net.core.rmem_default=87380 | |
| net.core.wmem_default=87380 | |
| net.ipv4.tcp_mem='12582912 12582912 12582912' | |
| net.ipv4.tcp_rmem= 10240 87380 12582912 | |
| net.ipv4.tcp_wmem= 10240 87380 12582912 | |
| net.ipv4.tcp_window_scaling = 1 | |
| net.ipv4.tcp_timestamps = 1 | |
| net.ipv4.tcp_sack = 1 | |
| net.ipv4.tcp_no_metrics_save = 1 | |
| net.core.netdev_max_backlog = 5000 | |
| vm.dirty_background_ratio=20 | |
| vm.swappiness=20 | |
| net.ipv4.route.flush=1 | |
| kernel.sysrq = 1 | |
| kernel.sem = 430 129000 430 300 | |
| kernel.shmmni = 300 | |
| kernel.shmmax = 2147483648 | |
| # increase system file descriptor limit | |
| fs.file-max = 128000 | |
| #Allow for more PIDs | |
| kernel.pid_max = 65536 | |
| #Increase system IP port limits | |
| net.ipv4.ip_local_port_range = 2000 65000 | |
| #Enable ExecShield protection | |
| kernel.randomize_va_space = 1 | |
| # Controls IP packet forwarding | |
| net.ipv4.ip_forward = 0 | |
| # Controls IP packet forwarding | |
| net.ipv4.ip_forward = 0 | |
| # Controls source route verification | |
| net.ipv4.conf.default.rp_filter = 1 | |
| # Do not accept source routing | |
| net.ipv4.conf.default.accept_source_route = 0 | |
| # Controls the System Request debugging functionality of the kernel | |
| kernel.sysrq = 0 | |
| # Controls whether core dumps will append the PID to the core filename | |
| # Useful for debugging multi-threaded applications | |
| kernel.core_uses_pid = 1 | |
| # Send redirects, if router, but this is just server | |
| net.ipv4.conf.all.send_redirects = 0 | |
| net.ipv4.conf.default.send_redirects = 0 | |
| # Accept packets with SRR option? No | |
| net.ipv4.conf.all.accept_source_route = 0 | |
| # Accept Redirects? No, this is not router | |
| net.ipv4.conf.all.accept_redirects = 0 | |
| net.ipv4.conf.all.secure_redirects = 0 | |
| # Log packets with impossible addresses to kernel log? yes | |
| net.ipv4.conf.all.log_martians = 1 | |
| net.ipv4.conf.default.accept_source_route = 0 | |
| net.ipv4.conf.default.accept_redirects = 0 | |
| net.ipv4.conf.default.secure_redirects = 0 | |
| # Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicast | |
| net.ipv4.icmp_echo_ignore_broadcasts = 1 | |
| # Prevent against the common 'syn flood attack' | |
| net.ipv4.tcp_syncookies = 1 | |
| net.ipv4.tcp_synack_retries = 2 | |
| # Enable source validation by reversed path, as specified in RFC1812 | |
| net.ipv4.conf.all.rp_filter = 1 | |
| net.ipv4.conf.default.rp_filter = 1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment