Skip to content

Instantly share code, notes, and snippets.

@jult

jult/sysctl.conf

Last active Jan 11, 2020
Embed
What would you like to do?
sysctl config for linux server(s) with 8 GB DDR4 RAM or more, SSD and 1Gbps (or faster) NIC
kernel.core_uses_pid = 1
kernel.domainname = your-rdns-FQDN.here
kernel.msgmax = 65535
kernel.msgmnb = 65535
kernel.pid_max = 65535
kernel.printk = 2 3 1 2
kernel.randomize_va_space = 2
kernel.shmall = 268435456
kernel.shmmax = 268435456
kernel.sysrq = 0
fs.inotify.max_user_watches = 524288
fs.file-max = 2097152
net.core.default_qdisc = fq_codel
net.core.netdev_max_backlog = 16384
net.core.optmem_max = 65535
net.core.rmem_max = 4194304
net.core.wmem_max = 4194304
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 65536 4194304
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.rp_filter = 2
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.rp_filter = 2
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.ip_forward = 1
net.ipv4.ip_local_port_range = 1024 65300
net.ipv4.tcp_congestion_control = bbr
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.tcp_mtu_probing = 1
net.ipv4.tcp_notsent_lowat = 16384
net.ipv4.tcp_rfc1337 = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_slow_start_after_idle = 0
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_window_scaling = 1
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_source_route = 0
net.ipv6.conf.all.forwarding = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv6.conf.default.accept_source_route = 0
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
vm.dirty_background_ratio = 4
vm.dirty_ratio = 5
vm.min_free_kbytes = 65535
vm.overcommit_memory = 1
vm.swappiness = 1
vm.vfs_cache_pressure = 32
@jult

This comment has been minimized.

Copy link
Owner Author

@jult jult commented Mar 23, 2018

This is in my /etc/sysctl.conf on debian/ubuntu servers after some benchmarks and tests.
You can make these persistent after reboots by
# sysctl -p

@jult

This comment has been minimized.

Copy link
Owner Author

@jult jult commented Mar 24, 2018

Note that when used inside a virtual guest, i.e. KVM VPS etc., you need to consider also doing

ethtool --offload ens3 tx-checksum-ip-generic off
ethtool -K ens3 gro off
ethtool -K ens3 tso off

(where ens3 is your NIC)

You can use /etc/rc.local to make these go live at every boot (put them in rc.local), like, for example;

#!/bin/sh

echo never > /sys/kernel/mm/transparent_hugepage/enabled
echo noop > /sys/block/vda/queue/scheduler
echo 0 > /sys/block/vda/queue/rotational
echo 0 > /sys/block/vda/queue/rq_affinity
echo 9000 > /proc/sys/vm/dirty_expire_centisecs
echo 9000 > /proc/sys/vm/dirty_writeback_centisecs

ethtool --offload ens3 tx-checksum-ip-generic off
ethtool -K ens3 gro off
ethtool -K ens3 tso off

exit 0
@grebois

This comment has been minimized.

Copy link

@grebois grebois commented Oct 28, 2018

#disable ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment