kirillDanshin/sysctl.conf

## sysctl.conf
# DISCLAMER
# It's just a good point to start. It works well even under load,
# and tested on CentOS 7.2.1151 with 4G RAM and 8 xeon cores
# and disabled transparent_hugepages.

# Limitation of Liability. In no event and under no legal theory,
# whether in tort (including negligence), contract, or otherwise,
# unless required by applicable law (such as deliberate and grossly
# negligent acts) or agreed to in writing, shall any Contributor be
# liable to You for damages, including any direct, indirect, special,
# incidental, or consequential damages of any character arising as a
# result of this License or out of the use or inability to use the
# Work (including but not limited to damages for loss of goodwill,
# work stoppage, computer failure or malfunction, or any and all
# other commercial damages or losses), even if such Contributor
# has been advised of the possibility of such damages.

kernel.sysrq = 0
kernel.msgmax = 65536
kernel.msgmnb = 65536
kernel.pid_max = 524288
kernel.core_uses_pid = 1
kernel.core_pattern = /var/crash/core-%e-%s-%u-%g-%p-%t
kernel.sem = 1000	128000	128	2048
kernel.perf_event_paranoid = 2

fs.file-max = 5242880
fs.suid_dumpable = 2
fs.aio-max-nr = 524288

vm.swappiness = 3
vm.percpu_pagelist_fraction = 8

net.core.netdev_max_backlog = 1024000
net.core.rmem_default = 10000000
net.core.rmem_max = 10000000
net.core.somaxconn = 131072
net.core.wmem_default = 100000000

net.ipv6.conf.default.disable_ipv6 = 0

net.ipv6.conf.all.forwarding = 1
net.ipv4.ip_forward = 1

net.ipv4.tcp_congestion_control = highspeed
net.ipv4.tcp_ecn = 0
net.ipv4.tcp_sack = 0
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_fastopen = 1
net.ipv4.tcp_low_latency = 1

net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_fin_timeout = 5
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_tw_reuse = 1

net.ipv4.ip_local_port_range = 1024 65535

net.ipv4.tcp_max_syn_backlog = 131072

net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1

net.netfilter.nf_conntrack_max = 1048576

net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.all.route_localnet = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.all.accept_source_route = 0

net.ipv4.conf.default.log_martians = 1
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.default.secure_redirects = 0

net.ipv4.conf.eth0.rp_filter = 1

net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
	# DISCLAMER
	# It's just a good point to start. It works well even under load,
	# and tested on CentOS 7.2.1151 with 4G RAM and 8 xeon cores
	# and disabled transparent_hugepages.

	# Limitation of Liability. In no event and under no legal theory,
	# whether in tort (including negligence), contract, or otherwise,
	# unless required by applicable law (such as deliberate and grossly
	# negligent acts) or agreed to in writing, shall any Contributor be
	# liable to You for damages, including any direct, indirect, special,
	# incidental, or consequential damages of any character arising as a
	# result of this License or out of the use or inability to use the
	# Work (including but not limited to damages for loss of goodwill,
	# work stoppage, computer failure or malfunction, or any and all
	# other commercial damages or losses), even if such Contributor
	# has been advised of the possibility of such damages.

	kernel.sysrq = 0
	kernel.msgmax = 65536
	kernel.msgmnb = 65536
	kernel.pid_max = 524288
	kernel.core_uses_pid = 1
	kernel.core_pattern = /var/crash/core-%e-%s-%u-%g-%p-%t
	kernel.sem = 1000 128000 128 2048
	kernel.perf_event_paranoid = 2

	fs.file-max = 5242880
	fs.suid_dumpable = 2
	fs.aio-max-nr = 524288

	vm.swappiness = 3
	vm.percpu_pagelist_fraction = 8

	net.core.netdev_max_backlog = 1024000
	net.core.rmem_default = 10000000
	net.core.rmem_max = 10000000
	net.core.somaxconn = 131072
	net.core.wmem_default = 100000000

	net.ipv6.conf.default.disable_ipv6 = 0

	net.ipv6.conf.all.forwarding = 1
	net.ipv4.ip_forward = 1

	net.ipv4.tcp_congestion_control = highspeed
	net.ipv4.tcp_ecn = 0
	net.ipv4.tcp_sack = 0
	net.ipv4.tcp_timestamps = 0
	net.ipv4.tcp_fastopen = 1
	net.ipv4.tcp_low_latency = 1

	net.ipv4.tcp_max_tw_buckets = 1440000
	net.ipv4.tcp_window_scaling = 1
	net.ipv4.tcp_fin_timeout = 5
	net.ipv4.tcp_keepalive_time = 1200
	net.ipv4.tcp_max_orphans = 262144
	net.ipv4.tcp_rmem = 4096 87380 4194304
	net.ipv4.tcp_wmem = 4096 16384 4194304
	net.ipv4.tcp_syncookies = 0
	net.ipv4.tcp_syn_retries = 1
	net.ipv4.tcp_synack_retries = 1
	net.ipv4.tcp_tw_reuse = 1

	net.ipv4.ip_local_port_range = 1024 65535

	net.ipv4.tcp_max_syn_backlog = 131072

	net.ipv4.icmp_echo_ignore_broadcasts = 1
	net.ipv4.icmp_ignore_bogus_error_responses = 1

	net.netfilter.nf_conntrack_max = 1048576

	net.ipv4.conf.all.rp_filter = 1
	net.ipv4.conf.all.route_localnet = 1
	net.ipv4.conf.all.accept_redirects = 0
	net.ipv4.conf.all.send_redirects = 0
	net.ipv4.conf.all.secure_redirects = 0
	net.ipv4.conf.all.log_martians = 1
	net.ipv4.conf.all.accept_source_route = 0

	net.ipv4.conf.default.log_martians = 1
	net.ipv4.conf.default.accept_redirects = 0
	net.ipv4.conf.default.send_redirects = 0
	net.ipv4.conf.default.secure_redirects = 0

	net.ipv4.conf.eth0.rp_filter = 1

	net.bridge.bridge-nf-call-ip6tables = 0
	net.bridge.bridge-nf-call-iptables = 0
	net.bridge.bridge-nf-call-arptables = 0