## Linux/2.4 sysctl.conf ## ## -- san2(at)linuxchannel.net ## -- 2005.09.21: add more ## 2005.06.04: new build ## ## [refernce] ## - man tcp(7), sysctl.conf(5) ## - http://ipsysctl-tutorial.frozentux.net/chunkyhtml/index.html ## - http://lse.sourceforge.net/epoll/ ## - http://www.webhostingtalk.com/showthread.php?threadid=257654 ## - http://www.lovee.pe.kr/board/view.php?id=unlimited1&no=113 ## - http://www-didc.lbl.gov/TCP-tuning/TCP-tuning.html ## - http://www-didc.lbl.gov/TCP-tuning/linux.html ## - http://www.oops.org/?t=lecture&sb=kernel&n=3 ## - http://www.spec.org/web99/results/api-src/HP-20010821.txt // Linux 2.4 Kernel Tunings used in SPECweb99 results ## ## [Shared Memory and Semaphores] ## - http://www.postgresql.org/docs/7.4/interactive/kernel-resources.html ## - http://www.redhat.com/docs/manuals/database/RHDB-2.1-Manual/admin_user/kernel-resources.html ## ## [httperf] -- A Tool for Measuring Web Server Performance ## - http://www.hpl.hp.com/personal/David_Mosberger/httperf.html ## ## [kernel] ## #kernel.sysrq = 0 ## Disables the magic-sysrq key #kernel.shmmax = 134217728 ## Maximum size of shared memory segment (bytes), default 32MB ## cf) FreeBSD `kern.ipc.shmmax' bytes #kernel.shmall = 134217728 ## Total amount of shared memory available (bytes or pages), default 2MB ## cf) FreeBSD `kern.ipc.shmall' pages, 1page = 4KB(i386) #kernel.sem = 1000 32000 32 512 kernel.core_uses_pid = 1 ## core dump file add pid name ## [vm] ## #vm.bdflush = 100 1200 128 512 15 5000 500 1884 2 ## Improve file system performance ## [fs] ## fs.file-max = 65536 ## 512M -> 32768, 1G -> 65536, 2G -> 131072 ## [net.core] -- increase Linux TCP buffer limits ## net.core.rmem_max = 8388608 ## receive queue, default 131071 net.core.wmem_max = 8388608 ## write queue, default 131071 net.core.rmem_default = 65536 net.core.wmem_default = 65536 net.core.netdev_max_backlog = 16384 ## default 300, refer net.ipv4.tcp_max_syn_backlog ## [net.ipv4.conf] -- IP Spoofing Source Route ## net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.lo.rp_filter = 1 net.ipv4.conf.eth0.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1 ## Enables source route verification ## net.ipv4.conf.all.accept_source_route = 0 ## Disables IP source routing net.ipv4.conf.lo.accept_source_route = 0 net.ipv4.conf.eth0.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0 ## [net.ipv4] ## net.ipv4.ip_forward = 0 ## Disables packet forwarding net.ipv4.ip_local_port_range = 20000 60000 net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.icmp_ignore_bogus_error_responses = 1 ## [tcp tuning] ## net.ipv4.tcp_sack = 0 net.ipv4.tcp_window_scaling = 0 net.ipv4.tcp_timestamps = 0 ## Turn off the tcp_timestamps net.ipv4.tcp_fin_timeout = 10 ## FIN_WAIT1, FIN_WAIT2 net.ipv4.tcp_keepalive_time = 600 ## seconds, interval of KeepAlive send message net.ipv4.tcp_keepalive_probes = 3 ## number try net.ipv4.tcp_keepalive_intvl = 5 ## seconds net.ipv4.tcp_max_syn_backlog = 16384 ## refer net.core.netdev_max_backlog #net.ipv4.tcp_syncookies = 1 ## required by kernel configurations #net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 ## must be 1 net.ipv4.tcp_rfc1337 = 1 ## webserver 1, fileserver 0, TIME-WAIT Assassination Hazards in TCP net.ipv4.tcp_max_tw_buckets = 2000000 ## TIME_WAIT ## [tcp buffer limits tunning] ## net.ipv4.tcp_rmem = 4096 87380 8388608 ## min, default, and max number of bytes to use net.ipv4.tcp_wmem = 4096 65536 8388608 net.ipv4.tcp_mem = 4096 4096 4096 ## number of pages, not bytes