You are on page 1of 5

19/5/2015 Linux Consulting: sysctl - Kernel Optimization - /etc/sysctl.

conf

Questo sito si serve dei cookie per fornire servizi. Utilizzando questo sito acconsenti all'utilizzo dei cookie.  Ulteriori inf

Linux Consulting
Looking for a MySQL expert? I'm available to provide MySQL consulting

WEDNESDAY, NOVEMBER 16, 2005 Contributors

sysctl - Kernel Optimization - /etc/sysctl.conf Frank


elite
IP Forwarding:
Is IP forwarding currently on?
/sbin/sysctl net.ipv4.ip_forward MySQL

Turn IP forwarding on manually


/sbin/sysctl -w net.ipv4.ip_forward=1
Previous Posts
Turning IP packet forwarding off manually Linux Cool Commands

[root@plain scripts]# /sbin/sysctl -w net.ipv4.ip_forward=1 How to Install / Upgrade Apache


net.ipv4.ip_forward = 1 2.0 (Apache2)
[root@plain scripts]# /sbin/sysctl -w net.ipv4.ip_forward=0
SMART Disks - Controlling and
net.ipv4.ip_forward = 0
monitoring SMART SCS...
hostname - Changing server host
The following command will do the same job as the above, but
name
temporarily
echo 0 > /proc/sys/net/ipv4/ip_forward audit.d crashing - Auditd save files
consuming lar...

Upon executing the above command, /etc/sysctl.conf file reflects the AJAX and Web 2.0
change Restoring drives on a RHEL server
# Controls IP packet forwarding
net.ipv4.ip_forward = 0 Sony rootkit update
"Sony knows ... what you listen to"
- Internal tec...
By default, the /etc/sysctl.conf file looks like the following:
# Kernel sysctl configuration file for Red Hat Linux For System Administrators
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.

# Controls IP packet forwarding


net.ipv4.ip_forward = 0
 
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1

# Controls the System Request debugging functionality of the kernel


kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1

I will be optimizing this file (use at own risk).

Lets check the current memory values for socket IO operations

http://frankmash.blogspot.it/2005/11/sysctl-kernel-optimization.html 1/5
19/5/2015 Linux Consulting: sysctl - Kernel Optimization - /etc/sysctl.conf
[root@plain scripts]# /sbin/sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0
[root@plain scripts]# /sbin/sysctl net.core.rmem_default
net.core.rmem_default = 65535
[root@plain scripts]# /sbin/sysctl net.core.rmem_max
net.core.rmem_max = 131071
[root@plain scripts]# /sbin/sysctl net.ipv4.tcp_rmem
net.ipv4.tcp_rmem = 4096 87380 174760
[root@plain scripts]# /sbin/sysctl net.core.wmem_default
net.core.wmem_default = 65535
[root@plain scripts]# /sbin/sysctl net.core.wmem_max
net.core.wmem_max = 131071
[root@plain scripts]# /sbin/sysctl net.ipv4.tcp_wmem
net.ipv4.tcp_wmem = 4096 16384 131072
[root@plain scripts]# /sbin/sysctl net.ipv4.tcp_mem
net.ipv4.tcp_mem = 195584 196096 196608
[root@plain scripts]# /sbin/sysctl net.core.optmem_max
net.core.optmem_max = 10240

I will be increasing the following values:

net.core.rmem_max (from 131071 to 8388608)


net.ipv4.tcp_rmem = from ("4096 87380 174760" to "4096 1048576
8388608")
net.core.wmem_max = (from 131071 to 8388608)
net.ipv4.tcp_wmem = (from 4096 16384 131072 to 4096 65535
8388608)
net.ipv4.tcp_mem = (from 195584 196096 196608 to 8388608
8388608 8388608)
net.core.optmem_max = (from 10240 to 40960)

Changes can be made by placing the following lines in /etc/sysctl.conf

net.core.rmem_max = 8388608
net.ipv4.tcp_rmem = 4096 1048576 8388608
net.core.wmem_max = 8388608
net.ipv4.tcp_wmem = 4096 1048576 8388608
net.ipv4.tcp_mem = 8388608 8388608 8388608
net.core.optmem_max = 40960

OR by issuing the following commands

/sbin/sysctl -w net.core.rmem_max=8388608
/sbin/sysctl -w net.ipv4.tcp_rmem="4096 1048576 8388608"
/sbin/sysctl -w net.core.wmem_max=8388608
/sbin/sysctl -w net.ipv4.tcp_wmem="4096 1048576 8388608"
/sbin/sysctl -w net.ipv4.tcp_mem="8388608 8388608 8388608"
/sbin/sysctl -w net.core.optmem_max=40960

Some more Optimizations

http://frankmash.blogspot.it/2005/11/sysctl-kernel-optimization.html 2/5
19/5/2015 Linux Consulting: sysctl - Kernel Optimization - /etc/sysctl.conf
# tcp-time-wait buckets pool size from
# net.ipv4.tcp_max_tw_buckets = 180000
# to 360000
/sbin/sysctl -w net.ipv4.tcp_max_tw_buckets=360000
# Increase the maximum number of skb-heads to be cached from 128
/sbin/sysctl -w net.core.hot_list_length=256
# increase from 300 to 1024
/sbin/sysctl -w net.core.netdev_max_backlog=1024
#increase TCP Re-Ordering value in kernel from 3 to 5
/sbin/sysctl -w net.ipv4.tcp_reordering=5
# change from 0 to 1 to Enable ignoring broadcasts request
/sbin/sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1
# change from 0 to 1 to enable syn cookies protection
/sbin/sysctl -w net.ipv4.tcp_syncookies=1
# turn on TCP time stamps
/sbin/sysctl -w net.ipv4.tcp_timestamps=1
# change from 0 to 1 (fack was enabled already)
/sbin/sysctl -w net.ipv4.tcp_sack=1
# change from 0 to 1 for TCP window scaling
/sbin/sysctl -w net.ipv4.tcp_window_scaling=1
# decrease from 1400 to 1200 for tcp_keepalive_time connection

For the above changes to take effect, we must do


/sbin/sysctl -p
# and
/sbin/sysctl -w net.ipv4.route.flush=1

sysctl -A provides the following output

abi.fake_utsname = 0
abi.trace = 0
abi.defhandler_libcso = 68157441
abi.defhandler_lcall7 = 68157441
abi.defhandler_elf = 0
abi.defhandler_coff = 117440515
dev.parport.default.spintime = 500
dev.parport.default.timeslice = 200
dev.raid.speed_limit_max = 10000
dev.raid.speed_limit_min = 100
dev.rtc.max-user-freq = 64
debug.rpmarch =
debug.kerneltype =
net.unix.max_dgram_qlen = 10
net.token-ring.rif_timeout = 60000
net.ipv4.ip_conntrack_max = 34576
net.ipv4.conf.eth0.force_igmp_version = 0
net.ipv4.conf.eth0.disable_policy = 0
net.ipv4.conf.eth0.disable_xfrm = 0
net.ipv4.conf.eth0.arp_filter = 0
net.ipv4.conf.eth0.tag = 0

kernel linux security optimization hardening

by Frank @ 6:34 AM   4 comments links to this post

4 Comments:

At Thu Nov 23, 05:03:00 AM,  Anonymous said...


Hi Frank,

http://frankmash.blogspot.it/2005/11/sysctl-kernel-optimization.html 3/5
19/5/2015 Linux Consulting: sysctl - Kernel Optimization - /etc/sysctl.conf

I'm glad to read your blog. I have some question about the setting in
sysctl.conf, hope you could help.

================================
net.ipv4.tcp_rmem = 4096 1048576 8388608
================================
I understand the above setting which increase the tcp buffer size if it
set net.ipv4.tcp_rmem = 1048576. But there are there value, 4096
1048576 8388608, on the setting. What's the meaning of these?

At Thu Nov 23, 05:05:00 AM,  Anonymous said...


Hi Frank,

I'm glad to read your blog. I have some question about the setting in
sysctl.conf, hope you could help.

================================
net.ipv4.tcp_rmem = 4096 1048576 8388608
================================
I understand the above setting which increase the tcp buffer size if it
set net.ipv4.tcp_rmem = 1048576. But there are there value, 4096
1048576 8388608, on the setting. What's the meaning of these?

At Fri Nov 24, 12:39:00 PM,  Frankly Speaking! said...


Thank you.

To answer your question, the values represent minimum, default and


maximum bytes to use for the receive buffer of a socket.

Let me know if that answers your question or if you have any other
questions.

You may also want to read this paper:


Flow Control in the Linux Network Stack

Frank

At Sun Dec 10, 05:47:00 PM,  Anonymous said...


Hi Frank,

Thank you for the write up. Do you know why the following message
appear?

error: 'net.core.hot_list_length' is an unknown key

This is my kernel version (CentOS 4.4)

Linux skipjack.bigfish.net 2.6.9-42.0.3.ELsmp #1 SMP Fri Oct 6 06:21:39


CDT 2006 i686 i686 i386 GNU/Linux

Post a Comment

Links to this post:

Create a Link

<< Home

http://frankmash.blogspot.it/2005/11/sysctl-kernel-optimization.html 4/5
19/5/2015 Linux Consulting: sysctl - Kernel Optimization - /etc/sysctl.conf

http://frankmash.blogspot.it/2005/11/sysctl-kernel-optimization.html 5/5