Results 1 to 16 of 16
  1. #1
    Join Date
    Oct 2003
    Location
    Portugal
    Posts
    77

    HOW-TO: Tune Settings In sysctl.conf

    Tunning settings in sysctl.conf really help speeding things up under heavy usage..

    Basically just edit your /etc/sysctl.conf file (you will need to be root)...

    Here are my settings (you may or may not have some of these already), I tried to put a short comment for each, you can google them if you need more info:

    PHP Code:
    # Disables packet forwarding
    net.ipv4.ip_forward 0
    # Enables source route verification
    net.ipv4.conf.default.rp_filter 1
    # Disables the magic-sysrq key
    kernel.sysrq 0
    # Decrease the time default value for tcp_fin_timeout connection
    net.ipv4.tcp_fin_timeout 25
    # Decrease the time default value for tcp_keepalive_time connection
    net.ipv4.tcp_keepalive_time 3600
    # Turn on the tcp_window_scaling
    net.ipv4.tcp_window_scaling 1
    # Turn on the tcp_sack
    net.ipv4.tcp_sack 1
    # tcp_fack should be on because of sack
    net.ipv4.tcp_fack 1
    # Turn on the tcp_timestamps
    net.ipv4.tcp_timestamps 1
    # Enable TCP SYN Cookie Protection
    net.ipv4.tcp_syncookies 1
    # Enable ignoring broadcasts request
    net.ipv4.icmp_echo_ignore_broadcasts 1
    # Disable ICMP Redirect Acceptance
    net.ipv4.conf.all.accept_redirects 0
    # Enable bad error message Protection
    net.ipv4.icmp_ignore_bogus_error_responses 1
    # Don't Log Spoofed Packets, Source Routed Packets, Redirect Packets
    net.ipv4.conf.all.log_martians 0
    # Make more local ports available
    net.ipv4.ip_local_port_range 1024 65000
    # Increase maximum amount of memory allocated to shm
    kernel.shmmax 1073741824
    # Improve file system performance
    vm.bdflush 100 1200 128 512 15 5000 500 1884 2
    # This will increase the amount of memory available for socket input/output queues
    net.ipv4.tcp_rmem 4096 25165824 25165824
    net
    .core.rmem_max 25165824
    net
    .core.rmem_default 25165824
    net
    .ipv4.tcp_wmem 4096 65536 25165824
    net
    .core.wmem_max 25165824
    net
    .core.wmem_default 65536
    net
    .core.optmem_max 25165824

    # If you are feeling daring, you can also use these settings below, otherwise just remove them. (Should increase performance)

    net.core.netdev_max_backlog 2500
    net
    .ipv4.tcp_tw_recycle 1
    net
    .ipv4.tcp_tw_reuse 


    After you make the changes to the file, you can make them effective immediately by typing in /sbin/sysctl -p

    Also, you will need to issue sysctl -w net.ipv4.route.flush=1 to flush the routing table to make some of these changes happen instantly.

    Lastly, you can increase the size of the interface queue by typing /sbin/ifconfig eth0 txqueuelen 1000

  2. #2
    What distribution/Os were you using?

    In any case, for those who want to see what's the difference, this is a copy I grab off a default install of RH 9.

    Code:
    # Kernel sysctl configuration file for Red Hat Linux
    #
    # For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
    # sysctl.conf(5) for more details.
    
    # Controls IP packet forwarding
    net.ipv4.ip_forward = 0
    
    # Controls source route verification
    net.ipv4.conf.default.rp_filter = 1
    
    # Controls the System Request debugging functionality of the kernel
    kernel.sysrq = 0
    
    # Controls whether core dumps will append the PID to the core filename.
    # Useful for debugging multi-threaded applications.
    kernel.core_uses_pid = 1
    ••• Like us on Facebook to qualify for discounts! •••
    ••• http://www.sprintserve.net •••
    ••• Offering: | Internap FCP Bandwidth! | Rebootless Kernel Updates! | Magento Optimized Hosting | Wordpress Hosting | •••
    ••• Services: | Managed Multiple Cores 64bit Servers | Server Management | •••

  3. #3
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    i believe this came off of ev1 forums.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  4. #4
    Do you have a link to that? so that it can be properly credited. Thanks.
    ••• Like us on Facebook to qualify for discounts! •••
    ••• http://www.sprintserve.net •••
    ••• Offering: | Internap FCP Bandwidth! | Rebootless Kernel Updates! | Magento Optimized Hosting | Wordpress Hosting | •••
    ••• Services: | Managed Multiple Cores 64bit Servers | Server Management | •••

  5. #5
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  6. #6
    Join Date
    Feb 2004
    Location
    Delray Beach, FL
    Posts
    77
    Those settings made my server always 20-30% busy. I rolled back to original sysctl.conf and now server load shows 0.00, used to show 0.30 always.

    I even asked here

    It is on Dual Xeon 2.8, 2 Gb memory.

  7. #7
    If you read the thread on ev1 forums, you can see why this is so. One of which is the increased transmit buffer size which uses significantly more resources for TCP connections.

    Try leaving out:

    net.ipv4.tcp_rmem = 4096 25165824 25165824
    net.core.rmem_max = 25165824
    net.core.rmem_default = 25165824
    net.ipv4.tcp_wmem = 4096 65536 25165824
    net.core.wmem_max = 25165824
    net.core.wmem_default = 65536
    ••• Like us on Facebook to qualify for discounts! •••
    ••• http://www.sprintserve.net •••
    ••• Offering: | Internap FCP Bandwidth! | Rebootless Kernel Updates! | Magento Optimized Hosting | Wordpress Hosting | •••
    ••• Services: | Managed Multiple Cores 64bit Servers | Server Management | •••

  8. #8
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    # Kernel sysctl configuration file for Red Hat Linux
    #
    # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
    # sysctl.conf(5) for more details.

    # Disables packet forwarding
    net.ipv4.ip_forward=0

    # Disables IP source routing
    net.ipv4.conf.all.accept_source_route = 0
    net.ipv4.conf.lo.accept_source_route = 0
    net.ipv4.conf.eth0.accept_source_route = 0
    net.ipv4.conf.default.accept_source_route = 0

    # Enable IP spoofing protection, turn on source route verification
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.lo.rp_filter = 1
    net.ipv4.conf.eth0.rp_filter = 1
    net.ipv4.conf.default.rp_filter = 1

    # Disable ICMP Redirect Acceptance
    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.lo.accept_redirects = 0
    net.ipv4.conf.eth0.accept_redirects = 0
    net.ipv4.conf.default.accept_redirects = 0

    # Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
    net.ipv4.conf.all.log_martians = 0
    net.ipv4.conf.lo.log_martians = 0
    net.ipv4.conf.eth0.log_martians = 0

    # Disables IP source routing
    net.ipv4.conf.all.accept_source_route = 0
    net.ipv4.conf.lo.accept_source_route = 0
    net.ipv4.conf.eth0.accept_source_route = 0
    net.ipv4.conf.default.accept_source_route = 0

    # Enable IP spoofing protection, turn on source route verification
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.lo.rp_filter = 1
    net.ipv4.conf.eth0.rp_filter = 1
    net.ipv4.conf.default.rp_filter = 1

    # Disable ICMP Redirect Acceptance
    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.lo.accept_redirects = 0
    net.ipv4.conf.eth0.accept_redirects = 0
    net.ipv4.conf.default.accept_redirects = 0

    # Disables the magic-sysrq key
    kernel.sysrq = 0

    # Decrease the time default value for tcp_fin_timeout connection
    net.ipv4.tcp_fin_timeout = 15

    # Decrease the time default value for tcp_keepalive_time connection
    net.ipv4.tcp_keepalive_time = 1800

    # Turn off the tcp_window_scaling
    net.ipv4.tcp_window_scaling = 0

    # Turn off the tcp_sack
    net.ipv4.tcp_sack = 0

    # Turn off the tcp_timestamps
    net.ipv4.tcp_timestamps = 0

    # Enable TCP SYN Cookie Protection
    net.ipv4.tcp_syncookies = 1

    # Enable ignoring broadcasts request
    net.ipv4.icmp_echo_ignore_broadcasts = 1

    # Enable bad error message Protection
    net.ipv4.icmp_ignore_bogus_error_responses = 1

    # Log Spoofed Packets, Source Routed Packets, Redirect Packets
    net.ipv4.conf.all.log_martians = 1

    # Increases the size of the socket queue (effectively, q0).
    net.ipv4.tcp_max_syn_backlog = 1024

    # Increase the tcp-time-wait buckets pool size
    net.ipv4.tcp_max_tw_buckets = 1440000

    # Allowed local port range
    net.ipv4.ip_local_port_range = 16384 65536
    I Use this on servers.


    http://ipsysctl-tutorial.frozentux.n...-tutorial.html
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  9. #9
    Hi,
    is there any reason to set net.ipv4.tcp_keepalive_time to a much longer value than apache's keep alive timeout ?
    The largest message boards on the web!

  10. #10
    Join Date
    Feb 2004
    Location
    Delray Beach, FL
    Posts
    77
    Hi!

    I have a question to smart people too

    Is there any settings for UDP? I have media streaming software running which uses UDP connections, so may be I can tune it up.

  11. #11
    Join Date
    Jun 2005
    Posts
    8
    This is what im looking for. thanks.

  12. #12
    Originally posted by igorkl
    Hi!

    I have a question to smart people too

    Is there any settings for UDP? I have media streaming software running which uses UDP connections, so may be I can tune it up.

    what software you have that uses UDP ?????!?!!!

  13. #13
    Originally posted by igorkl
    Hi!

    I have a question to smart people too

    Is there any settings for UDP? I have media streaming software running which uses UDP connections, so may be I can tune it up.

    what software you have that uses UDP ?????!?!!!

  14. #14
    Join Date
    Feb 2004
    Location
    Delray Beach, FL
    Posts
    77
    Pc-Center,

    video streaming helix server

  15. #15
    ok thanx!

    do you know btw any audio streamer (compatible in players like winamp and media player) that uses udp too ???

    udp technology is a lot better for streaming than tcp !!!

    (about 20% faster because this protocol uses less headers and no error correction)

  16. #16
    Join Date
    Feb 2004
    Location
    Delray Beach, FL
    Posts
    77
    Pc-Center,

    Helix server can stream audio files, mp3 and others, not sure if Media Player can use UDP for live media streams (At least I've never seen).

    RealPlayer does use UDPwhen it can.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •