Results 1 to 8 of 8
  1. #1
    Join Date
    Jul 2004
    Posts
    873

    Optimization request for sysctl.conf

    hi

    i wana know is this configuration good for this kind of usage ?

    this isnt in peak time !


    root@server [/]# netstat -n | grep :80 |wc -l
    7600

    root@server [/]# netstat -na|grep ESTABLISHED|wc -l
    806

    root@server [/]# ps -ef|grep httpd|wc -l
    650

    root@server [/]# netstat -an | grep SYN |wc -l
    260

    average daily transfer : 250GB

    Server specs :
    dual opteron 244
    ram 8gb ( tommarow it will be 16gb)
    os : centos 3.4 32bit




    current settings :

    Code:
    # Kernel sysctl configuration file for Red Hat Linux
    #
    # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
    # sysctl.conf(5) for more details.
    
    # Disables packet forwarding
    net.ipv4.ip_forward=0
    
    # Disables IP source routing
    net.ipv4.conf.all.accept_source_route = 0
    net.ipv4.conf.lo.accept_source_route = 0
    net.ipv4.conf.eth0.accept_source_route = 0
    net.ipv4.conf.default.accept_source_route = 0
    
    # Enable IP spoofing protection, turn on source route verification
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.lo.rp_filter = 1
    net.ipv4.conf.eth0.rp_filter = 1
    net.ipv4.conf.default.rp_filter = 1
    
    # Disable ICMP Redirect Acceptance
    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.lo.accept_redirects = 0
    net.ipv4.conf.eth0.accept_redirects = 0
    net.ipv4.conf.default.accept_redirects = 0
    
    # Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
    net.ipv4.conf.all.log_martians = 0
    net.ipv4.conf.lo.log_martians = 0
    net.ipv4.conf.eth0.log_martians = 0
    
    # Disables IP source routing
    net.ipv4.conf.all.accept_source_route = 0
    net.ipv4.conf.lo.accept_source_route = 0
    net.ipv4.conf.eth0.accept_source_route = 0
    net.ipv4.conf.default.accept_source_route = 0
    
    # Enable IP spoofing protection, turn on source route verification
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.lo.rp_filter = 1
    net.ipv4.conf.eth0.rp_filter = 1
    net.ipv4.conf.default.rp_filter = 1
    
    # Disable ICMP Redirect Acceptance
    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.lo.accept_redirects = 0
    net.ipv4.conf.eth0.accept_redirects = 0
    net.ipv4.conf.default.accept_redirects = 0
    
    # Disables the magic-sysrq key
    kernel.sysrq = 0
    
    # Decrease the time default value for tcp_fin_timeout connection
    net.ipv4.tcp_fin_timeout = 15
    
    # Decrease the time default value for tcp_keepalive_time connection
    net.ipv4.tcp_keepalive_time = 1800
    
    # Turn off the tcp_window_scaling
    net.ipv4.tcp_window_scaling = 0
    
    # Turn off the tcp_sack
    net.ipv4.tcp_sack = 0
    
    # Turn off the tcp_timestamps
    net.ipv4.tcp_timestamps = 0
    
    # Enable TCP SYN Cookie Protection
    net.ipv4.tcp_syncookies = 1
    
    # Enable ignoring broadcasts request
    net.ipv4.icmp_echo_ignore_broadcasts = 1
    
    # Enable bad error message Protection
    net.ipv4.icmp_ignore_bogus_error_responses = 1
    
    # Log Spoofed Packets, Source Routed Packets, Redirect Packets
    net.ipv4.conf.all.log_martians = 1
    
    # Increases the size of the socket queue (effectively, q0).
    net.ipv4.tcp_max_syn_backlog = 1024
    
    # Increase the tcp-time-wait buckets pool size
    net.ipv4.tcp_max_tw_buckets = 1440000
    
    # Allowed local port range
    net.ipv4.ip_local_port_range = 16384 65536

  2. #2
    Join Date
    Jul 2004
    Posts
    873
    nothing ?

    mean these configuration is ok for this server ?

  3. #3
    Join Date
    Nov 2002
    Location
    Finland
    Posts
    96
    Hi,

    what kind of web pages there are in the server? i mean like is there alot of heavy mysql sites or just static pages?

    I reacently setup one box with similar specs for heavy database usage, and only "problem" with Kernel sysctl settings was the file-max that defaults to 1024... at peak time mysql just crashed every 5mins with errors like cant find xxxxx.MYI etc.. but after setting fs.file-max=2048 everything works fine..


    - Tero

  4. #4
    Join Date
    Jul 2004
    Posts
    873
    there is very lite mysql usage and i am useing this server for webproxy

    i am useing cgiproxy and this server is like a bridge ,

    so what you recommend me ?

  5. #5
    Join Date
    Feb 2002
    Location
    San Diego CA
    Posts
    1,478
    7600 concurrent connections to port 80??

    root@server [/]# netstat -n | grep :80 |wc -l
    7600
    What you can do with Cpanel ------------------> |||||
    What you can do with Cpanel XP+CpanelAPP -------> ||||||||||||||||||||||||||||||||||||||||

    Your competitors are cashing in with Cpanel XP & CpanelAPP, are you?

  6. #6
    Join Date
    Jul 2004
    Posts
    873
    yes
    i said this server is used for webproxy and i have minimum 250gb daily transfer

  7. #7
    Join Date
    Jul 2004
    Posts
    873
    nothing ?

  8. #8
    Join Date
    Feb 2002
    Location
    San Diego CA
    Posts
    1,478
    Sorry I am not really good at server administration.
    But thank you for opening my eyes to what dual opteron servers are capable of.

    Can you tell me whos your provider?
    I have a plan to roll out a site that is going to use a lot of bandwidth pretty soon. It will be good to get some hookups.
    What you can do with Cpanel ------------------> |||||
    What you can do with Cpanel XP+CpanelAPP -------> ||||||||||||||||||||||||||||||||||||||||

    Your competitors are cashing in with Cpanel XP & CpanelAPP, are you?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •