Skip to content

Instantly share code, notes, and snippets.

@FutureBody

FutureBody/gist:93093b615f419a2667521dd84e64956f

Forked from kwilczynski/gist:5871135
Created July 15, 2024 07:24
Show Gist options
  • Save FutureBody/93093b615f419a2667521dd84e64956f to your computer and use it in GitHub Desktop.
Save FutureBody/93093b615f419a2667521dd84e64956f to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @kwilczynski kwilczynski revised this gist Jun 26, 2013. 1 changed file with 38 additions and 11 deletions.
    49 changes: 38 additions & 11 deletions gistfile1.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -1,6 +1,12 @@
    /etc/sysctl.conf:

    kernel.printk = 4 4 1 7
    kernel.printk_ratelimit = 5
    kernel.printk_ratelimit_burst = 10
    net.ipv6.conf.lo.disable_ipv6 = 1

    net.ipv6.conf.all.disable_ipv6 = 1
    net.ipv6.conf.default.disable_ipv6 = 1

    net.ipv6.conf.all.use_tempaddr = 2
    net.ipv6.conf.all.router_solicitations = 0
    @@ -19,11 +25,9 @@ net.ipv6.conf.default.accept_ra_defrtr = 0
    net.ipv6.conf.default.autoconf = 0
    net.ipv6.conf.default.dad_transmits = 0
    net.ipv6.conf.default.max_addresses = 1

    kernel.kptr_restrict = 1
    kernel.exec-shield = 1
    kernel.randomize_va_space = 1

    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.all.accept_source_route = 0
    net.ipv4.conf.all.log_martians = 1
    @@ -40,14 +44,10 @@ net.ipv4.conf.default.send_redirects = 0

    net.ipv4.icmp_echo_ignore_broadcasts = 1
    net.ipv4.icmp_ignore_bogus_error_responses = 1

    fs.protected_hardlinks = 1
    fs.protected_symlinks = 1

    kernel.yama.ptrace_scope = 1

    vm.mmap_min_addr = 65536

    fs.file-max = 1048576

    fs.suid_dumpable = 2
    @@ -62,10 +62,10 @@ kernel.panic_on_oops = 0

    kernel.pid_max = 131072

    kernel.randomize_va_space = 1

    kernel.threads-max = 1048576

    kernel.sem = 256 262144 128 1024

    kernel.sysrq = 1

    vm.laptop_mode = 0
    @@ -79,7 +79,9 @@ vm.dirty_ratio = 10
    vm.max_map_count = 1048576
    vm.min_free_kbytes = 131072

    net.ipv4.tcp_rfc1337 = 1
    kernel.shmmax = 536870912

    net.ipv4.tcp_rfc1337 = 0

    net.ipv4.ip_forward = 0

    @@ -99,7 +101,9 @@ net.ipv4.tcp_window_scaling = 1
    net.ipv4.tcp_moderate_rcvbuf = 1
    net.ipv4.tcp_no_metrics_save = 1

    net.ipv4.ip_local_port_range = 1024 65535
    net.ipv4.ip_local_port_range = 10240 65535

    net.ipv4.tcp_congestion_control = cubic

    net.core.optmem_max = 40960
    net.core.netdev_max_backlog = 16384
    @@ -111,16 +115,39 @@ net.ipv4.tcp_max_syn_backlog = 4096
    net.core.rmem_max = 16777216
    net.core.wmem_max = 16777216

    net.ipv4.udp_wmem_min = 16384
    net.ipv4.udp_rmem_min = 16384

    net.core.rmem_default = 5242880
    net.core.wmem_default = 5242880

    net.ipv4.tcp_mem = 8388608 65536 16777216
    net.ipv4.udp_mem = 8388608 65536 16777216

    net.ipv4.tcp_wmem = 4096 65536 16777216
    net.ipv4.tcp_rmem = 4096 81920 16777216

    net.ipv4.tcp_max_orphans = 16384
    net.ipv4.tcp_max_syn_backlog = 10240
    net.ipv4.tcp_max_tw_buckets = 40960

    net.ipv4.tcp_reordering = 5

    net.ipv4.tcp_fin_timeout = 10

    net.ipv4.neigh.default.proxy_qlen = 96
    net.ipv4.neigh.default.unres_qlen = 6

    net.unix.max_dgram_qlen = 50

    net.ipv4.tcp_keepalive_time = 300
    net.ipv4.tcp_keepalive_probes = 3
    net.ipv4.tcp_keepalive_intvl = 90

    net.ipv4.tcp_syn_retries = 3
    net.ipv4.tcp_synack_retries = 3
    net.ipv4.tcp_synack_retries = 3
    net.ipv4.tcp_orphan_retries = 2

    /etc/sysfs.conf:
    /sys/class/net/eth0/queues/rx-0/rps_cpus = f
    /sys/class/net/eth0/queues/tx-0/xps_cpus = f
  2. @kwilczynski kwilczynski created this gist Jun 26, 2013.
    126 changes: 126 additions & 0 deletions gistfile1.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,126 @@
    kernel.printk = 4 4 1 7
    kernel.printk_ratelimit = 5
    kernel.printk_ratelimit_burst = 10

    net.ipv6.conf.all.use_tempaddr = 2
    net.ipv6.conf.all.router_solicitations = 0
    net.ipv6.conf.all.accept_ra_rtr_pref = 0
    net.ipv6.conf.all.accept_ra_pinfo = 0
    net.ipv6.conf.all.accept_ra_defrtr = 0
    net.ipv6.conf.all.autoconf = 0
    net.ipv6.conf.all.dad_transmits = 0
    net.ipv6.conf.all.max_addresses = 1

    net.ipv6.conf.default.use_tempaddr = 2
    net.ipv6.conf.default.router_solicitations = 0
    net.ipv6.conf.default.accept_ra_rtr_pref = 0
    net.ipv6.conf.default.accept_ra_pinfo = 0
    net.ipv6.conf.default.accept_ra_defrtr = 0
    net.ipv6.conf.default.autoconf = 0
    net.ipv6.conf.default.dad_transmits = 0
    net.ipv6.conf.default.max_addresses = 1

    kernel.kptr_restrict = 1
    kernel.exec-shield = 1
    kernel.randomize_va_space = 1

    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.all.accept_source_route = 0
    net.ipv4.conf.all.log_martians = 1
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.all.secure_redirects = 1
    net.ipv4.conf.all.send_redirects = 0

    net.ipv4.conf.default.accept_redirects = 0
    net.ipv4.conf.default.accept_source_route = 0
    net.ipv4.conf.default.log_martians = 1
    net.ipv4.conf.default.rp_filter = 1
    net.ipv4.conf.default.secure_redirects = 1
    net.ipv4.conf.default.send_redirects = 0

    net.ipv4.icmp_echo_ignore_broadcasts = 1
    net.ipv4.icmp_ignore_bogus_error_responses = 1

    fs.protected_hardlinks = 1
    fs.protected_symlinks = 1

    kernel.yama.ptrace_scope = 1

    vm.mmap_min_addr = 65536

    fs.file-max = 1048576

    fs.suid_dumpable = 2

    kernel.core_uses_pid = 1

    kernel.msgmax = 65536
    kernel.msgmnb = 65536

    kernel.panic = 300
    kernel.panic_on_oops = 0

    kernel.pid_max = 131072

    kernel.randomize_va_space = 1

    kernel.threads-max = 1048576

    kernel.sysrq = 1

    vm.laptop_mode = 0

    vm.swappiness = 0
    vm.vfs_cache_pressure = 50

    vm.dirty_background_ratio = 5
    vm.dirty_ratio = 10

    vm.max_map_count = 1048576
    vm.min_free_kbytes = 131072

    net.ipv4.tcp_rfc1337 = 1

    net.ipv4.ip_forward = 0

    net.ipv4.tcp_ecn = 0

    net.ipv4.tcp_sack = 1
    net.ipv4.tcp_fack = 1
    net.ipv4.tcp_dsack = 1

    net.ipv4.tcp_tw_recycle = 1
    net.ipv4.tcp_tw_reuse = 1

    net.ipv4.tcp_syncookies = 1
    net.ipv4.tcp_timestamps = 1
    net.ipv4.tcp_window_scaling = 1

    net.ipv4.tcp_moderate_rcvbuf = 1
    net.ipv4.tcp_no_metrics_save = 1

    net.ipv4.ip_local_port_range = 1024 65535

    net.core.optmem_max = 40960
    net.core.netdev_max_backlog = 16384
    net.core.somaxconn = 1024
    net.core.hot_list_length = 256

    net.ipv4.tcp_max_syn_backlog = 4096

    net.core.rmem_max = 16777216
    net.core.wmem_max = 16777216

    net.ipv4.tcp_wmem = 4096 65536 16777216
    net.ipv4.tcp_rmem = 4096 81920 16777216

    net.ipv4.tcp_max_orphans = 16384
    net.ipv4.tcp_max_syn_backlog = 10240
    net.ipv4.tcp_max_tw_buckets = 40960

    net.ipv4.tcp_fin_timeout = 10

    net.ipv4.tcp_keepalive_time = 300

    net.ipv4.tcp_syn_retries = 3
    net.ipv4.tcp_synack_retries = 3