-
-
Save nguyenducduy/335c18b31b44e74ddf466596b5abb498 to your computer and use it in GitHub Desktop.
Revisions
-
Kurt Griffiths revised this gist
Sep 29, 2014 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -90,7 +90,7 @@ net.ipv4.tcp_max_tw_buckets = 2000000 net.ipv4.tcp_fin_timeout = 10 # Let the networking stack reuse TIME_WAIT connections when it thinks it's safe to do so net.ipv4.tcp_tw_reuse = 1 # Determines the wait time between isAlive interval probes (reduce from 75 sec to 15) net.ipv4.tcp_keepalive_intvl = 15 -
May 20, 2014 . 1 changed file with 4 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -18,10 +18,6 @@ vm.swappiness = 10 #kernel.printk_ratelimit_burst = 10 #kernel.printk_ratelimit = 5 # -------------------------------------------------------------------- # The following allow the server to handle lots of connection requests # -------------------------------------------------------------------- @@ -44,6 +40,10 @@ fs.file-max = 100000 # Widen the port range used for outgoing connections net.ipv4.ip_local_port_range = 10000 65000 # If your servers talk UDP, also up these limits net.ipv4.udp_rmem_min = 8192 net.ipv4.udp_wmem_min = 8192 # -------------------------------------------------------------------- # The following help the server efficiently pipe large amounts of data # -------------------------------------------------------------------- -
Mar 17, 2014 . 1 changed file with 50 additions and 17 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,46 +1,76 @@ # Configuration file for runtime kernel parameters. # See sysctl.conf(5) for more information. # See also http://www.nateware.com/linux-network-tuning-for-2013.html for # an explanation about some of these parameters, and instructions for # a few other tweaks outside this file. # Protection from SYN flood attack. net.ipv4.tcp_syncookies = 1 # See evil packets in your logs. net.ipv4.conf.all.log_martians = 1 # Discourage Linux from swapping idle server processes to disk (default = 60) vm.swappiness = 10 # Tweak how the flow of kernel messages is throttled. #kernel.printk_ratelimit_burst = 10 #kernel.printk_ratelimit = 5 # If your servers talk UDP, also up these limits net.ipv4.udp_rmem_min = 8192 net.ipv4.udp_wmem_min = 8192 # -------------------------------------------------------------------- # The following allow the server to handle lots of connection requests # -------------------------------------------------------------------- # Increase number of incoming connections that can queue up # before dropping net.core.somaxconn = 50000 # Handle SYN floods and large numbers of valid HTTPS connections net.ipv4.tcp_max_syn_backlog = 30000 # Increase the length of the network device input queue net.core.netdev_max_backlog = 5000 # Increase system file descriptor limit so we will (probably) # never run out under lots of concurrent requests. # (Per-process limit is set in /etc/security/limits.conf) fs.file-max = 100000 # Widen the port range used for outgoing connections net.ipv4.ip_local_port_range = 10000 65000 # -------------------------------------------------------------------- # The following help the server efficiently pipe large amounts of data # -------------------------------------------------------------------- # Disable source routing and redirects net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.accept_source_route = 0 # Disable packet forwarding. net.ipv4.ip_forward = 0 net.ipv6.conf.all.forwarding = 0 # Disable TCP slow start on idle connections net.ipv4.tcp_slow_start_after_idle = 0 # Increase Linux autotuning TCP buffer limits # Set max to 16MB for 1GE and 32M (33554432) or 54M (56623104) for 10GE # Don't set tcp_mem itself! Let the kernel scale it based on RAM. # net.core.rmem_max = 16777216 # net.core.wmem_max = 16777216 # net.core.rmem_default = 16777216 # net.core.wmem_default = 16777216 # net.core.optmem_max = 40960 # net.ipv4.tcp_rmem = 4096 87380 16777216 # net.ipv4.tcp_wmem = 4096 65536 16777216 # -------------------------------------------------------------------- # The following allow the server to handle lots of connection churn @@ -53,8 +83,11 @@ net.ipv4.tcp_keepalive_time = 60 # any remaining packets in the network. net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 5 # Allow a high number of timewait sockets net.ipv4.tcp_max_tw_buckets = 2000000 # Timeout broken connections faster (amount of time to wait for FIN) net.ipv4.tcp_fin_timeout = 10 # Let the networking stack reuse TIME_WAIT connections when it thinks it's safe to do so # net.ipv4.tcp_tw_reuse = 1 -
kgriffs revised this gist
Nov 7, 2012 . 1 changed file with 4 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -56,10 +56,13 @@ net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 5 # Timeout broken connections faster (amount of time to wait for FIN) net.ipv4.tcp_fin_timeout = 60 # Let the networking stack reuse TIME_WAIT connections when it thinks it's safe to do so # net.ipv4.tcp_tw_reuse = 1 # Determines the wait time between isAlive interval probes (reduce from 75 sec to 15) net.ipv4.tcp_keepalive_intvl = 15 # Determines the number of probes before timing out (reduce from 9 sec to 5 sec) net.ipv4.tcp_keepalive_probes = 5 # ------------------------------------------------------------- -
Nov 6, 2012 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,65 @@ # Configuration file for runtime kernel parameters. # See sysctl.conf(5) for more information. # Protection from SYN flood attack. net.ipv4.tcp_syncookies = 1 # See evil packets in your logs. #net.ipv4.conf.all.log_martians = 1 # Disable packet forwarding. net.ipv4.ip_forward = 0 net.ipv6.conf.all.forwarding = 0 # Tweak those values to alter disk syncing and swap behavior. #vm.vfs_cache_pressure = 100 #vm.laptop_mode = 0 #vm.swappiness = 60 # Tweak how the flow of kernel messages is throttled. #kernel.printk_ratelimit_burst = 10 #kernel.printk_ratelimit = 5 # -------------------------------------------------------------------- # The following allow the server to handle lots of connection requests # -------------------------------------------------------------------- # Increase number of incoming connections that can queue up # before dropping net.core.somaxconn = 5000 # Handle SYN floods net.ipv4.tcp_max_syn_backlog = 1280 # Increase the length of the network device input queue net.core.netdev_max_backlog = 5000 # Increase system file descriptor limit. Generally, set this to 64 * R, where # R is the amount of RAM in MB your box has (minus a buffer?) # (Per-process limit is set in /etc/security/limits.conf) fs.file-max = 65536 # Widen the port range used for outgoing connections net.ipv4.ip_local_port_range = 10152 65535 # -------------------------------------------------------------------- # The following allow the server to handle lots of connection churn # -------------------------------------------------------------------- # Disconnect dead TCP connections after 1 minute net.ipv4.tcp_keepalive_time = 60 # Wait a maximum of 5 * 2 = 10 seconds in the TIME_WAIT state after a FIN, to handle # any remaining packets in the network. net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 5 # Timeout broken connections faster (amount of time to wait for FIN) net.ipv4.tcp_fin_timeout = 60 # Determines the wait time between isAlive interval probes (reduce from 75 sec to 15) net.ipv4.tcp_keepalive_intvl = 15 # Determines the number of probes before timing out (reduce from 9 sec to 5 sec) net.ipv4.tcp_keepalive_probes = 5 # -------------------------------------------------------------
Kurt Griffiths
revised
this gist