Friday, 31 January 2014

Sysctl file optimized for more transfer speed


#Kernel sysctl configuration file for Red Hat Linux
 #
 # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
 # sysctl.conf(5) for more details.

 # Disables packet forwarding
 net.ipv4.ip_forward=0

 # Disables IP source routing
 net.ipv4.conf.all.accept_source_route = 0
 net.ipv4.conf.lo.accept_source_route = 0
 net.ipv4.conf.eth0.accept_source_route = 0
 net.ipv4.conf.default.accept_source_route = 0

 # Enable IP spoofing protection, turn on source route verification
 net.ipv4.conf.all.rp_filter = 1
 net.ipv4.conf.lo.rp_filter = 1
 net.ipv4.conf.eth0.rp_filter = 1
 net.ipv4.conf.default.rp_filter = 1

 # Disable ICMP Redirect Acceptance
 net.ipv4.conf.all.accept_redirects = 0
 net.ipv4.conf.lo.accept_redirects = 0
 net.ipv4.conf.eth0.accept_redirects = 0
 net.ipv4.conf.default.accept_redirects = 0

 # Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
 net.ipv4.conf.all.log_martians = 0
 net.ipv4.conf.lo.log_martians = 0
 net.ipv4.conf.eth0.log_martians = 0

# Disables IP source routing
 net.ipv4.conf.all.accept_source_route = 0
 net.ipv4.conf.lo.accept_source_route = 0
 net.ipv4.conf.eth0.accept_source_route = 0
 net.ipv4.conf.default.accept_source_route = 0

 # Enable IP spoofing protection, turn on source route verification
 net.ipv4.conf.all.rp_filter = 1
 net.ipv4.conf.lo.rp_filter = 1
 net.ipv4.conf.eth0.rp_filter = 1
 net.ipv4.conf.default.rp_filter = 1

 # Disable ICMP Redirect Acceptance
 net.ipv4.conf.all.accept_redirects = 0
 net.ipv4.conf.lo.accept_redirects = 0
 net.ipv4.conf.eth0.accept_redirects = 0
 net.ipv4.conf.default.accept_redirects = 0

 # Disables the magic-sysrq key
 kernel.sysrq = 0

 # Decrease the time default value for tcp_fin_timeout connection
 net.ipv4.tcp_fin_timeout = 15

 # Decrease the time default value for tcp_keepalive_time connection
 net.ipv4.tcp_keepalive_time = 1800

 # Turn off the tcp_window_scaling

 # Turn off the tcp_sack
net.ipv4.tcp_sack = 0

 # Turn off the tcp_timestamps

 # Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1

 # Enable ignoring broadcasts request
 net.ipv4.icmp_echo_ignore_broadcasts = 1

 # Enable bad error message Protection
 net.ipv4.icmp_ignore_bogus_error_responses = 1

 # Log Spoofed Packets, Source Routed Packets, Redirect Packets
 net.ipv4.conf.all.log_martians = 1

 # Increases the size of the socket queue (effectively, q0).
 net.ipv4.tcp_max_syn_backlog = 1024

 # Increase the tcp-time-wait buckets pool size
 net.ipv4.tcp_max_tw_buckets = 1440000

 # Allowed local port range
 net.ipv4.ip_local_port_range = 16384 65536
 net.core.wmem_max=12582912
 net.core.rmem_max=12582912
 net.ipv4.tcp_rmem= 10240 87380 12582912
 net.ipv4.tcp_wmem= 10240 87380 12582912
 net.ipv4.tcp_window_scaling = 1
 net.ipv4.tcp_timestamps = 1
 net.ipv4.tcp_sack = 1
 net.ipv4.tcp_no_metrics_save = 1
net.core.netdev_max_backlog = 5000



 # Set the number of pages to be used.
 # Each page is normally 2MB, so a value of 40 = 80MB.

 # Increase the amount of shmem allowed per segment
 # This depends upon your memory, remember your
 kernel.shmmax = 4294967295
 kernel.shmall = 268435456




# Increase the maximum total TCP buffer-space allocatable
net.ipv4.tcp_mem = 57344 57344 65536

# Increase the maximum TCP write-buffer-space allocatable
net.ipv4.tcp_wmem = 32768 65536 524288

# Increase the maximum TCP read-buffer space allocatable
net.ipv4.tcp_rmem = 98304 196608 1572864

# Increase the maximum and default receive socket buffer size
net.core.rmem_max = 524280
net.core.rmem_default = 524280

# Increase the maximum and default send socket buffer size
net.core.wmem_max = 524280
net.core.wmem_default = 524280

# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 1440000

# Allowed local port range
net.ipv4.ip_local_port_range = 16384 65536

No comments:

Post a Comment