Sysctl on the proxy servers
Mike McGrath
mmcgrath at redhat.com
Thu Nov 1 16:29:02 UTC 2007
I'd like to discuss this at the meeting today, here are the
optimizations as they stand for our proxy boxes. Its ticket #222:
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Controls IP packet forwarding
net.ipv4.ip_forward = 0
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 1
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
# Ensure connection tracking isn't limiting our connections
net.ipv4.ip_conntrack_max=6553600
# Allow higher than default file descriptors
fs.file-max=4947900
# How many pages to free at a time
vm.page-cluster = 7
# Try to always keep this amount free
vm.min_free_kbytes = 10000
# Allow system to be a swappier than normal when it needs to be for
caching server
vm.swappiness = 60
# Security, protects against TIME WAIT attacks
net.ipv4.tcp_rfc1337 = 1
# Security, protects against SYN floods
net.ipv4.tcp_syncookies = 1
# Lower keep alive time on the edge proxies
net.ipv4.tcp_keepalive_time = 300
# Limit tcp orphans
#net.ipv4.tcp_max_orphans = 1000
# Give the network stack access to more memory for queueing
net.core.rmem_default = 262144
net.core.rmem_max = 262144
More information about the Fedora-infrastructure-list
mailing list