/
local.conf
66 lines (66 loc) · 2.92 KB
/
local.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
# fix promiscous arp
net.ipv4.conf.default.arp_announce=2
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.default.arp_notify=1
net.ipv4.conf.all.arp_notify=1
net.ipv4.conf.default.arp_ignore=1
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.default.forwarding=1 # be a router and fwd v4 packets
net.ipv4.conf.all.forwarding=1 # be a router and fwd v4 packets
net.ipv6.conf.default.forwarding=1 # be a router and fwd v6 packets
net.ipv6.conf.all.forwarding=1 # be a router and fwd v6 packets
net.ipv4.tcp_mtu_probing=2 # Enable smart MTU blackhole detection
net.ipv6.conf.default.accept_ra=0 # disable IPv6 autoconf
net.ipv6.conf.all.accept_ra=0 # disable IPv6 autoconf
net.ipv6.conf.default.autoconf=0 # disable IPv6 autoconf
net.ipv6.conf.all.autoconf=0 # disable IPv6 autoconf
net.ipv4.icmp_echo_ignore_broadcasts=1 # Reduce the surface on SMURF attacks
net.ipv4.conf.default.accept_redirects=0
net.ipv4.conf.all.accept_redirects=0
net.ipv6.conf.default.accept_redirects=0
net.ipv6.conf.all.accept_redirects=0
net.ipv4.neigh.default.base_reachable_time_ms=1200000
# tuning fo 10G NIC
net.core.rmem_max=67108864 # allow testing with buffers up to 64MB
net.core.wmem_max=67108864 # allow testing with buffers up to 64MB
net.core.rmem_default=8388608 # was 4194304
net.ipv4.tcp_rmem=4096 87380 33554432 # increase Linux autotuning TCP buffer limit to 32M
net.ipv4.tcp_wmem=4096 65536 33554432 # increase Linux autotuning TCP buffer limit to 32M
#net.ipv4.tcp_congestion_control=htcp # recommended default congestion control is htcp
# Force gc to clean-up quickly
net.ipv4.neigh.default.gc_interval=1800
net.ipv6.neigh.default.gc_interval=1800
# Set ARP/ND cache entry timeout
net.ipv4.neigh.default.gc_stale_time=1800
net.ipv6.neigh.default.gc_stale_time=1800
# Set gc threshold for arp/nd
net.ipv4.neigh.default.gc_thresh3=16384
net.ipv4.neigh.default.gc_thresh2=8192
net.ipv4.neigh.default.gc_thresh1=2048
net.ipv6.neigh.default.gc_thresh3=16384
net.ipv6.neigh.default.gc_thresh2=8192
net.ipv6.neigh.default.gc_thresh1=2048
# increase IPv6 table
net.ipv6.route.max_size=524288
# Disable source validation by default, done via [ip,nf]tables
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
# additional optimizations from torservers.net
net.core.netdev_max_backlog = 262144
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_synack_retries = 3
net.ipv4.tcp_fin_timeout = 4
vm.min_free_kbytes = 65536
net.ipv4.tcp_keepalive_time = 60
net.ipv4.tcp_keepalive_intvl = 10
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.ip_local_port_range = 1025 65530
net.core.somaxconn = 20480
net.ipv4.tcp_max_tw_buckets = 2000000
net.ipv4.tcp_timestamps = 0
#
# I'm testing it, not sure if it's useful
net.ipv4.tcp_sack = 0 # disable SACK (TCP Selective Acknowledgement)
net.ipv4.tcp_dsack = 0 # disable DSACK (duplicate TCP SACK)