-
Notifications
You must be signed in to change notification settings - Fork 89
/
sysctl.conf
180 lines (116 loc) · 4.67 KB
/
sysctl.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
################################################################
################################################################
# /etc/sysctl.conf
# These parameters in this file will be added/updated to the sysctl.conf file.
# Read More: https://github.com/hawshemi/Linux-Optimizer/blob/main/files/sysctl.conf
## File system settings
## ----------------------------------------------------------------
# Set the maximum number of open file descriptors
fs.file-max = 67108864
## Network core settings
## ----------------------------------------------------------------
# Specify default queuing discipline for network devices
net.core.default_qdisc = fq_codel
# Configure maximum network device backlog
net.core.netdev_max_backlog = 32768
# Set maximum socket receive buffer
net.core.optmem_max = 262144
# Define maximum backlog of pending connections
net.core.somaxconn = 65536
# Configure maximum TCP receive buffer size
net.core.rmem_max = 33554432
# Set default TCP receive buffer size
net.core.rmem_default = 1048576
# Configure maximum TCP send buffer size
net.core.wmem_max = 33554432
# Set default TCP send buffer size
net.core.wmem_default = 1048576
## TCP settings
## ----------------------------------------------------------------
# Define socket receive buffer sizes
net.ipv4.tcp_rmem = 16384 1048576 33554432
# Specify socket send buffer sizes
net.ipv4.tcp_wmem = 16384 1048576 33554432
# Set TCP congestion control algorithm to BBR
net.ipv4.tcp_congestion_control = bbr
# Configure TCP FIN timeout period
net.ipv4.tcp_fin_timeout = 25
# Set keepalive time (seconds)
net.ipv4.tcp_keepalive_time = 1200
# Configure keepalive probes count and interval
net.ipv4.tcp_keepalive_probes = 7
net.ipv4.tcp_keepalive_intvl = 30
# Define maximum orphaned TCP sockets
net.ipv4.tcp_max_orphans = 819200
# Set maximum TCP SYN backlog
net.ipv4.tcp_max_syn_backlog = 20480
# Configure maximum TCP Time Wait buckets
net.ipv4.tcp_max_tw_buckets = 1440000
# Define TCP memory limits
net.ipv4.tcp_mem = 65536 1048576 33554432
# Enable TCP MTU probing
net.ipv4.tcp_mtu_probing = 1
# Define minimum amount of data in the send buffer before TCP starts sending
net.ipv4.tcp_notsent_lowat = 32768
# Specify retries for TCP socket to establish connection
net.ipv4.tcp_retries2 = 8
# Enable TCP SACK and DSACK
net.ipv4.tcp_sack = 1
net.ipv4.tcp_dsack = 1
# Disable TCP slow start after idle
net.ipv4.tcp_slow_start_after_idle = 0
# Enable TCP window scaling
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_adv_win_scale = -2
# Enable TCP ECN
net.ipv4.tcp_ecn = 1
net.ipv4.tcp_ecn_fallback = 1
# Enable the use of TCP SYN cookies to help protect against SYN flood attacks
net.ipv4.tcp_syncookies = 1
## UDP settings
## ----------------------------------------------------------------
# Define UDP memory limits
net.ipv4.udp_mem = 65536 1048576 33554432
## IPv6 settings
## ----------------------------------------------------------------
# Enable IPv6
net.ipv6.conf.all.disable_ipv6 = 0
# Enable IPv6 by default
net.ipv6.conf.default.disable_ipv6 = 0
# Enable IPv6 on the loopback interface (lo)
net.ipv6.conf.lo.disable_ipv6 = 0
## UNIX domain sockets
## ----------------------------------------------------------------
# Set maximum queue length of UNIX domain sockets
net.unix.max_dgram_qlen = 256
## Virtual memory (VM) settings
## ----------------------------------------------------------------
# Specify minimum free Kbytes at which VM pressure happens
vm.min_free_kbytes = 65536
# Define how aggressively swap memory pages are used
vm.swappiness = 10
# Set the tendency of the kernel to reclaim memory used for caching of directory and inode objects
vm.vfs_cache_pressure = 250
## Network Configuration
## ----------------------------------------------------------------
# Configure reverse path filtering
net.ipv4.conf.default.rp_filter = 2
net.ipv4.conf.all.rp_filter = 2
# Disable source route acceptance
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
# Neighbor table settings
net.ipv4.neigh.default.gc_thresh1 = 512
net.ipv4.neigh.default.gc_thresh2 = 2048
net.ipv4.neigh.default.gc_thresh3 = 16384
net.ipv4.neigh.default.gc_stale_time = 60
# ARP settings
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2
# Kernel panic timeout
kernel.panic = 1
# Set dirty page ratio for virtual memory
vm.dirty_ratio = 20
################################################################
################################################################