5

Tweaking opensuse 11.2

view full story
linux-howto

http://forums.opensuse.org – I tought that the members of this forums would be interested in these two links. Tweak kernel variables in sysctl.conf « Overtone and Sysctl | SUSE & openSUSE I have used the trick described in these articles to configure my system, I have only edited sysctl.conf to apply to my network settings and I have noticed a dramatic improvement with my net connection and speed. I was wondering if any other forum member had a trick up his sleeve about how to tweak opensuse/sysctl I am sharing this in hopes that it interest someone and helps, but I can give no guarantees that this will work for you or wont break your system! Here is my sysctl.conf for those interested. Quote: # Disable response to broadcasts. # You don't want yourself becoming a Smurf amplifier. net.ipv4.icmp_echo_ignore_broadcasts = 1 # enable route verification on all interfaces net.ipv4.conf.all.rp_filter = 1 # enable ipV6 forwarding #net.ipv6.conf.all.forwarding = 1 # increase the number of possible inotify(7) watches fs.inotify.max_user_watches = 65536 # avoid deleting secondary IPs on deleting the primary IP net.ipv4.conf.default.promote_secondaries = 1 net.ipv4.conf.all.promote_secondaries = 1 # increase TCP max buffer size setable using setsockopt() net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 # increase Linux autotuning TCP buffer limits # min, default, and max number of bytes to use # set max to at least 4MB, or higher if you use very high BDP paths net.ipv4.tcp_rmem = 4096 87380 16777216 net.ipv4.tcp_wmem = 4096 65536 16777216 # don't cache ssthresh from previous connection net.ipv4.tcp_no_metrics_save = 1 net.ipv4.tcp_moderate_rcvbuf = 1 # recommended to increase this for 1000 BT or higher net.core.netdev_max_backlog = 2500 # for 10 GigE, use this, uncomment below # net.core.netdev_max_backlog = 30000 # Turn off timestamps if you're on a gigabit or very busy network # Having it off is one less thing the IP stack needs to work on #net.ipv4.tcp_timestamps = 0 # disable tcp selective acknowledgements. net.ipv4.tcp_sack = 0 #enable window scaling net.ipv4.tcp_window_scaling = 1 #drop icmp requests for total stealth net.ipv4.icmp_echo_ignore_all = 1 #disable broadcasting net.ipv4.icmp_echo_ignore_broadcasts = 1 # Disable ICMP Redirect Acceptance #for IPv4 net.ipv4.conf.all.accept_redirects = 1 net.ipv4.conf.all.send_redirects = 1 #Ipv4 at interface level net.ipv4.conf.eth0.accept_redirects = 1 net.ipv4.conf.eth0.send_redirects = 1 #tcp congestion net.ipv4.tcp_reordering = 20 net.ipv4.tcp_no_metrics_save = 1 net.ipv4.tcp_congestion_control = cubic # Increase the tcp-time-wait buckets pool size net.ipv4.tcp_max_tw_buckets = 1440000 net.ipv4.tcp_rfc1337 = 1 net.ipv4.ip_no_pmtu_disc = 0 net.ipv4.tcp_sack = 1 net.ipv4.tcp_fack = 1 net.ipv4.tcp_window_scaling = 1 net.ipv4.tcp_timestamps = 1 net.ipv4.tcp_ecn = 0 net.ipv4.route.flush = 1 #Prevent SYN attack by enabling TCP/IP SYN cookies net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 2048 net.ipv4.tcp_synack_retries = 2 # Disables IP source routing net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.lo.accept_source_route = 0 net.ipv4.conf.eth0.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0 # Enable IP spoofing protection, turn on source route verification net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.lo.rp_filter = 1 net.ipv4.conf.eth0.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1 # Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets net.ipv4.conf.all.log_martians = 1 net.ipv4.conf.lo.log_martians = 1 net.ipv4.conf.eth0.log_martians = 1 # Enable bad error message Protection net.ipv4.icmp_ignore_bogus_error_responses = 1 # Set maximum amount of memory allocated to shm to 256M kernel.shmmax = 268435456 # Increase the maximum memory used to reassemble IP fragments net.ipv4.ipfrag_high_thresh = 512000 net.ipv4.ipfrag_low_thresh = 446464 # Increase the maximum amount of option memory buffers net.core.optmem_max = 57344 I have not yet tried any "serious" tweaks regarding the memory, such as setting swappiness. Any options and thoughts are appreciated. (Distributions)