API tools faq
paste
Advertisement
Guest User

haproxy sysctl

a guest
Sep 1st, 2011
1,136
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.36 KB | None | 0 0
raw download clone embed print report
  1. # Limit the per-socket default receive/send buffers to limit memory usage
  2. # when running with a lot of concurrent connections. Values are in bytes
  3. # and represent minimum, default and maximum. Defaults: 4096 87380 4194304
  4. #
  5. net.ipv4.tcp_rmem            = 4096 16060 262144
  6. net.ipv4.tcp_wmem            = 4096 16384 262144
  7.  
  8. # Allow early reuse of a same source port for outgoing connections. It is
  9. # required above a few hundred connections per second. Defaults: 0
  10. #
  11. net.ipv4.tcp_tw_reuse        = 1
  12.  
  13. # Extend the source port range for outgoing TCP connections. This limits early
  14. # port reuse and makes use of 64000 source ports. Defaults: 32768 61000
  15. #
  16. net.ipv4.ip_local_port_range = 1024 65023
  17.  
  18. # Increase the TCP SYN backlog size. This is generally required to support very
  19. # high connection rates as well as to resist SYN flood attacks. Setting it too
  20. # high will delay SYN cookie usage though. Defaults: 1024
  21. #
  22. net.ipv4.tcp_max_syn_backlog = 60000
  23.  
  24. # Timeout in seconds for the TCP FIN_WAIT state. Lowering it speeds up release
  25. # of dead connections, though it will cause issues below 25-30 seconds. It is
  26. # preferable not to change it if possible. Default: 60
  27. #
  28. net.ipv4.tcp_fin_timeout     = 30
  29.  
  30. # Limit the number of outgoing SYN-ACK retries. This value is a direct
  31. # amplification factor of SYN floods, so it is important to keep it reasonably
  32. # low. However, too low will prevent clients on lossy networks from connecting.
  33. # Using 3 as a default value gives good results (4 SYN-ACK total) and lowering
  34. # it to 1 under SYN flood attack can save a lot of bandwidth. Default: 5
  35. #
  36. net.ipv4.tcp_synack_retries  = 3
  37.  
  38. # Set this to one to allow local processes to bind to an IP which is not yet
  39. # present on the system. This is typically what happens with a shared VRRP
  40. # address, where you want both master and backup to be started eventhough the
  41. # IP is not yet present. Always leave it to 1. Default: 0
  42. #
  43. net.ipv4.ip_nonlocal_bind    = 1
  44.  
  45. # Serves as a higher bound for all of the system's SYN backlogs. Put it at
  46. # least as high as tcp_max_syn_backlog, otherwise clients may experience
  47. # difficulties to connect at high rates or under SYN attacks. Default: 128
  48. #
  49. net.core.somaxconn           = 60000
  50.  
  51. # Number of unprocessed incoming packets that can be queued for later
  52. # processing. This has minimal effect. Default: 1000
  53. net.core.netdev_max_backlog  = 10000
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!