Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Limit the per-socket default receive/send buffers to limit memory usage
- # when running with a lot of concurrent connections. Values are in bytes
- # and represent minimum, default and maximum. Defaults: 4096 87380 4194304
- #
- net.ipv4.tcp_rmem = 4096 16060 262144
- net.ipv4.tcp_wmem = 4096 16384 262144
- # Allow early reuse of a same source port for outgoing connections. It is
- # required above a few hundred connections per second. Defaults: 0
- #
- net.ipv4.tcp_tw_reuse = 1
- # Extend the source port range for outgoing TCP connections. This limits early
- # port reuse and makes use of 64000 source ports. Defaults: 32768 61000
- #
- net.ipv4.ip_local_port_range = 1024 65023
- # Increase the TCP SYN backlog size. This is generally required to support very
- # high connection rates as well as to resist SYN flood attacks. Setting it too
- # high will delay SYN cookie usage though. Defaults: 1024
- #
- net.ipv4.tcp_max_syn_backlog = 60000
- # Timeout in seconds for the TCP FIN_WAIT state. Lowering it speeds up release
- # of dead connections, though it will cause issues below 25-30 seconds. It is
- # preferable not to change it if possible. Default: 60
- #
- net.ipv4.tcp_fin_timeout = 30
- # Limit the number of outgoing SYN-ACK retries. This value is a direct
- # amplification factor of SYN floods, so it is important to keep it reasonably
- # low. However, too low will prevent clients on lossy networks from connecting.
- # Using 3 as a default value gives good results (4 SYN-ACK total) and lowering
- # it to 1 under SYN flood attack can save a lot of bandwidth. Default: 5
- #
- net.ipv4.tcp_synack_retries = 3
- # Set this to one to allow local processes to bind to an IP which is not yet
- # present on the system. This is typically what happens with a shared VRRP
- # address, where you want both master and backup to be started eventhough the
- # IP is not yet present. Always leave it to 1. Default: 0
- #
- net.ipv4.ip_nonlocal_bind = 1
- # Serves as a higher bound for all of the system's SYN backlogs. Put it at
- # least as high as tcp_max_syn_backlog, otherwise clients may experience
- # difficulties to connect at high rates or under SYN attacks. Default: 128
- #
- net.core.somaxconn = 60000
- # Number of unprocessed incoming packets that can be queued for later
- # processing. This has minimal effect. Default: 1000
- net.core.netdev_max_backlog = 10000
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement