# Reduce tendency to swap vm.swappiness = 25 # Reboot 10 seconds after OOM vm.panic_on_oom = 1 kernel.panic = 10 net.ipv4.ip_local_port_range = 32768 61000 net.ipv4.ip_forward = 0 net.ipv6.conf.all.forwarding = 0 #### http://vimeo.com/70369211 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_max_tw_buckets = 524288 net.ipv4.tcp_fin_timeout = 10 #### https://gist.github.com/kfox/1942782 #### http://www.psc.edu/networking/projects/tcptune/#Linux # Source route verification net.ipv4.conf.default.rp_filter = 1 # Do not accept source routing net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 0 net.ipv4.neigh.default.gc_thresh1 = 4096 net.ipv4.neigh.default.gc_thresh2 = 8192 net.ipv4.neigh.default.gc_thresh3 = 16384 net.ipv4.neigh.default.gc_interval = 5 net.ipv4.neigh.default.gc_stale_time = 120 net.core.netdev_max_backlog = 262144 net.core.somaxconn = 2048 net.core.rmem_max = 108544 net.core.wmem_max = 108544 net.netfilter.nf_conntrack_max = 65536 net.netfilter.nf_conntrack_tcp_timeout_close = 10 net.netfilter.nf_conntrack_tcp_timeout_close_wait = 15 net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 30 net.netfilter.nf_conntrack_tcp_timeout_last_ack = 10 net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 15 net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 30 net.netfilter.nf_conntrack_tcp_timeout_time_wait = 30 net.ipv4.tcp_max_syn_backlog = 32768 net.ipv4.tcp_max_orphans = 262144 net.ipv4.tcp_syn_retries = 3 net.ipv4.tcp_synack_retries = 3 net.ipv4.tcp_syncookies = 0 #### http://fasterdata.es.net/host-tuning/linux/ net.ipv4.tcp_sack = 1 net.ipv4.tcp_fack = 1 net.ipv4.tcp_timestamps = 1 net.ipv4.tcp_rmem = 4096 87380 16777216 net.ipv4.tcp_wmem = 4096 65536 16777216 #### http://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.kernel.obscure.html net.ipv4.tcp_orphan_retries = 1 #### https://dev.openwrt.org/ticket/12976 net.netfilter.nf_conntrack_tcp_timeout_established = 120 net.ipv4.tcp_keepalive_time = 100 #### http://forums.gentoo.org/viewtopic-p-3497273.html#3497273 # Be strict about picking up connections, must start with SYN net.netfilter.nf_conntrack_tcp_loose = 0