Skip to content

Instantly share code, notes, and snippets.

@Chris-Graffagnino

Chris-Graffagnino/optimized_sysctl.md

Last active December 30, 2019 03:21
Show Gist options
  • Save Chris-Graffagnino/f4c0b80c7d8d66ab0da86fd3a19bbf9d to your computer and use it in GitHub Desktop.
Save Chris-Graffagnino/f4c0b80c7d8d66ab0da86fd3a19bbf9d to your computer and use it in GitHub Desktop.
Download ZIP
Optimized sysctl.conf for Jormungandr
Raw
optimized_sysctl.md

Optimized sysctl.conf for Jormungandr

-- DISCLAIMER: These changes are experimental. Do not use in production without testing on your own.
-- DISCLAIMER: By using this guide, you assume sole risk and waive any claims of liability against the author.

  • Thanks to these expert contributors for their suggestions, feedback and influence.
    @ilap - UNDR
    @mark-stopka - BLTN
    @pheelLikeWater - MONKY
    @psychomb - STKH
    @Willburn - ANP

These changes and other optimizations can be found here

Jormungandr Guide 4Newbs

About these changes

These changes check for stale connections (and kill them) at a higher rate. You should see the following improvements:

  • Execute "stats": Stale nodes, (no data shown in Recv-Q & Send-Q columns), are pruned at higher rate.
  • Execute "delta": Improved responsiveness, faster recovery from drift.

At the time of this writing, I am setting max_connections to 512 in node-config.yaml. You may find another setting that works better for you.

References

https://www.kernel.org/doc/Documentation/networking/tcp.txt
https://www.kernel.org/doc/Documentation/networking/nf_conntrack-sysctl.txt
https://www.techrepublic.com/article/how-to-enable-tcp-bbr-to-improve-network-speed-on-linux/

Edit sysctl.conf

fs.file-max = 10000000
fs.nr_open = 10000000

net.core.netdev_max_backlog = 100000
net.core.somaxconn = 100000
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_max_tw_buckets = 598016
net.ipv4.tcp_mem = 786432 1697152 1945728
net.ipv4.tcp_reordering = 3
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_sack = 0
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_synack_retries = 3
net.ipv4.tcp_max_syn_backlog = 100000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_wmem = 4096 16384 16777216

net.ipv4.tcp_window_scaling = 1
net.core.dev_weight = 64
net.core.netdev_budget = 400
net.core.optmem_max = 65535
net.ipv4.tcp_orphan_retries = 0
net.ipv4.ipfrag_high_thresh = 512000
net.ipv4.ipfrag_low_thresh = 446464
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_moderate_rcvbuf = 1
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

net.netfilter.nf_conntrack_max = 10485760
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 30
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 15

net.ipv4.tcp_keepalive_time = 60
net.ipv4.tcp_keepalive_intvl = 10
net.ipv4.tcp_keepalive_probes = 3

kernel.panic = 10
kernel.randomize_va_space = 2
kernel.pid_max = 65536
net.ipv4.icmp_ignore_bogus_error_responses = 1

# Use Google's congestion control algorithm
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr

vm.swappiness = 5
vm.vfs_cache_pressure = 50

Reload sysctl.conf

# Verify ip_conntrack is loaded
sudo lsmod | grep conntrack

# If nothing is returned, load ip_conntrack
sudo modprobe ip_conntrack

# Reload sysctl.conf
sudo sysctl -p /etc/sysctl.conf

Buy me a coffee?

DdzFFzCqrhsjtq9YsgFKeWABaC62QdnPSrsz4GHg762R9qE86YwQTrkCYtMEUtWgb5aEsRbqHAj6Gztdw3BJMKVrCDQbf8HKc9SsnvVk
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment