jaeyson · October 7, 2025 11:09
diff --git a/99-sysctl.conf b/99-sysctl.conf
 # etc/sysctl.d/99-sysctl.conf
 # This control is used to define how aggressive the kernel will swap memory pages.
 # We will lower the number to decrease the amount of swap.
 vm.swappiness = 10

 # This variable controls the tendency of the kernel to reclaim the memory which is used for caching of directory and inode objects.
 vm.vfs_cache_pressure = 200

 # This value in 100'ths of a second define when dirty data is old enough to e eligible for writeout by the kernel flush threads.
 vm.dirty_expire_centisecs = 500

 # This value in 100'ths of a second expresses the interval between the kernel flusher wake up period to write old data out to disk.
 vm.dirty_writeback_centisecs = 250

 # This is a percentage of the absolute maximum amount of system memory that can be filled with dirty pages before everything must get committed to disk.
 vm.dirty_ratio = 10

 # This is a percentage of system memory that can be filled with “dirty” pages — memory pages that still need to be written to disk, before flushed in a background process.
 vm.dirty_background_ratio = 5

 # Let's NOT overcommit memory when using VMs (used to be for GitLab Redis)
 #vm.overcommit_memory = 1
 vm.overcommit_memory = 0

 # Enable huge memory pages (improving MariaDB and PostgreSQL performance)
 vm.nr_hugepages = 9000

 # Network tuning

 # Optionally, Disable IPv6
 #net.ipv6.conf.all.disable_ipv6 = 1
 #net.ipv6.conf.default.disable_ipv6 = 1
 #net.ipv6.conf.lo.disable_ipv6 = 1

 # This value influences the timeout of a locally closed TCP connection.
 net.ipv4.tcp_orphan_retries = 1

 # The length of time an orphaned (no longer referenced by any application) connection will remain
 net.ipv4.tcp_fin_timeout = 20

 # Enable memory auto tuning
 net.ipv4.tcp_moderate_rcvbuf = 1

 # Turn off timestamp generation, reducing TCP performance spikes
 net.ipv4.tcp_timestamps = 0

 # Contains three values that represent the minimum, default and maximum size of the TCP socket receive buffer.
 # Increase default and max. values for both read & write buffers for 10 Gigabit adapters.

 # Buffer up to 64Mb for 10 GbE
 net.core.rmem_max = 67108864
 net.core.wmem_max = 67108864
 net.core.rmem_default = 4194304
 net.core.wmem_default = 1048576
 # Increase autotuning TCP limit to 32MB
 net.ipv4.tcp_rmem = 4096 87380 33554432
 net.ipv4.tcp_wmem = 4096 65536 33554432

 # Application buffer is 1/..th of the total buffer space specified in the tcp_rmem variable. 
 net.ipv4.tcp_adv_win_scale = -2

 # Minimal size of receive buffer used by UDP sockets in moderation.
 net.ipv4.udp_rmem_min = 8192
 # Minimal size of send buffer used by UDP sockets in moderation.
 net.ipv4.udp_wmem_min = 8192

 # Maximum ancillary buffer size allowed per socket. 
 net.core.optmem_max = 25165824

 # recommended default congestion control is htcp
 #net.ipv4.tcp_congestion_control = htcp
 # Try BBR
 net.ipv4.tcp_congestion_control = bbr

 # recommended default for hosts with jumbo frames enabled
 # will prevent block hole, and have no impact on other TCP connections.
 # We will NOT use jumbo frames for now!
 #net.ipv4.tcp_mtu_probing=1

 # The default queuing discipline to use for network devices.
 # Instead of fq_codel try just fq
 net.core.default_qdisc = fq

 # The maximum number of packets queued in received state
 net.core.netdev_max_backlog = 30000

 # Timeout closing of TCP connections after 30 seconds.
 net.ipv4.tcp_fin_timeout = 30

 # Avoid falling back to slow start after a connection goes idle.
 net.ipv4.tcp_slow_start_after_idle = 0

 # Enable Forward Acknowledgment, which operates with Selective Acknowledgment (SACK) to reduce congestion.
 net.ipv4.tcp_fack = 1

 # Support windows larger than 64KB.
 net.ipv4.tcp_window_scaling = 1

 # Prevent against common 'SYN flood attack'
 net.ipv4.tcp_syncookies = 1

 # Number of times SYNACKs for a passive TCP connection attempt will be retransmitted.
 net.ipv4.tcp_synack_retries = 2

 # Maximal number of remembered connection requests, which have not received an acknowledgment from connecting client.
 net.ipv4.tcp_max_syn_backlog = 4096

diff --git a/README.md b/README.md
	# etc/sysctl.d/99-sysctl.conf
	# This control is used to define how aggressive the kernel will swap memory pages.
	# We will lower the number to decrease the amount of swap.
	vm.swappiness = 10

	# This variable controls the tendency of the kernel to reclaim the memory which is used for caching of directory and inode objects.
	vm.vfs_cache_pressure = 200

	# This value in 100'ths of a second define when dirty data is old enough to e eligible for writeout by the kernel flush threads.
	vm.dirty_expire_centisecs = 500

	# This value in 100'ths of a second expresses the interval between the kernel flusher wake up period to write old data out to disk.
	vm.dirty_writeback_centisecs = 250

	# This is a percentage of the absolute maximum amount of system memory that can be filled with dirty pages before everything must get committed to disk.
	vm.dirty_ratio = 10

	# This is a percentage of system memory that can be filled with “dirty” pages — memory pages that still need to be written to disk, before flushed in a background process.
	vm.dirty_background_ratio = 5

	# Let's NOT overcommit memory when using VMs (used to be for GitLab Redis)
	#vm.overcommit_memory = 1
	vm.overcommit_memory = 0

	# Enable huge memory pages (improving MariaDB and PostgreSQL performance)
	vm.nr_hugepages = 9000

	# Network tuning

	# Optionally, Disable IPv6
	#net.ipv6.conf.all.disable_ipv6 = 1
	#net.ipv6.conf.default.disable_ipv6 = 1
	#net.ipv6.conf.lo.disable_ipv6 = 1

	# This value influences the timeout of a locally closed TCP connection.
	net.ipv4.tcp_orphan_retries = 1

	# The length of time an orphaned (no longer referenced by any application) connection will remain
	net.ipv4.tcp_fin_timeout = 20

	# Enable memory auto tuning
	net.ipv4.tcp_moderate_rcvbuf = 1

	# Turn off timestamp generation, reducing TCP performance spikes
	net.ipv4.tcp_timestamps = 0

	# Contains three values that represent the minimum, default and maximum size of the TCP socket receive buffer.
	# Increase default and max. values for both read & write buffers for 10 Gigabit adapters.

	# Buffer up to 64Mb for 10 GbE
	net.core.rmem_max = 67108864
	net.core.wmem_max = 67108864
	net.core.rmem_default = 4194304
	net.core.wmem_default = 1048576
	# Increase autotuning TCP limit to 32MB
	net.ipv4.tcp_rmem = 4096 87380 33554432
	net.ipv4.tcp_wmem = 4096 65536 33554432

	# Application buffer is 1/..th of the total buffer space specified in the tcp_rmem variable.
	net.ipv4.tcp_adv_win_scale = -2

	# Minimal size of receive buffer used by UDP sockets in moderation.
	net.ipv4.udp_rmem_min = 8192
	# Minimal size of send buffer used by UDP sockets in moderation.
	net.ipv4.udp_wmem_min = 8192

	# Maximum ancillary buffer size allowed per socket.
	net.core.optmem_max = 25165824

	# recommended default congestion control is htcp
	#net.ipv4.tcp_congestion_control = htcp
	# Try BBR
	net.ipv4.tcp_congestion_control = bbr

	# recommended default for hosts with jumbo frames enabled
	# will prevent block hole, and have no impact on other TCP connections.
	# We will NOT use jumbo frames for now!
	#net.ipv4.tcp_mtu_probing=1

	# The default queuing discipline to use for network devices.
	# Instead of fq_codel try just fq
	net.core.default_qdisc = fq

	# The maximum number of packets queued in received state
	net.core.netdev_max_backlog = 30000

	# Timeout closing of TCP connections after 30 seconds.
	net.ipv4.tcp_fin_timeout = 30

	# Avoid falling back to slow start after a connection goes idle.
	net.ipv4.tcp_slow_start_after_idle = 0

	# Enable Forward Acknowledgment, which operates with Selective Acknowledgment (SACK) to reduce congestion.
	net.ipv4.tcp_fack = 1

	# Support windows larger than 64KB.
	net.ipv4.tcp_window_scaling = 1

	# Prevent against common 'SYN flood attack'
	net.ipv4.tcp_syncookies = 1

	# Number of times SYNACKs for a passive TCP connection attempt will be retransmitted.
	net.ipv4.tcp_synack_retries = 2

	# Maximal number of remembered connection requests, which have not received an acknowledgment from connecting client.
	net.ipv4.tcp_max_syn_backlog = 4096