jamesonjlee · April 29, 2013 07:50
diff --git a/sysctl.conf b/sysctl.conf
 # Configuration file for runtime kernel parameters.
 # See sysctl.conf(5) for more information.

 # Protection from SYN flood attack.
 net.ipv4.tcp_syncookies = 1

 # See evil packets in your logs.
 #net.ipv4.conf.all.log_martians = 1

 # Disable packet forwarding.
 net.ipv4.ip_forward = 0
 net.ipv6.conf.all.forwarding = 0

 # Tweak those values to alter disk syncing and swap behavior.
 #vm.vfs_cache_pressure = 100
 #vm.laptop_mode = 0
 #vm.swappiness = 60

 # Tweak how the flow of kernel messages is throttled.
 #kernel.printk_ratelimit_burst = 10
 #kernel.printk_ratelimit = 5

 # --------------------------------------------------------------------
 # The following allow the server to handle lots of connection requests
 # --------------------------------------------------------------------

 # Increase number of incoming connections that can queue up
 # before dropping
 net.core.somaxconn = 5000

 # Handle SYN floods
 net.ipv4.tcp_max_syn_backlog = 1280

 # Increase the length of the network device input queue
 net.core.netdev_max_backlog = 5000

 # Increase system file descriptor limit. Generally, set this to 64 * R, where
 # R is the amount of RAM in MB your box has (minus a buffer?)
 # (Per-process limit is set in /etc/security/limits.conf)
 fs.file-max = 65536

 # Widen the port range used for outgoing connections
 net.ipv4.ip_local_port_range = 10152 65535 

 # --------------------------------------------------------------------
 # The following allow the server to handle lots of connection churn
 # --------------------------------------------------------------------

 # Disconnect dead TCP connections after 1 minute
 net.ipv4.tcp_keepalive_time = 60

 # Wait a maximum of 5 * 2 = 10 seconds in the TIME_WAIT state after a FIN, to handle
 # any remaining packets in the network. 
 net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 5

 # Timeout broken connections faster (amount of time to wait for FIN)
 net.ipv4.tcp_fin_timeout = 60

 # Let the networking stack reuse TIME_WAIT connections when it thinks it's safe to do so
 # net.ipv4.tcp_tw_reuse = 1

 # Determines the wait time between isAlive interval probes (reduce from 75 sec to 15)
 net.ipv4.tcp_keepalive_intvl = 15

 # Determines the number of probes before timing out (reduce from 9 sec to 5 sec)
 net.ipv4.tcp_keepalive_probes = 5

 # -------------------------------------------------------------
	# Configuration file for runtime kernel parameters.
	# See sysctl.conf(5) for more information.

	# Protection from SYN flood attack.
	net.ipv4.tcp_syncookies = 1

	# See evil packets in your logs.
	#net.ipv4.conf.all.log_martians = 1

	# Disable packet forwarding.
	net.ipv4.ip_forward = 0
	net.ipv6.conf.all.forwarding = 0

	# Tweak those values to alter disk syncing and swap behavior.
	#vm.vfs_cache_pressure = 100
	#vm.laptop_mode = 0
	#vm.swappiness = 60

	# Tweak how the flow of kernel messages is throttled.
	#kernel.printk_ratelimit_burst = 10
	#kernel.printk_ratelimit = 5

	# --------------------------------------------------------------------
	# The following allow the server to handle lots of connection requests
	# --------------------------------------------------------------------

	# Increase number of incoming connections that can queue up
	# before dropping
	net.core.somaxconn = 5000

	# Handle SYN floods
	net.ipv4.tcp_max_syn_backlog = 1280

	# Increase the length of the network device input queue
	net.core.netdev_max_backlog = 5000

	# Increase system file descriptor limit. Generally, set this to 64 * R, where
	# R is the amount of RAM in MB your box has (minus a buffer?)
	# (Per-process limit is set in /etc/security/limits.conf)
	fs.file-max = 65536

	# Widen the port range used for outgoing connections
	net.ipv4.ip_local_port_range = 10152 65535

	# --------------------------------------------------------------------
	# The following allow the server to handle lots of connection churn
	# --------------------------------------------------------------------

	# Disconnect dead TCP connections after 1 minute
	net.ipv4.tcp_keepalive_time = 60

	# Wait a maximum of 5 * 2 = 10 seconds in the TIME_WAIT state after a FIN, to handle
	# any remaining packets in the network.
	net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 5

	# Timeout broken connections faster (amount of time to wait for FIN)
	net.ipv4.tcp_fin_timeout = 60

	# Let the networking stack reuse TIME_WAIT connections when it thinks it's safe to do so
	# net.ipv4.tcp_tw_reuse = 1

	# Determines the wait time between isAlive interval probes (reduce from 75 sec to 15)
	net.ipv4.tcp_keepalive_intvl = 15

	# Determines the number of probes before timing out (reduce from 9 sec to 5 sec)
	net.ipv4.tcp_keepalive_probes = 5

	# -------------------------------------------------------------