n0ts · August 13, 2010 07:35
diff --git a/sysctl.conf at www.scaleout.jp b/sysctl.conf at www.scaleout.jp
 # Kernel sysctl configuration file for Red Hat Linux
 #
 # For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
 # sysctl.conf(5) for more details.

 # Controls IP packet forwarding
 net.ipv4.ip_forward = 0
 # Controls source route verification
 net.ipv4.conf.default.rp_filter = 0

 # Do not accept source routing
 net.ipv4.conf.default.accept_source_route = 0

 # Controls the System Request debugging functionality of the kernel
 kernel.sysrq = 0

 # Controls whether core dumps will append the PID to the core filename
 # Useful for debugging multi-threaded applications
 kernel.core_uses_pid = 1

 # Controls the use of TCP syncookies
 net.ipv4.tcp_syncookies = 1

 # Controls the maximum size of a message, in bytes
 kernel.msgmnb = 65536

 # Controls the default maxmimum size of a mesage queue
 kernel.msgmax = 65536

 # Controls the maximum shared segment size, in bytes
 kernel.shmmax = 4294967295

 # Controls the maximum number of shared memory segments, in pages
 kernel.shmall = 268435456

 #
 # Tunning Over 4GB Server
 #

 # increase Linux autotuning TCP buffer limits
 # min, default, and max number of bytes to use
 # set max to 16MB for 1GE, and 32M or 54M for 10GE
 net.ipv4.tcp_rmem = 4096 87380 8388608
 net.ipv4.tcp_wmem = 4096 65536 6553600

 # increase TCP max buffer size setable using setsockopt()
 net.core.rmem_max = 8388608
 net.core.wmem_max = 6553600

 # recommended to increase this for 10G NICS
 net.core.netdev_max_backlog = 5000

 # How often TCP sends out keepalive messages when keepalive is enabled. Default: 2hours.
 net.ipv4.tcp_keepalive_time = 1800

 # This boolean enables a fix for 'time-wait assassination hazards in tcp', described in RFC 1337. If enabled, this causes the kernel to drop RST packets for sockets in the time-wait
 net.ipv4.tcp_rfc1337 = 1

 # Timestamps are used, amongst other things, to protect against wrapping sequence numbers. 
 # A 1 gigabit link might conceivably re-encounter a previous sequence number with an out-of-line value, 
 # because it was of a previous generation. The timestamp will let it recognize this 'ancient packet'.
 net.ipv4.tcp_timestamps = 1

 # Maximal number of remembered connection requests, 
 # which still did not receive an acknowledgment from connecting client. 
 # Default value is 1024 for systems with more than 128Mb of memory, 
 # and 128 for low memory machines. If server suffers of overload, try to increase this number. 
 # Warning! If you make it greater than 1024, 
 # it would be better to change TCP_SYNQ_HSIZE in 
 # include/net/tcp.h to keep TCP_SYNQ_HSIZE*16<=tcp_max_syn_backlog and to recompile kernel.
 net.ipv4.tcp_max_syn_backlog = 10240

 # Maximal number of timewait sockets held by system simultaneously.
 # If this number is exceeded time-wait socket is immediately destroyed and warning is printed.
 # This limit exists only to prevent simple DoS attacks,
 # you _must_ not lower the limit artificially,
 # but rather increase it (probably, after increasing installed memory),
 # if network conditions require more than default value.
 net.ipv4.tcp_max_tw_buckets = 1000000

 # Range of local ports for outgoing connections. 
 # Actually quite small by default, 1024 to 4999.
 #port lange
 net.ipv4.ip_local_port_range =  10240    61000

 #TCP MSL
 #
 # Time to hold socket in state FIN-WAIT-2,
 # if it was closed by our side. Peer can be broken and never close its side,
 # or even died unexpectedly.
 # Default value is 60sec. Usual value used in 2.2 was 180 seconds,
 # you may restore it, but remember that if your machine is even underloaded WEB server,
 # you risk to overflow memory with kilotons of dead sockets,
 # FIN-WAIT-2 sockets are less dangerous than FIN-WAIT-1,
 # because they eat maximum 1.5K of memory, but they tend to live longer.
 # Cf. tcp_max_orphans.
 net.ipv4.tcp_fin_timeout=30
	# Kernel sysctl configuration file for Red Hat Linux
	#
	# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
	# sysctl.conf(5) for more details.

	# Controls IP packet forwarding
	net.ipv4.ip_forward = 0
	# Controls source route verification
	net.ipv4.conf.default.rp_filter = 0

	# Do not accept source routing
	net.ipv4.conf.default.accept_source_route = 0

	# Controls the System Request debugging functionality of the kernel
	kernel.sysrq = 0

	# Controls whether core dumps will append the PID to the core filename
	# Useful for debugging multi-threaded applications
	kernel.core_uses_pid = 1

	# Controls the use of TCP syncookies
	net.ipv4.tcp_syncookies = 1

	# Controls the maximum size of a message, in bytes
	kernel.msgmnb = 65536

	# Controls the default maxmimum size of a mesage queue
	kernel.msgmax = 65536

	# Controls the maximum shared segment size, in bytes
	kernel.shmmax = 4294967295

	# Controls the maximum number of shared memory segments, in pages
	kernel.shmall = 268435456

	#
	# Tunning Over 4GB Server
	#

	# increase Linux autotuning TCP buffer limits
	# min, default, and max number of bytes to use
	# set max to 16MB for 1GE, and 32M or 54M for 10GE
	net.ipv4.tcp_rmem = 4096 87380 8388608
	net.ipv4.tcp_wmem = 4096 65536 6553600

	# increase TCP max buffer size setable using setsockopt()
	net.core.rmem_max = 8388608
	net.core.wmem_max = 6553600

	# recommended to increase this for 10G NICS
	net.core.netdev_max_backlog = 5000

	# How often TCP sends out keepalive messages when keepalive is enabled. Default: 2hours.
	net.ipv4.tcp_keepalive_time = 1800

	# This boolean enables a fix for 'time-wait assassination hazards in tcp', described in RFC 1337. If enabled, this causes the kernel to drop RST packets for sockets in the time-wait
	net.ipv4.tcp_rfc1337 = 1

	# Timestamps are used, amongst other things, to protect against wrapping sequence numbers.
	# A 1 gigabit link might conceivably re-encounter a previous sequence number with an out-of-line value,
	# because it was of a previous generation. The timestamp will let it recognize this 'ancient packet'.
	net.ipv4.tcp_timestamps = 1

	# Maximal number of remembered connection requests,
	# which still did not receive an acknowledgment from connecting client.
	# Default value is 1024 for systems with more than 128Mb of memory,
	# and 128 for low memory machines. If server suffers of overload, try to increase this number.
	# Warning! If you make it greater than 1024,
	# it would be better to change TCP_SYNQ_HSIZE in
	# include/net/tcp.h to keep TCP_SYNQ_HSIZE*16<=tcp_max_syn_backlog and to recompile kernel.
	net.ipv4.tcp_max_syn_backlog = 10240

	# Maximal number of timewait sockets held by system simultaneously.
	# If this number is exceeded time-wait socket is immediately destroyed and warning is printed.
	# This limit exists only to prevent simple DoS attacks,
	# you _must_ not lower the limit artificially,
	# but rather increase it (probably, after increasing installed memory),
	# if network conditions require more than default value.
	net.ipv4.tcp_max_tw_buckets = 1000000

	# Range of local ports for outgoing connections.
	# Actually quite small by default, 1024 to 4999.
	#port lange
	net.ipv4.ip_local_port_range = 10240 61000

	#TCP MSL
	#
	# Time to hold socket in state FIN-WAIT-2,
	# if it was closed by our side. Peer can be broken and never close its side,
	# or even died unexpectedly.
	# Default value is 60sec. Usual value used in 2.2 was 180 seconds,
	# you may restore it, but remember that if your machine is even underloaded WEB server,
	# you risk to overflow memory with kilotons of dead sockets,
	# FIN-WAIT-2 sockets are less dangerous than FIN-WAIT-1,
	# because they eat maximum 1.5K of memory, but they tend to live longer.
	# Cf. tcp_max_orphans.
	net.ipv4.tcp_fin_timeout=30