Last active
April 8, 2019 15:44
-
-
Save zet4/18004698acbb2c48fe752e4a0cb4183e to your computer and use it in GitHub Desktop.
sysctl -p tweaks for a VM on SSD/1GE+
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Reduce tendancy to swap | |
| vm.swappiness=10 | |
| vm.dirty_ratio = 40 | |
| vm.dirty_background_ratio = 10 | |
| vm.vfs_cache_pressure=50 | |
| # Network Caches | |
| net.core.default_qdisc=fq_codel | |
| net.core.netdev_max_backlog = 5000 | |
| net.core.optmem_max = 25165824 | |
| net.core.somaxconn = 1000 | |
| net.core.rmem_max = 16777216 | |
| net.core.wmem_max = 16777216 | |
| net.ipv4.tcp_wmem = 4096 12582912 16777216 | |
| net.ipv4.tcp_rmem = 4096 12582912 16777216 | |
| net.ipv4.tcp_max_syn_backlog = 8096 | |
| net.ipv4.tcp_slow_start_after_idle = 0 | |
| # Prevent simple DOS | |
| net.ipv4.tcp_max_tw_buckets = 1440000 | |
| net.ipv4.tcp_tw_recycle = 1 | |
| net.ipv4.tcp_tw_reuse = 1 | |
| # Security | |
| net.ipv4.conf.all.rp_filter = 1 | |
| net.ipv4.icmp_echo_ignore_all = 0 | |
| net.ipv4.icmp_echo_ignore_broadcasts = 1 | |
| net.ipv4.icmp_ignore_bogus_error_responses = 1 | |
| net.ipv4.conf.all.log_martians = 0 # can fill up dmesg | |
| net.ipv4.tcp_fin_timeout = 30 | |
| # Use only if you're NOT bridging | |
| net.bridge.bridge-nf-call-ip6tables = 0 | |
| net.bridge.bridge-nf-call-iptables = 0 | |
| net.bridge.bridge-nf-call-arptables = 0 | |
| net.ipv4.conf.default.promote_secondaries = 1 | |
| net.ipv4.conf.all.promote_secondaries = 1 | |
| kernel.msgmni=131072 | |
| kernel.msgmnb=4194304 | |
| kernel.msgmax=4194304 | |
| kernel.shmmax=1234567890123456789 | |
| kernel.shmall=1234567890123456789 | |
| # Protect against syn flood | |
| net.ipv4.tcp_syncookies = 1 | |
| net.ipv4.tcp_max_orphans = 65535 | |
| net.ipv4.tcp_synack_retries = 3 | |
| net.ipv4.tcp_rfc1337 = 1 | |
| # More inodes | |
| fs.file-max = 2097152 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| vm.swappiness=10 | |
| vm.dirty_ratio = 40 | |
| vm.dirty_background_ratio = 10 | |
| vm.vfs_cache_pressure=50 | |
| net.core.default_qdisc=fq_codel | |
| net.core.netdev_max_backlog = 5000 | |
| net.core.optmem_max = 25165824 | |
| net.core.somaxconn = 1000 | |
| net.core.rmem_max = 16777216 | |
| net.core.wmem_max = 16777216 | |
| net.ipv4.tcp_wmem = 4096 12582912 16777216 | |
| net.ipv4.tcp_rmem = 4096 12582912 16777216 | |
| net.ipv4.tcp_max_syn_backlog = 8096 | |
| net.ipv4.tcp_slow_start_after_idle = 0 | |
| net.ipv4.tcp_max_tw_buckets = 1440000 | |
| net.ipv4.tcp_tw_recycle = 1 | |
| net.ipv4.tcp_tw_reuse = 1 | |
| net.ipv4.conf.all.rp_filter = 1 | |
| net.ipv4.icmp_echo_ignore_all = 0 | |
| net.ipv4.icmp_echo_ignore_broadcasts = 1 | |
| net.ipv4.icmp_ignore_bogus_error_responses = 1 | |
| net.ipv4.conf.all.log_martians = 0 # can fill up dmesg | |
| net.ipv4.tcp_fin_timeout = 30 | |
| net.bridge.bridge-nf-call-ip6tables = 0 | |
| net.bridge.bridge-nf-call-iptables = 0 | |
| net.bridge.bridge-nf-call-arptables = 0 | |
| net.ipv4.conf.default.promote_secondaries = 1 | |
| net.ipv4.conf.all.promote_secondaries = 1 | |
| kernel.msgmni=131072 | |
| kernel.msgmnb=4194304 | |
| kernel.msgmax=4194304 | |
| kernel.shmmax=1234567890123456789 | |
| kernel.shmall=1234567890123456789 | |
| net.ipv4.tcp_syncookies = 1 | |
| net.ipv4.tcp_max_orphans = 65535 | |
| net.ipv4.tcp_synack_retries = 3 | |
| net.ipv4.tcp_rfc1337 = 1 | |
| fs.file-max = 2097152 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
vm.overcommit_memory = 1
echo never > /sys/kernel/mm/transparent_hugepage/enabledtoo for centos 7