sysctl.conf 相關設定

# Disables packet forwarding
net.ipv4.ip_forward = 1

# Enables source route verification
net.ipv4.conf.default.rp_filter = 1

# Disables the magic-sysrq key
kernel.sysrq = 0

#Sets the max system file descriptor limit to 500000
fs.file-max = 500000

#Sets the default Socket Listen Queue Length
net.ipv4.tcp_max_syn_backlog=12000

#sets min/default/max TCP read buffer (default 4096 87380 174760)
net.ipv4.tcp_rmem = 30000000 30000000 30000000
net.ipv4.tcp_wmem = 30000000 30000000 30000000
net.ipv4.tcp_mem = 30000000 30000000 30000000

#maximum receive socket buffer size  (Default 131071)
net.core.rmem_max = 10000000

#maximum send socket buffer size Default 131071)
net.core.wmem_max = 10000000

#default receive socket buffer size (Default 65535)
net.core.rmem_default = 10000000

#default send socket buffer size (Default 65535)
net.core.wmem_default = 10000000

#maximum amount of option memory buffers (Default 10240)
net.core.optmem_max = 10000000

#Define the local TCP ephemeral port range
net.ipv4.ip_local_port_range = 8192 65535

#Enable fast recycling of connections in the TIME_WAIT state
net.ipv4.tcp_tw_recycle = 1

#Maximum number of TIME_WAIT sockets held by the system simultaneously.
net.ipv4.tcp_max_tw_buckets = 2000000

#Number of unprocessed input packets before the kernel starts
#dropping them. (Default 10240).
net.core.netdev_max_backlog = 400000

# Adjusts the minimum number of entries to keep in the ARP cache.
# The garbage collector will not run if there  are  fewer than
# this number of entries in the cache.
#(Default 128)
net.ipv4.neigh.default.gc_thresh1 = 1024

#The  soft  maximum  number  of entries to keep in the ARP cache.
# The garbage collector will allow the number of entries to exceed
#this for 5 seconds before collection will be performed.
#(Default 128).
net.ipv4.neigh.default.gc_thresh2 = 1024

#The hard maximum number of entries to keep in the ARP cache.
# The garbage collector will always run if there are more than
#this number of entries in the cache.  (Default 512)
net.ipv4.neigh.default.gc_thresh3 = 2048

#The interval to do garbage collection on the arp table.
# (Defaults to 30).
net.ipv4.neigh.default.gc_interval = 3600

#When to time-out an arp table entry.  (Defaults 60).
net.ipv4.neigh.default.gc_stale_time = 3600

#When to time-out an arp table entry.  Do this for every NIC.
#  (Defaults to 60).
net.ipv4.neigh.eth0.gc_stale_time = 3600
net.ipv4.tcp_syncookies = 1

#
kernel.sem = 1000 256000 60 1024

# Share Memory
kernel.shmmni = 4096
kernel.shmall = 2097152
kernel.shmmax = 2147483647

# Per message Size
kernel.msgmnb = 11000000
kernel.msgmni = 3200
kernel.msgmax = 210000

# This causes the kernel to avoid using lower memory areas if address space is available in the high memory area.
vm.lower_zone_protection = 100

# Useful for debugging multi-threaded applications
kernel.core_uses_pid = 1

# Ignore ping the broadcast address of a network
net.ipv4.icmp_echo_ignore_broadcasts = 1

# Set this to ignore ICMP errors caused by hosts in the network reacting badly to frames sent to what they perceive to be the broadcast address.
net.ipv4.icmp_ignore_bogus_error_responses = 1

# Security Option
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0

# Disables ICMP Redirect
net.ipv4.conf.all.send_redirects = 0

# Protect against wrapping sequence numbers
net.ipv4.tcp_timestamps = 0

# This setting determines the number of SYN+ACK packets sent before the kernel gives up on the connection.
net.ipv4.tcp_synack_retries = 2

# Time to hold socket in state FIN-WAIT-2, if it was closed by our side. Default value is 60sec
net.ipv4.tcp_fin_timeout = 5

# How many times to retry before deciding that something is wrong and it is necessary to report this suspicion to network layer. Minimal RFC value is 3, it is default
net.ipv4.tcp_retries1 = 3

# How many keepalive probes TCP will send, until it decides that the connection is broken. Default value: 9.
net.ipv4.tcp_keepalive_probes = 5

# How frequent probes are retransmitted, when a probe isn't acknowledged. Default: 75 seconds.
net.ipv4.tcp_keepalive_intvl = 15

# How often TCP sends out keepalive messages when keepalive is enabled. Default: 2hours
net.ipv4.tcp_keepalive_time = 60

# TCP/IP normally allows windows up to 65535 bytes big. For really fast networks, this may not be enough.
net.ipv4.tcp_window_scaling = 0

# Use Selective ACK which can be used to signify that specific packets are missing - therefore helping fast recovery.
net.ipv4.tcp_sack = 0

# Hidden
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2