Monday, May 13, 2013

Quick notes on loading an updated Debian kernel on a router / server box

I know Kernel 3.9 just came out, but Debian is fully caught up on 3.8 (beats the 3.2 it defaults to). If you're making an x64 router or server, the following will be handy...

1. apt-get update && apt-get install gcc-4.7

2. Use wget to grab the files from a listed mirror, and dpkg -i to load them. If you're not using x64, look for i386, arm, or other versions of "linux-headers-3.8.1" and "linux-image-3.8.1".

* initramfs-tools
* linux-kbuild-3.8
* linux-headers-3.8-1-common
* linux-image-3.8-1-amd64
* linux-headers-3.8-1-amd64

3a. Out-of-box Debian doesn't do anything with /etc/sysctl.conf : here's one I recommend trying.
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1
net.ipv4.tcp_syncookies=0
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.tcp_rfc1337=1
net.ipv4.route.flush=1
net.ipv4.tcp_window_scaling=1
net.ipv4.tcp_sack=1
net.ipv4.tcp_fack=1
net.ipv4.tcp_timestamps=1
net.ipv4.tcp_low_latency=1
net.ipv4.tcp_fin_timeout=10
net.ipv4.ip_no_pmtu_disc=0
net.ipv4.tcp_frto=2
net.ipv4.tcp_frto_response=2
net.ipv4.tcp_workaround_signed_windows=1
net.ipv4.tcp_mtu_probing=1
net.ipv4.tcp_congestion_control=yeah
#Kernel 3.x network stuff
net.core.bpf_jit_enable=1
net.ipv4.tcp_limit_output_bytes=65536
  #Disable privacy addressing
net.ipv6.conf.all.use_tempaddr=0
net.ipv6.conf.default.use_tempaddr=0
#Swap file behavior: 0-100 aggressiveness
#If using zcache, you want more
vm.swappiness=10

3b. If using as a router, add net.ipv4.ip_forward=1 and net.ipv6.conf.all.forwarding=1 to it.
3c. To enable the "congestion control", add tcp_yeah to /etc/modules

No comments:

Post a Comment