Thursday, September 19, 2019

Updated sysctl.conf for Linux, Sep 2019


Ever on the quest to get the most out of servers I manage, here are some valid sysctl.conf profiles to deploy on Linux 4.14 and newer systems. If you're still bouncing around some Linux 3.x stuff (CentOS or older Debian), most of this should work too. This is an amalgamation of too many different resources at this point, plus trial-and-error.

On-site VMs & Servers



# On-site /etc/sysctl.conf
# Michael Adams; unquietwiki.com; updated Sep 18, 2019
# Change 8192 to 1024 or 2048 on small systems
# Change 2048 to 512 or 1024 on small systems
# Adjust rmem & wmem for use on 1gbit or 10gbit setups (competing examples are online)

fs.file-max = 4194304
net.core.netdev_max_backlog=8192
net.core.rmem_max=16777216
net.core.somaxconn=2048
net.core.wmem_max=16777216
net.ipv4.tcp_base_mss=1024
net.ipv4.tcp_congestion_control=bbr
net.ipv4.tcp_max_syn_backlog=8192
net.ipv4.tcp_mtu_probing=2
net.ipv4.tcp_rmem=4096 87380 16777216
net.ipv4.tcp_slow_start_after_idle=0
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_wmem=4096 16384 16777216

# Disable IPv6 privacy addressing on servers, to obtain their correct SLAAC for DNS use.
net.ipv6.conf.all.use_tempaddr=0
net.ipv6.conf.default.use_tempaddr=0

# If Linux 4.19 or newer, use cake; else fq_codel
net.core.default_qdisc=fq_codel
#net.core.default_qdisc=cake

# Router (uncomment following to use)
#net.ipv6.conf.default.forwarding=1
#net.ipv6.conf.all.forwarding=1
#net.ipv4.ip_forward=1

Cloud & Web VMs

# Cloud & Web /etc/sysctl.conf
# Michael Adams; unquietwiki.com; updated Sep 18, 2019

# Some defaults
fs.file-max = 1048576
net.core.netdev_max_backlog=8192
net.core.somaxconn=2048
net.ipv4.tcp_congestion_control=bbr
net.ipv4.tcp_max_syn_backlog=8192
net.ipv4.tcp_mtu_probing=2
net.ipv4.tcp_slow_start_after_idle=0
net.ipv4.tcp_tw_reuse=1

# If necessary, use a BDP calculator to tweak the end number on these.
net.core.rmem_max=3760960
net.core.wmem_max=3760960
net.ipv4.tcp_rmem=4096 87380 3760960
net.ipv4.tcp_wmem=4096 16384 3760960

# Server / managed system
net.ipv6.conf.all.use_tempaddr=0
net.ipv6.conf.default.use_tempaddr=0

# If Linux 4.19 or newer, use cake; else fq_codel
net.core.default_qdisc=fq_codel
#net.core.default_qdisc=cake

# Router (uncomment following to use)
#net.ipv6.conf.default.forwarding=1
#net.ipv6.conf.all.forwarding=1
#net.ipv4.ip_forward=1

No comments:

Post a Comment