sysctl.conf » Help Needed!

Discussion in 'Server Operation' started by GreenLED, Aug 19, 2008.

  1. GreenLED

    GreenLED New Member

    I have a server running linux that needs some serious work. I am running a site that requires me to have as much performance as I can for downloading files. I run into problems with downloads that do not perform at high speeds and start to decrease in kb / second as time elapses. Here's my sysctl.conf, hopefully someone here can make some good suggestions that will give me some much needed throughput. Your comments are much appreciated.

    Code:
    # Kernel sysctl configuration file for Red Hat Linux
    #
    # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
    # sysctl.conf(5) for more details.
    
    # Disables packet forwarding
    net.ipv4.ip_forward=0
    
    # Disables IP source routing
    net.ipv4.conf.all.accept_source_route = 0
    net.ipv4.conf.lo.accept_source_route = 0
    net.ipv4.conf.eth0.accept_source_route = 0
    net.ipv4.conf.default.accept_source_route = 0
    
    # Enable IP spoofing protection, turn on source route verification
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.lo.rp_filter = 1
    net.ipv4.conf.eth0.rp_filter = 1
    net.ipv4.conf.default.rp_filter = 1
    
    # Disable ICMP Redirect Acceptance
    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.lo.accept_redirects = 0
    net.ipv4.conf.eth0.accept_redirects = 0
    net.ipv4.conf.default.accept_redirects = 0
    
    # Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
    net.ipv4.conf.all.log_martians = 0
    net.ipv4.conf.lo.log_martians = 0
    net.ipv4.conf.eth0.log_martians = 0
    
    # Disables IP source routing
    net.ipv4.conf.all.accept_source_route = 0
    net.ipv4.conf.lo.accept_source_route = 0
    net.ipv4.conf.eth0.accept_source_route = 0
    net.ipv4.conf.default.accept_source_route = 0
    
    # Enable IP spoofing protection, turn on source route verification
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.lo.rp_filter = 1
    net.ipv4.conf.eth0.rp_filter = 1
    net.ipv4.conf.default.rp_filter = 1
    
    # Disable ICMP Redirect Acceptance
    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.lo.accept_redirects = 0
    net.ipv4.conf.eth0.accept_redirects = 0
    net.ipv4.conf.default.accept_redirects = 0
    
    # Disables the magic-sysrq key
    kernel.sysrq = 0
    
    # Decrease the time default value for tcp_fin_timeout connection
    net.ipv4.tcp_fin_timeout = 15
    
    # Decrease the time default value for tcp_keepalive_time connection
    net.ipv4.tcp_keepalive_time = 1800
    
    # Turn off the tcp_window_scaling
    net.ipv4.tcp_window_scaling = 0
    
    # Turn off the tcp_sack
    net.ipv4.tcp_sack = 0
    
    # Turn off the tcp_timestamps
    net.ipv4.tcp_timestamps = 0
    
    # Enable TCP SYN Cookie Protection
    net.ipv4.tcp_syncookies = 1
    
    # Enable ignoring broadcasts request
    net.ipv4.icmp_echo_ignore_broadcasts = 1
    
    # Enable bad error message Protection
    net.ipv4.icmp_ignore_bogus_error_responses = 1
    
    # Log Spoofed Packets, Source Routed Packets, Redirect Packets
    net.ipv4.conf.all.log_martians = 1
    
    # Increases the size of the socket queue (effectively, q0).
    net.ipv4.tcp_max_syn_backlog = 1024
    
    # Increase the tcp-time-wait buckets pool size
    net.ipv4.tcp_max_tw_buckets = 1440000
    
    # Allowed local port range
    net.ipv4.ip_local_port_range = 16384 65536
    
     
  2. falko

    falko Super Moderator ISPConfig Developer

    I'd try to comment out everything (like in the default Debian sysctl.conf) and try again.
     
  3. topdog

    topdog Active Member HowtoForge Supporter

    I do not think that has anything to do with your sysctl configuration you need to identify the actual issue before changing those values.

    The only value i could think is the number of connections and possible the connection tracking systems.

    These values are usually considerably high that you never exceed them. so i would try and debug the system using a tool like iptraf or just a plain tcpdump.
     
  4. GreenLED

    GreenLED New Member

    For some reason the server is performing well above my expectations all of a sudden. I don't know if something was changed or heavy traffic was a result of the delays in speed (I highly doubt that). Hopefully, I will not have to come back to this file. I will take a look at those tools you suggested, they should be extremely helpful in the future. As far as never exceeding "those values" -- oh contrare! I will most likely be exceeding some sort of values as the site spits out gigs of traffic daily. Would you change your suggestions if I told you that my server feeds a enormous amount of data out? It's quite important for the download speed to be two things . . .

    1. CONSISTANT
    2. HIGH

    Any thoughts? Thank you for your help.
     

Share This Page