martes, 28 de diciembre de 2004

Mi shell script para tunning/performance de tcp/ip en linux

Evidentemente, estos parametros no a todo el mundo le sirven.
(Y si, se que son muy bestias)

echo "0" > /proc/sys/net/ipv4/tcp_sack
echo "0" > /proc/sys/net/ipv4/tcp_timestamps
echo "3129344 3137536 3145728" > /proc/sys/net/ipv4/tcp_mem
echo "65536 1398080 2796160" > /proc/sys/net/ipv4/tcp_rmem
echo "65536 1398080 2796160" > /proc/sys/net/ipv4/tcp_wmem
echo "163840" > /proc/sys/net/core/optmem_max
echo "1048560" > /proc/sys/net/core/rmem_default
echo "2097136" > /proc/sys/net/core/rmem_max
echo "1048560" > /proc/sys/net/core/wmem_default
echo "2097136" > /proc/sys/net/core/wmem_max

Actualizacion: Wed Dec 29 16:42:04 CET 2004
Más elegante con sysctl (/etc/sysctl.conf):

net.ipv4.tcp_sack = 0
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_mem = 3129344 3137536 3145728
net.ipv4.tcp_rmem = 65536 1398080 2796160
net.ipv4.tcp_wmem = 65536 1398080 2796160
net.core.optmem_max = 163840
net.core.rmem_default = 1048560
net.core.rmem_max = 2097136
net.core.wmem_default = 1048560
net.core.wmem_max = 2097136

###Hardening Linux:

net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.conf.default.log_martians = 1
net.ipv4.conf.all.log_martians = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.ip_default_ttl = 64
net.ipv4.tcp_syn_retries = 5
net.ipv4.tcp_max_syn_backlog = 256

# -Thx Crg