FreeBSD Optimizing Server for Heavy Load

Unix

10 Feb 2015

FreeBSD Optimizing Server for Heavy Load

Preston Garrison 0 Comments

Here are my settings that I use to optimize my server for high bandwidth transfers, and heavy load.  Keep in mind these settings will definitely use more memory then default, so make sure you have a decent amount of memory.  Just place this file in /etc/sysctl.conf and reboot.

 

kern.maxfiles=25600
kern.maxfilesperproc=16384
kern.ipc.maxsockbuf=4194304  # (default 2097152)
net.inet.tcp.sendbuf_max=4194304  # (default 2097152)
net.inet.tcp.recvbuf_max=4194304  # (default 2097152)
net.inet.tcp.cc.htcp.adaptive_backoff=1 # (default 0 ; disabled)
net.inet.tcp.cc.htcp.rtt_scaling=1 # (default 0 ; disabled)
net.inet.ip.forwarding=1      # (default 0)
net.inet.ip.fastforwarding=1  # (default 0)
kern.ipc.soacceptqueue=1024  # (default 128 ; same as kern.ipc.somaxconn)
net.inet.tcp.mssdflt=1460  # (default 536)
net.inet.tcp.minmss=1300   # (default 216)
net.inet.tcp.rfc1323=1  # (default 1)
net.inet.tcp.rfc3390=1  # (default 1)
net.inet.tcp.sack.enable=1  # (default 1)
net.inet.tcp.tso=0   # (default 1)
net.inet.tcp.nolocaltimewait=1  # (default 0)
net.inet.tcp.experimental.initcwnd10=1        # (default 1 for FreeBSD 10.1)
net.inet.tcp.syncache.rexmtlimit=0  # (default 3)
net.inet.ip.rtexpire=2       # (default 3600)
net.inet.ip.rtminexpire=2    # (default 10  )
net.inet.tcp.syncookies=0  # (default 1)
net.inet.ip.check_interface=1         # verify packet arrives on correct interface (default 0)
net.inet.ip.process_options=0         # ignore IP options in the incoming packets (default 1)
net.inet.ip.redirect=0                # do not send IP redirects (default 1)
net.inet.ip.stealth=1                 # do not reduce the TTL by one(1) when a packets goes through the firewall (default 0)
net.inet.icmp.drop_redirect=1         # no redirected ICMP packets (default 0)
net.inet.tcp.drop_synfin=1            # SYN/FIN packets get dropped on initial connection (default 0)
net.inet.tcp.fast_finwait2_recycle=1  # recycle FIN/WAIT states quickly (helps against DoS, but may cause false RST) (default 0)
net.inet.tcp.icmp_may_rst=0           # icmp may not send RST to avoid spoofed icmp/udp floods (default 1)
net.inet.tcp.msl=5000                 # 5s maximum segment life waiting for an ACK in reply to a SYN-ACK or FIN-ACK (default 30000)
net.inet.tcp.path_mtu_discovery=0     # disable MTU discovery since most ICMP type 3 packets are dropped by others (default 1)
net.inet.udp.blackhole=1              # drop udp packets destined for closed sockets (default 0)
net.inet.tcp.blackhole=2              # drop tcp packets destined for closed ports (default 0)
security.bsd.see_other_uids=0         # users only see their own processes. root can see all (default 1)
net.inet.tcp.sendspace=262144  # (default 32768)
net.inet.tcp.recvspace=262144  # (default 65536)
net.inet.tcp.sendbuf_inc=32768  # (default 8192 )
net.inet.tcp.recvbuf_inc=65536  # (default 16384)

 

 

 

Preston Garrison