#############################
net.inet.tcp.keepidle:7200000
######################
The default time for TCP sockets is too long, which can be changed to 600000 (10 minutes).
##########################
net.inet.tcp.sendspace:32768
################ #http://www.bsdlover.cn#########
The largest TCP data buffer space to send, the application will put the data here is considered to be successful, the system TCP stack to ensure the normal data sent.
####################################
net.inet.tcp.recvspace:65536
###################################
The largest acceptance of the TCP buffer space, the system from here to distribute data to different sockets, increase the space to improve the system's ability to accept data instantaneously to improve performance.
###################################
These two options control the size of the transmit and receive registers used by the network TCP online respectively. The preset transfer registers is 32K, and the received registers is 64K.
If you need to speed up TCP transmission, you can turn these two values up a bit, but the downside is that too much value can cause the system core to take up too much memory.
If our machine will service hundreds of or thousands of of the network online, then these two options are best maintained by default, otherwise it will cause system core memory is low.
But if we are using a gigabite network, the two-value tuning assembly has a significant performance boost.
The registers size of the transmit and receive can be adjusted separately,
For example, assuming that our system is primarily a Web server, we can reduce the number of registers received and make the transfer registers larger so that we can avoid taking up too much of the core memory space.
net.inet.udp.maxdgram:9216
#########################
Maximum send UDP data buffer size, online data are mostly 65536, I personally think not much need,
If you want to adjust, you can try 24576.
##############################
net.inet.udp.recvspace:42080
##################
The largest accept UDP buffer size, online data are mostly 65536, I personally think not much need,
If you want to adjust, you can try 49152.
#######################
The above four configurations usually do not cause problems, generally speaking, network traffic is asymmetric, so should be adjusted according to the actual situation, and observe its effect.
If we set the registers to be more than 65535, unless the server itself and the operating system used by the client support the TCP protocol's Windows scaling extension (refer to the RFC 1323 file).
FreeBSD the rfs1323 (that is, the sysctl net.inet.tcp.rfc1323 option) is supported by default.
###################################################
net.inet.tcp.log_in_vain:0
##################
Record any TCP connections, which should not normally be changed.
####################
net.inet.tcp.blackhole:0
##################################
The recommendation is set to 2 to receive all packets from a port that has already been closed, drop directly, or only TCP packets if set to 1
#####################################
Net.inet.tcp.delayed_ack:1
###########################
When a computer initiates a TCP connection request, the system responds to an ACK reply packet.
This option sets whether to delay the ACK reply packet and send it along with the packet that contains the data.
Improves performance slightly in high speed networks and low load situations, but when network connectivity is poor,
If the other computer doesn't get an answer, it will continue to initiate a connection request, which will make the network more congested and less performance.
So this value I suggest you see the situation, if your speed is not a problem, you can reduce the number of packets by half
If the network is not particularly good, then set to 0, there is a request to respond first, so in fact, the waste of netcom, telecom bandwidth rate rather than your processing time:)
############################
Net.inet.tcp.inflight.enable:1
net.inet.tcp.inflight.debug:0
Net.inet.tcp.inflight.rttthresh:10
net.inet.tcp.inflight.min:6144
net.inet.tcp.inflight.max:1073725440
Net.inet.tcp.inflight.stab:20
###########################
Limiting the TCP bandwidth delay product is similar to the NetBSD Tcp/vegas.
It can be enabled by setting the SYSCTL variable net.inet.tcp.inflight.enable.
The system will attempt to compute the bandwidth delay product for each connection and limit the amount of data queued to a level that just keeps the optimal throughput.
This feature is especially important when your server is connected to a common modem, gigabit Ethernet, and even higher speed optical connections to the network (or other bandwidth delays),
Especially when you use the sliding window to zoom in, or when you use a large send window.
If this option is enabled, you should also set the Net.inet.tcp.inflight.debug to 0 (disable debugging).
For a production environment, it would be advantageous to set net.inet.tcp.inflight.min at least 6144.
However, it should be noted that this value is set too large in fact equivalent to disabling the connection bandwidth Delay product throttling feature.
This limiting feature reduces the number of blocked data in Routing and switching packet queues, and also reduces the number of data blocked on the local host interface queue.
In a small number of waiting queues, interactive connections, especially through slow modems, can also be used for low round-trip time operations.
However, note that this only affects the data sent (upload/service side). No effect on data reception (download).
Adjustment of Net.inet.tcp.inflight.stab is not recommended.
The default value of this parameter is 20, which means that the 2 maximum packets are added to the calculation of the Bandwidth Delay product window.
The extra window-like algorithm is more stable and improves the ability to do the same for a diverse network environment,
But it can also cause the ping time to grow under a slow connection (although much less than the inflight algorithm is not used).
For these situations, you might want to reduce this parameter to 15, 10, or 5;
And it may have to reduce net.inet.tcp.inflight.min (say, 3500) to get the desired results.
Reducing the value of these parameters should be used only as a last resort.
############################
Net.inet.tcp.syncookies:1
#########################
SYN cookies are technologies that can be used to validate the impact of syn ' flood ' attacks by selecting the encrypted initialization TCP serial number and verifying the packet of the response.
By default, no modification is required
########################
net.inet.tcp.msl:30000
#######################
This value is recommended by many articles on the Internet 7500,
It can also be changed to a smaller number (such as 2000 or 2500), which speeds up the process of releasing an abnormal connection (three handshake 2 seconds, fin_wait4 seconds).
#########################
Net.inet.tcp.always_keepalive:1
###########################
The Help system clears TCP connections that are not properly disconnected, which increases the use of some network bandwidth, but some dead connections can eventually be identified and purged.
A dead TCP connection is a special problem for a dial-up user-accessed system because the user often disconnects the modem without properly closing the active connection.
#############################
Net.inet.udp.checksum:1
#########################
Prevent improper UDP packets from attacking, by default that is, no need to modify
##############################
net.inet.udp.log_in_vain:0
#######################
Record any UDP connections, which should not be modified in general.
#######################
net.inet.udp.blackhole:0
####################
The recommendation is set to 1 to receive a direct drop of all UDP packets sent from a port that has been closed
#######################
net.inet.raw.maxdgram:8192
#########################
Maximum outgoing raw IP datagram size
Many articles recommend setting to 65536, as if not much necessary.
######################################
net.inet.raw.recvspace:8192
######################
Maximum incoming raw IP datagram size
Many articles recommend setting to 65536, as if not much necessary.
#######################
net.link.ether.inet.max_age:1200
####################
When the ARP cleanup is adjusted, a spoofed ARP entry is populated by buffering the IP route to allow the malicious user to generate resource exhaustion and performance reduction attacks.
This does not seem to have been changed, I suggest not to move or a slight reduction, such as (HP-UX default 5 minutes)
#######################
Net.inet6.ip6.redirect:1
###############################
Set to 0, shielding IPv6 redirection function
###########################
net.isr.direct:0
################ #http://www.111cn.net #########
All Mpsafe's network ISR responds immediately to the packet, improving the performance of the NIC, set to 1.
####################################
Hw.ata.wc:1
#####################
This option is used to open the IDE hard drive cache. When open, if there is data to write to the hard disk, the hard drive will pretend to have finished writing, and quickly pick up the data.
This method accelerates the access speed of the hard disk, but when the system shuts down abnormally, it is more likely to cause data loss.
However, due to the closure of this function brought about by the speed difference is too large, suggest or keep the original open state it, do not make changes.
###################
Security.bsd.see_other_uids:1
Security.bsd.see_other_gids:1
#####################
Does not allow the user to see the process of another user, so it should be changed to 0,
#######################