Notes on adjusting kernel parameters of FreeBSD system optimization

Source: Internet
Author: User
Many people want to optimize their own FreeBSD, especially in terms of network performance and kernel adjustment, because these are the most direct optimization methods. Here I have collected and sorted out the information and commented it out in Chinese. I believe many people will get it. CODE # maximum buffer space of TCP data to be sent. net. inet. tcp. sendspac...

 

Many people want to optimize their own FreeBSD, especially in terms of network performance and kernel adjustment, because these are the most direct optimization methods. Here I have collected and sorted out the information and commented it out in Chinese. I believe many people will get it.

 

 

CODE

 

# Maximum buffer space for TCP data to be sent

Net. inet. tcp. sendspace = 65536

 

# Maximum accept TCP buffer space

Net. inet. tcp. recvspace = 65536

 

# Maximum accept UDP buffer size

. Net. inet. udp. sendspace = 65535

 

# Maximum size of the buffer for sending UDP data

Net. inet. udp. maxdgram = 65535

 

# Data sending space connected by local socket

Net. local. stream. sendspace = 65535

 

# Protocol for accelerating network performance

Net. inet. tcp. rfc1323 = 1

Net. inet. tcp. rfc1644 = 1

Net. inet. tcp. rfc3042 = 1

Net. inet. tcp. rfc3390 = 1

 

# Maximum socket buffer

Kern. ipc. maxsockbuf = 2097152

 

# Maximum number of files allowed in the system

Kern. maxfiles = 65536

 

# Maximum number of files that each process can open simultaneously

Kern. maxfilesperproc = 32768

 

# When a computer initiates a TCP connection request, the system will respond to the ACK response packet.

# This option sets whether to delay the ACK response packet and sends it together with the data packet,

# High-speed networks and low load will slightly improve performance, but when the network connection is poor,

# If the recipient's computer does not receive a response, the connection request will be continuously initiated, but the performance will be reduced.

Net. inet. tcp. delayed_ack = 0

 

# Blocking ICMP redirection

Net. inet. icmp. drop_redirect = 1

Net. inet. icmp. log_redirect = 1

Net. inet. ip. redirect = 0

Net. inet6.ip6. redirect = 0

 

# Prevent ICMP broadcast storms

Net. inet. icmp. bmcastecho = 0

Net. inet. icmp. maskrepl = 0

 

# Limit the system's ICMP sending rate

Net. inet. icmp. icmplim = 100

 

# Security parameter. options TCP_DROP_SYNFIN is added during kernel compilation.

Net. inet. icmp. icmplim_output = 0

Net. inet. tcp. drop_synfin = 1

 

# Setting 1 will help the system clear TCP connections that are not normally disconnected. this increases the usage of some network bandwidth, but some dead connections can be identified and cleared. The dead TCP connection is a special problem of the system accessed by the dial-up user, because the user often disconnects the modem and does not properly close the active connection.

Net. inet. tcp. always_keepalive = 1

 

# If net. inet. ip. intr_queue_drops is increasing, you need to increase net. inet. ip. intr_queue_maxlen, preferably 0.

Net. inet. ip. intr_queue_maxlen = 1000

 

# Prevent DOS attacks. The default value is 30000.

Net. inet. tcp. msl = 7500

 

# Receive all packets sent from a closed port and drop them directly. if it is set to 1, it is only for TCP packets.

Net. inet. tcp. blackhole = 2

 

# Directly drop all UDP packets sent from a closed Port

Net. inet. udp. blackhole = 1

 

# Provide a buffer for network data connection

Net. inet. tcp. inflight. enable = 1

 

# If it is enabled, the data of each target address will be recorded in the route table and arp data table once it is successfully forwarded, saving the route computing time, however, a large amount of kernel memory is required to save the route table.

Net. inet. ip. fastforwarding = 0

 

# Enable the options POLLING function in kernel Compilation. it is not recommended to use low load in high load scenarios.

# SMP cannot be used with polling

# Kern. polling. enable = 1

 

# Number of concurrent connections. the default value is 128. the recommended value is between and. the larger the number, the larger the memory usage.

Kern. ipc. somaxconn = 32768

 

# Prohibiting users from viewing other users' processes

Security. bsd. see_other_uids = 0

 

# Setting the kernel security level

Kern. securelevel = 0

 

# Record any TCP connections

Net. inet. tcp. log_in_vain = 1

 

# Record any UDP connections

Net. inet. udp. log_in_vain = 1

 

# Prevent incorrect udp packet attacks

Net. inet. udp. checksum = 1

 

# Prevent DOS attacks

Net. inet. tcp. syncookies = 1

Www.2cto.com

# Physical memory is only supported by threads, and more than 256 MB of memory is required

Kern. ipc. shm_use_phys = 1

 

# Maximum shared memory available for threads

Kern. ipc. shmmax = 67108864

 

# Maximum number of threads

Kern. ipc. shmall = 32768

 

# Not recorded during program crash

Kern. coredump = 0

 

# Lo local data stream receiving and sending space

Net. local. stream. recvspace = 65536

. Net. local. dgram. maxdgram = 16384

Net. local. dgram. recvspace = 65536

 

# The Data Segment size of the data packet. The value of ADSL is 1452.

Net. inet. tcp. mssdflt = 1460

 

# Provide a buffer for network data connection

Net. inet. tcp. inflight_enable = 1

 

# Minimum value of the data segment of the data packet. The value of ADSL is 1452.

Net. inet. tcp. minmss = 1460

 

# Maximum number of local data

Net. inet. raw. maxdgram = 65536

 

# Local data stream receiving space

Net. inet. raw. recvspace = 65536

 

# Number of dynamic rules of ipfw firewall. the default value is 4096. increasing this value can prevent some viruses from sending a large number of TCP connections, resulting in failure to establish a normal connection.

Net. inet. ip. fw. dyn_max = 65535

 

# Set the idle retention time for the TCP connection of ipf firewall. the default value is 8640000 (120 hours)

Net. inet. ipf. fr_tcpidletimeout = 864000

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.