Recently I learned from Marco about /etc/sysctl.d
, a folder where you can drop in files instead of changing /etc/sysctl.conf
directly. That gave me the idea of building a puppet module for sysctl:
https://github.com/cosimo/puppet-modules/blob/master/sysctl/README
The idea is to assemble a collection of useful sysctl snippets. I started with the usual things we use everywhere:
- LVS Direct Routing
# LVS directives for Direct Routing # http://www.linuxvirtualserver.org/VS-DRouting.html net.ipv4.conf.lo.arp_ignore = 1 net.ipv4.conf.lo.arp_announce = 2 net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2
- TCP performance tuning
#--------------------------------------------------------------------- # TCP/IP performance optimization settings compared to debian defaults # # from http://varnish.projects.linpro.no/wiki/Performance #--------------------------------------------------------------------- #net.ipv4.ip_local_port_range = 32768 61000 net.ipv4.ip_local_port_range = 1024 65536 # net.core.rmem_max = 131071 net.core.rmem_max = 16777216 # net.core.wmem_max = 131071 net.core.wmem_max = 16777216 # net.ipv4.tcp_rmem = 4096 87380 4194304 net.ipv4.tcp_rmem = 4096 87380 16777216 # net.ipv4.tcp_wmem = 4096 16384 4194304 net.ipv4.tcp_wmem = 4096 65536 16777216 # net.ipv4.tcp_fin_timeout = 60 net.ipv4.tcp_fin_timeout = 20 # net.core.netdev_max_backlog = 1000 net.core.netdev_max_backlog = 30000 # net.ipv4.tcp_no_metrics_save = 0 net.ipv4.tcp_no_metrics_save = 1 # net.core.somaxconn = 128 net.core.somaxconn = 262144 # net.ipv4.tcp_syncookies = 0 net.ipv4.tcp_syncookies = 1 # net.ipv4.tcp_max_orphans = 65536 net.ipv4.tcp_max_orphans = 262144 # net.ipv4.tcp_max_syn_backlog = 1024 net.ipv4.tcp_max_syn_backlog = 262144 # net.ipv4.tcp_synack_retries = 5 net.ipv4.tcp_synack_retries = 3 # net.ipv4.tcp_syn_retries = 5 net.ipv4.tcp_syn_retries = 3
I'm interested in both baseline settings to be applied by default everywhere (ex. vm.swappiness = <n>)
, and special-purpose settings to be "attached" to server roles, like db, file servers, http servers, etc… I'd love to hear from you.