Kernel tuning – sysctl

Here is some of my kernel tuning

# Tune network memory
net.core.wmem_max = 4194304
net.core.rmem_max = 4194304
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 65535
net.ipv4.tcp_max_syn_backlog = 65535
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_abort_on_overflow = 1
# Disable IPV6 if no use.
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

# Shorten nf_conntrack timeout values
net.netfilter.nf_conntrack_generic_timeout = 180
net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 30
net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 30
net.netfilter.nf_conntrack_tcp_timeout_established = 86400
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 40
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 30
net.netfilter.nf_conntrack_tcp_timeout_last_ack = 30
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 40
net.netfilter.nf_conntrack_tcp_timeout_close = 10
net.netfilter.nf_conntrack_tcp_timeout_max_retrans = 60
net.netfilter.nf_conntrack_tcp_timeout_unacknowledged = 60
# Need more buckets in nf_conntrack
net.nf_conntrack_max = 200000

Traffic Shaping using PF+ALTQ

My company need to control international traffic for hundreds of servers. It is tough for Linux.

My choice is FreeBSD, which is highly configurable and stable, being a network appliance. I can use ALTQ in the pf packet filter to limit traffic, I choose cbq (Class Based Queueing) which is simple enough and a bit efficient than other queueing method.

Everything seems perfect, but I do have some problems.

Problem 1: I need more than 256 Classes, we have 40+ class C network…

Problem 2: My DELL server using Broadcom NetXtreme II NIC (bce), performance is poor because can use only ONE CPU core per port, 8 core CPU doesn’t help. Continue reading