Monthly Archives: August 2012

Kernel tuning for the TCP stack

Leave a reply

Below are some kernel tweaks that I use for CentOS 6.2 with a 10 GB NIC.


#Lower syn retry rates, default is 5
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 3

# Tune IPv6
net.ipv6.conf.default.router_solicitations = 0
net.ipv6.conf.default.accept_ra_rtr_pref = 0
net.ipv6.conf.default.accept_ra_pinfo = 0
net.ipv6.conf.default.accept_ra_defrtr = 0
net.ipv6.conf.default.autoconf = 0
net.ipv6.conf.default.dad_transmits = 0
net.ipv6.conf.default.max_addresses = 1

# Increase TCP max buffer size setable using setsockopt()
# default 4096 87380 4194304
net.ipv4.tcp_rmem = 4096 87380 8388608
net.ipv4.tcp_wmem = 4096 87380 8388608

# Increase Linux auto tuning TCP buffer limits
# min, default, and max number of bytes to use
# set max to at least 4MB, or higher if you use very high Bandwidth-delay product (BDP) paths
# Tcp Windows etc
# default 131071
net.core.rmem_max = 8388608
net.core.wmem_max = 8388608
# default 124928
net.core.rmem_default = 524287
net.core.wmem_default = 524287

# default net.core.netdev_max_backlog = 1000, set to 30000 for 10Gbit NICs
net.core.netdev_max_backlog = 32768
#
# default net.core.somaxconn = 128
net.core.somaxconn = 4096

# You might also try the following:
# default net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_max_syn_backlog = 4096

# metrics slows us down :)
net.ipv4.tcp_no_metrics_save = 1

# default net.ipv4.tcp_no_metrics_save = "32768 61000"
net.ipv4.ip_local_port_range = 1025 65535

# default tcp_fin_timeout = 60
net.ipv4.tcp_fin_timeout = 30

# default net.ipv4.tcp_keepalive_intvl = 75
net.ipv4.tcp_keepalive_intvl = 30

# default net.ipv4.tcp_max_tw_buckets = 180000
net.ipv4.tcp_max_tw_buckets = 1440000

# default net.ipv4.tcp_keepalive_time = 7200
net.ipv4.tcp_keepalive_time = 400

# default net.ipv4.tcp_keepalive_probe = 9
net.ipv4.tcp_keepalive_probes = 5

# default vm.swappiness = 60
vm.swappiness = 20

# ipcs -l
# default max seg size (kbytes) = 32768
kernel.shmmax = 500000000
# default max total shared memory (kbytes) = 8388608
kernel.shmall = 4000000000
# default max queues system wide = 1024
kernel.msgmni = 2048

net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.conf.all.arp_filter = 1
net.core.netdev_max_backlog = 10000

Also set your per user limits higher in /etc/security/limits.conf:
* soft nofile 65536
* hard nofile 65536
* soft nproc 131072
* hard nproc 131072

How to use Pageant and Putty from Windows

Leave a reply

Here is a terse HowTo for using putty to ssh into a remote server without using a password.

1. Download Putty installer from the Putty download page. Make sure to grab the windows “Installer”.
2. Install Putty
3. Start PuttyGen from Start -> Putty-> PuttyGen
4. Generate a new key and save it as a .ppk file without a passphrase
5. Use Putty to login to the server you want to connect to
append the public key text from PuttyGen to the text of ~/.ssh/authorized_keys Tip: Copy and paste from the PuttyGen console.
6. Create a shortcut to your .ppk file from Start -> Startup.
7. Select the .ppk shortcut from the Startup menu to start Pageant (this will happen automatically at every startup).
8. See the Pageant icon in the system tray? Right-click it and select “New session”
9. Enter username@hostname in the “Host name” field.
You will now log in automatically.

If your key is not accepted, check your file permissions. SSH is very sensitive directory and file permissions.
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys