Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
linux:sysctl [2006/03/05 07:59] 193.77.104.168 |
linux:sysctl [2006/10/25 23:01] a |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Linux sysctl options ====== | ====== Linux sysctl options ====== | ||
+ | |||
+ | ===== linux as router ===== | ||
+ | - The ARP behaviour can be fixed by using **'' | ||
+ | - If you have multiple interfaces on the same subnet, you may also want to enable **'' | ||
+ | * This prevents the ARP entry for an interface to fluctuate between two or more MAC addresses. However, you need to use source routing to make this work correctly. From the // | ||
+ | - The ARP cache timeout on Linux-based routers should be changed from the default, especially if you have a large number of peers. This parameter can be tuned by setting the appropriate procfs variable through the sysctl interface | ||
+ | * **change it so it's between 2 and 6 hours, and not 30 min as default.** | ||
+ | - You may need to turn off the //Reverse Path Filter// ('' | ||
+ | |||
+ | '' | ||
+ | # These settings should be duplicated for all interfaces that are | ||
+ | # on a peering LAN. | ||
+ | |||
+ | ### Typical stuff you really want on a router | ||
+ | |||
+ | # Fix the " | ||
+ | | ||
+ | | ||
+ | |||
+ | # Turn off RP filtering to allow asymmetric routing: | ||
+ | | ||
+ | |||
+ | # Multiple (non-aggregated) interfaces on the same peering LAN. | ||
+ | # READ THE MANUAL FIRST! | ||
+ | # | ||
+ | |||
+ | ### Keep the AMS-IX ARP Police happy. :-) | ||
+ | |||
+ | | ||
+ | | ||
+ | |||
+ | ==== 2.6 net/ipv4 options ==== | ||
+ | |||
+ | more detailed: [[: | ||
==== Reboot on kernel panic ==== | ==== Reboot on kernel panic ==== | ||
Line 11: | Line 45: | ||
kernel.shmmax = 67108864 | kernel.shmmax = 67108864 | ||
+ | |||
+ | ==== ip_conntrack: | ||
+ | If you notice the following message in syslog, it looks like the conntrack database doesn' | ||
+ | |||
+ | You can easily increase the number of maximal tracked connections, | ||
+ | |||
+ | To increase this limit to e.g. 8192, type: | ||
+ | |||
+ | echo " | ||
+ | |||
+ | To optimize performance, | ||
+ | |||
+ | Example (with 1023 buckets): | ||
+ | |||
+ | | ||
+ | |||
+ | [[http:// | ||
+ | |||
+ | ===== GrSecurity options ===== | ||
+ | {{page> | ||
+ | |||
+ | About GrSecurity see [[linux: | ||
+ | |||
+ | |||
Line 16: | Line 74: | ||
Download {{linux: | Download {{linux: | ||
- |