Tweaking opensuse 11.2

I tought that the members of this forums would be interested in these two links.

Tweak kernel variables in sysctl.conf « Overtone


Sysctl | SUSE & openSUSE

I have used the trick described in these articles to configure my system, I have only edited sysctl.conf to apply to my network settings and I have noticed a dramatic improvement with my net connection and speed. I was wondering if any other forum member had a trick up his sleeve about how to tweak opensuse/sysctl

I am sharing this in hopes that it interest someone and helps, but I can give no guarantees that this will work for you or wont break your system!

Here is my sysctl.conf for those interested.

Disable response to broadcasts.

You don’t want yourself becoming a Smurf amplifier.

net.ipv4.icmp_echo_ignore_broadcasts = 1

enable route verification on all interfaces

net.ipv4.conf.all.rp_filter = 1

enable ipV6 forwarding

#net.ipv6.conf.all.forwarding = 1

increase the number of possible inotify(7) watches

fs.inotify.max_user_watches = 65536

avoid deleting secondary IPs on deleting the primary IP

net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1

increase TCP max buffer size setable using setsockopt()

net.core.rmem_max = 16777216
net.core.wmem_max = 16777216

increase Linux autotuning TCP buffer limits

min, default, and max number of bytes to use

set max to at least 4MB, or higher if you use very high BDP paths

net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216

don’t cache ssthresh from previous connection

net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_moderate_rcvbuf = 1

recommended to increase this for 1000 BT or higher

net.core.netdev_max_backlog = 2500

for 10 GigE, use this, uncomment below

net.core.netdev_max_backlog = 30000

Turn off timestamps if you’re on a gigabit or very busy network

Having it off is one less thing the IP stack needs to work on

#net.ipv4.tcp_timestamps = 0

disable tcp selective acknowledgements.

net.ipv4.tcp_sack = 0
#enable window scaling
net.ipv4.tcp_window_scaling = 1
#drop icmp requests for total stealth
net.ipv4.icmp_echo_ignore_all = 1
#disable broadcasting
net.ipv4.icmp_echo_ignore_broadcasts = 1

Disable ICMP Redirect Acceptance

#for IPv4
net.ipv4.conf.all.accept_redirects = 1
net.ipv4.conf.all.send_redirects = 1
#Ipv4 at interface level
net.ipv4.conf.eth0.accept_redirects = 1
net.ipv4.conf.eth0.send_redirects = 1
#tcp congestion
net.ipv4.tcp_reordering = 20
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_congestion_control = cubic

Increase the tcp-time-wait buckets pool size

net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.tcp_rfc1337 = 1
net.ipv4.ip_no_pmtu_disc = 0
net.ipv4.tcp_sack = 1
net.ipv4.tcp_fack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_ecn = 0
net.ipv4.route.flush = 1
#Prevent SYN attack by enabling TCP/IP SYN cookies
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 2

Disables IP source routing

net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

Enable IP spoofing protection, turn on source route verification

net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets

net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.lo.log_martians = 1
net.ipv4.conf.eth0.log_martians = 1

Enable bad error message Protection

net.ipv4.icmp_ignore_bogus_error_responses = 1

Set maximum amount of memory allocated to shm to 256M

kernel.shmmax = 268435456

Increase the maximum memory used to reassemble IP fragments

net.ipv4.ipfrag_high_thresh = 512000
net.ipv4.ipfrag_low_thresh = 446464

Increase the maximum amount of option memory buffers

net.core.optmem_max = 57344

I have not yet tried any “serious” tweaks regarding the memory, such as setting swappiness. Any options and thoughts are appreciated.

i have not that much time to spend, so im not gona try this at home :slight_smile: one cuz this guy from the link you priveded has tested this on ubuntu 7.04. its like you try to tweak your windows 7 with guid of windows XP :slight_smile: me peresenaly will not try this out, not that its not interested. but further looking for tweaks that are tested on suse 12.1. love my suse love you all :slight_smile:

On 11/24/2011 04:06 PM, pyroclastic wrote:
> tested this on ubuntu 7.04

its a two year old post!

how long have you been using Linux?
i ask because compared to the biggest selling desktop on the planet,
openSUSE is born pre-tweaked…and, the most likely outcome of
indiscriminate tweaking is a broken system!!

what are you trying to accomplish with this ‘tweaking’?? (do NOT answer
here, this is not a ‘help’ section…post your actual needs in a help
thread (note: just asking something like “How do i tweak openSUSE 12.1?”
will not reap lots of useful info as this is not the operating system
best used to soak up spare ‘tweaking’ hours)…