Just make a note,\u00a0 better than forgot..<\/p>\n
#=========================================================================================
\n# $FreeBSD: src\/etc\/sysctl.conf,v 1.8.32.1 2009\/04\/15 03:14:26 kensmith Exp $
\n#
\n#\u00a0 This file is read when going to multi-user and its contents piped thru
\n#\u00a0 “sysctl” to adjust kernel values.\u00a0 “man 5 sysctl.conf” for details.
\n# \u00a0 Uncomment this to prevent users from seeing information about processes that
\n# are being run under another UID.<\/p>\n
net.inet.tcp.log_in_vain=1 (to display tcp\/udp log connection from client\u00a0 on \/var\/log\/messages )<\/p>\n
security.bsd.see_other_uids=0
\nsecurity.bsd.see_other_gids=0
\n# No zero mapping feature
\n# May break wine
\n# (There are also reports about broken samba3)
\n#security.bsd.map_at_zero=0<\/p>\n
# If you have really busy webserver with apache13 you may run out of proccess
\n#kern.maxproc=10000
\n# Same for servers with apache2 \/ Pound
\n#kern.threads.max_threads_per_proc=4096<\/p>\n
# Max. backlog size
\nkern.ipc.somaxconn=4096<\/p>\n
# Shared memory \/\/ 7.2+ can use shared memory > 2Gb
\nkern.ipc.shmmax=2147483648<\/p>\n
# Sockets # Recive clusters (on amd64 7.2+ 65k is default) # Jumbo pagesize(4k\/8k) clusters # Jumbo 9k\/16k clusters # Every socket is a file, so increase them # Turn off receive autotuning # Small receive space, only usable on http-server, on file server this # Small send space is useful for http servers that serve small files # This should be enabled if you going to use big spaces (>64k) # This feature is useful if you are serving data over modems, Gigabit Ethernet, # Disable randomizing of ports to avoid false RST # Increase portrange # Security # Security # Increases default TTL, sometimes useful # Lessen max segment life to conserve resources # Max bumber of timewait sockets # FIN_WAIT_2 state fast recycle # Time before tcp keepalive probe is sent # Should be increased until net.inet.ip.intr_queue_drops is zero # Interrupt handling via multiple CPU, but with context switch. # This is for routers only # This speed ups dummynet when channel isn’t saturated # Should be increased when you have A LOT of files on server # Explicit Congestion Notification (see http:\/\/en.wikipedia.org\/wiki\/Explicit_Congestion_Notification<\/a>) # Flowtable – flow caching mechanism # Extreme polling tuning # IPFW dynamic rules and timeouts tuning # shm_use_phys Wires all shared pages, making them unswappable # ZFS # On highload servers you may notice folowing message in dmesg: Below is a sample loader.conf <\/strong><\/p>\n $cat \/boot\/loader.conf<\/p>\n # ================================================================================================== # Async IO system calls # Adds NCQ support in FreeBSD # Increase kernel memory size to 3G. # Older versions of FreeBSD can’t tune maxfiles on the fly # Useful for databases # Maximum buffer size(vfs.maxbufspace) # Sendfile buffers # syncache Hash table tuning # Incresed hostcache # TCP control-block Hash table tuning # Enable superpages, for 7.2+ only # Usefull if you are using Intel-Gigabit NIC # Some useful netisr tunables. See sysctl net.isr # # Nicer boot logo =) Just make a note,\u00a0 better than forgot.. #========================================================================================= # $FreeBSD: src\/etc\/sysctl.conf,v 1.8.32.1 2009\/04\/15 03:14:26 kensmith Exp $ # #\u00a0 This file is read when going to multi-user and its contents piped thru #\u00a0 “sysctl” to adjust kernel values.\u00a0 “man 5 sysctl.conf” for details. # \u00a0 Uncomment this to prevent users from seeing information about processes … Continue reading “Small Note about \/etc\/sysctl.conf tuning on FreeBSD”<\/span><\/a><\/p>\n","protected":false},"author":25,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1348,9],"tags":[],"class_list":["post-334","post","type-post","status-publish","format-standard","hentry","category-kiat-sukses-menjadi-seorang-network-engineer-2","category-world-of-ict"],"_links":{"self":[{"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/posts\/334"}],"collection":[{"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/comments?post=334"}],"version-history":[{"count":0,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/posts\/334\/revisions"}],"wp:attachment":[{"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/media?parent=334"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/categories?post=334"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/tags?post=334"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nkern.ipc.maxsockets=204800
\n# Do not use lager sockbufs on 8.0
\n# ( http:\/\/old.nabble.com\/Significant-performance-regression-for-increased-m…<\/a> )
\nkern.ipc.maxsockbuf=262144<\/p>\n
\n# For such high value vm.kmem_size must be increased to 3G
\n#kern.ipc.nmbclusters=229376<\/p>\n
\n# Used as general packet storage for jumbo frames
\n# can be monitored via `netstat -m`
\n#kern.ipc.nmbjumbop=192000<\/p>\n
\n# If you are using them
\n#kern.ipc.nmbjumbo9=24000
\n#kern.ipc.nmbjumbo16=10240<\/p>\n
\nkern.maxfiles=204800
\nkern.maxfilesperproc=200000
\nkern.maxvnodes=200000<\/p>\n
\n#net.inet.tcp.recvbuf_auto=0<\/p>\n
\n# should be increased to 65535 or even more
\n#net.inet.tcp.recvspace=8192<\/p>\n
\n# Autotuned since 7.x
\nnet.inet.tcp.sendspace=16384<\/p>\n
\n#net.inet.tcp.rfc1323=1
\n# Turn this off on highspeed, lossless connections (LAN 1Gbit+)
\n#net.inet.tcp.delayed_ack=0<\/p>\n
\n# or even high speed WAN links (or any other link with a high bandwidth delay product),
\n# especially if you are also using window scaling or have configured a large send window.
\n# You can try setting it to 0 on fileserver with 1GBit+ interfaces
\n# Automatically disables on small RTT ( http:\/\/www.freebsd.org\/cgi\/cvsweb.cgi\/src\/sys\/netinet\/tcp_subr.c?#rev1.237<\/a> )
\n#net.inet.tcp.inflight.enable=0<\/p>\n
\n# Before usage check SA here www.bsdcan.org\/2006\/papers\/ImprovingTCPIP.pdf<\/a>
\n# (it’s also says that port randomization auto-disables at some conn.rates, but I didn’t tested it thou)
\n#net.inet.ip.portrange.randomized=0<\/p>\n
\n# For outgoing connections only. Good for seed-boxes and ftp servers.
\nnet.inet.ip.portrange.first=1024
\nnet.inet.ip.portrange.last=65535<\/p>\n
\nnet.inet.ip.redirect=0
\nnet.inet.ip.sourceroute=0
\nnet.inet.ip.accept_sourceroute=0
\nnet.inet.icmp.maskrepl=0
\nnet.inet.icmp.log_redirect=0
\nnet.inet.icmp.drop_redirect=1
\nnet.inet.tcp.drop_synfin=1<\/p>\n
\nnet.inet.udp.blackhole=1
\nnet.inet.tcp.blackhole=2<\/p>\n
\n# Default is 64
\nnet.inet.ip.ttl=128<\/p>\n
\n# ACK waiting time in miliseconds (default: 30000 from RFC)
\nnet.inet.tcp.msl=5000<\/p>\n
\nnet.inet.tcp.maxtcptw=40960
\n# Don’t use tw on local connections
\n# As of 15 Apr 2009. Igor Sysoev says that nolocaltimewait has some buggy realization.
\n# So disable it or now till get fixed
\n#net.inet.tcp.nolocaltimewait=1<\/p>\n
\nnet.inet.tcp.fast_finwait2_recycle=1<\/p>\n
\n# default is 2 hours (7200000)
\n#net.inet.tcp.keepidle=60000<\/p>\n
\nnet.inet.ip.intr_queue_maxlen=4096<\/p>\n
\n# You can play with it. Default is 1;
\n#net.isr.direct=0<\/p>\n
\nnet.inet.ip.forwarding=1
\n#net.inet.ip.fastforwarding=1<\/p>\n
\nnet.inet.ip.dummynet.io_fast=1
\n# Increase dummynet(4) hash
\n#net.inet.ip.dummynet.hash_size=2048
\n#net.inet.ip.dummynet.max_chain_len<\/p>\n
\n# (Increase until vfs.ufs.dirhash_mem becames lower)
\nvfs.ufs.dirhash_maxmem=67108864<\/p>\n
\nnet.inet.tcp.ecn.enable=1<\/p>\n
\n# Useful for routers
\n#net.inet.flowtable.enable=1
\n#net.inet.flowtable.nmbflows=65535<\/p>\n
\n#kern.polling.burst_max=1000
\n#kern.polling.each_burst=1000
\n#kern.polling.reg_frac=100
\n#kern.polling.user_frac=1
\n#kern.polling.idle_poll=0<\/p>\n
\n# Increase dyn_buckets till net.inet.ip.fw.curr_dyn_buckets is lower
\nnet.inet.ip.fw.dyn_buckets=65536
\nnet.inet.ip.fw.dyn_max=65536
\nnet.inet.ip.fw.dyn_ack_lifetime=120
\nnet.inet.ip.fw.dyn_syn_lifetime=10
\nnet.inet.ip.fw.dyn_fin_lifetime=2
\nnet.inet.ip.fw.dyn_short_lifetime=10
\n# Make packets pass firewall only once when using dummynet
\n# i.e. packets going thru pipe are passing out from firewall with accept
\n#net.inet.ip.fw.one_pass=1<\/p>\n
\n# Use this to lessen Virtual Memory Manager’s work when using Shared Mem.
\n# Useful for databases
\n#kern.ipc.shm_use_phys=1<\/p>\n
\n# Enable prefetch. Useful for sequential load type i.e fileserver.
\n# FreeBSD sets vfs.zfs.prefetch_disable to 1 on any i386 systems and
\n# on any amd64 systems with less than 4GB of avaiable memory
\n# For additional info check this nabble thread http:\/\/old.nabble.com\/Samba-read-speed-performance-tuning-td27964534.html<\/a>
\n#vfs.zfs.prefetch_disable=0<\/p>\n
\n# “Approaching the limit on PV entries, consider increasing either the
\n# vm.pmap.shpgperproc or the vm.pmap.pv_entry_max tunable”
\n#vm.pmap.shpgperproc=500
\n# ==================================================================================================<\/p>\n
\n# Accept filters for data, http and DNS requests
\n# Usefull when your software uses select() instead of kevent\/kqueue or when you under DDoS
\n# DNS accf available on 8.0+
\naccf_data_load=”YES”
\naccf_http_load=”YES”
\naccf_dns_load=”YES”<\/p>\n
\naio_load=”YES”<\/p>\n
\n# WARNING! all ad[0-9]+ devices will be renamed to ada[0-9]+
\n# 8.0+ only
\n#ahci_load=
\n#siis_load=<\/p>\n
\n#
\n# Use ONLY if you have KVA_PAGES in kernel configuration, and you have more than 3G RAM
\n# Otherwise panic will happen on next reboot!
\n#
\n# It’s required for high buffer sizes: kern.ipc.nmbjumbop, kern.ipc.nmbclusters, etc
\n# Useful on highload stateful firewalls, proxies or ZFS fileservers
\n# (FreeBSD 7.2+ amd64 users: Check that current value is lower!)
\n#vm.kmem_size=”3G”<\/p>\n
\n#kern.maxfiles=”200000″<\/p>\n
\n# Sets maximum data size to 1G
\n# (FreeBSD 7.2+ amd64 users: Check that current value is lower!)
\n#kern.maxdsiz=”1G”<\/p>\n
\n# You can check current one via vfs.bufspace
\n# Should be lowered\/upped depending on server’s load-type
\n# Usually decreased to preserve kmem
\n# (default is 200M)
\n#kern.maxbcache=”512M”<\/p>\n
\n# For i386 only
\n#kern.ipc.nsfbufs=10240<\/p>\n
\nnet.inet.tcp.syncache.hashsize=1024
\nnet.inet.tcp.syncache.bucketlimit=100<\/p>\n
\nnet.inet.tcp.hostcache.hashsize=”16384″
\nnet.inet.tcp.hostcache.bucketlimit=”100″<\/p>\n
\nnet.inet.tcp.tcbhashsize=4096<\/p>\n
\n# Also read http:\/\/lists.freebsd.org\/pipermail\/freebsd-hackers\/2009-November\/030094….<\/a>
\nvm.pmap.pg_ps_enabled=1<\/p>\n
\n#hw.em.rxd=4096
\n#hw.em.txd=4096
\n#hw.em.rx_process_limit=”-1″
\n# Also if you have ALOT interrupts on NIC – play with following parameters
\n# NOTE: You should set them for every NIC
\n#dev.em.0.rx_int_delay: 250
\n#dev.em.0.tx_int_delay: 250
\n#dev.em.0.rx_abs_int_delay: 250
\n#dev.em.0.tx_abs_int_delay: 250
\n# There is also multithreaded version of em drivers can be found here:
\n# http:\/\/people.yandex-team.ru\/~wawa\/<\/a>
\n#
\n# for additional em monitoring and statistics use
\n# `sysctl dev.em.0.stats=1 ; dmesg`
\n#
\n#Same tunings for igb
\n#hw.igb.rxd=4096
\n#hw.igb.txd=4096
\n#hw.igb.rx_process_limit=100<\/p>\n
\n#net.isr.defaultqlimit=4096
\n#net.isr.maxqlimit: 10240
\n# Bind netisr threads to CPUs
\n#net.isr.bindthreads=1<\/p>\n
\n# FreeBSD 9.x+
\n# Increase interface send queue length
\n# See commit message http:\/\/svn.freebsd.org\/viewvc\/base?view=revision&revision=207554<\/a>
\n#net.link.ifqmaxlen=1024<\/p>\n
\nloader_logo=”beastie”<\/p>\n","protected":false},"excerpt":{"rendered":"