sysctl tuning and strong optimization

Настройки для ядра >= 3.2 (Впрочем, абсолютно наверняка и для 2.6 подойдут) сервера рассчитанного на сетевую нагрузку (router/nat/web/etc). В данном случае это xeon E5420, 8G RAM.

# SWAP usage
vm.swappiness = 60
# Controls the maximum size of a message, in bytes
kernel.msgmnb = 65536
# Controls the default maxmimum size of a mesage queue
kernel.msgmax = 65536
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 4194349056
# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 1024011

##################
### NETWORKING ###
##################

# Max sockets who wait for connections
net.core.somaxconn = 16384
# Max queue packets
net.core.netdev_max_backlog = 8192
# Disable ipv6
net.ipv6.conf.all.disable_ipv6 = 1
# Ignore ICMP broadcasts
net.ipv4.icmp_echo_ignore_broadcasts = 1
# Cisco ARP problem solving
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 1
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 1
# Tunneling and packet forwarding for IPv4
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.ip_forward = 1
# Max oprhan sockets without handle
net.ipv4.tcp_max_orphans = 65536
# Count fails before destroy TCP-connection, closed local
net.ipv4.tcp_orphan_retries = 0
# Time through which sockets in state FIN-WAIT-2 will be closed
net.ipv4.tcp_fin_timeout = 10
# Max connections without confirmation
net.ipv4.tcp_max_syn_backlog = 4096
# How often check SO_KEEPALIVE state connections
net.ipv4.tcp_keepalive_time = 1800
# Retries count transmit SYNACK packets before drop connection
net.ipv4.tcp_synack_retries = 2
# Enable tcp_congestion_control
net.ipv4.tcp_timestamps = 1
# Protocol used to control the load networks
net.ipv4.tcp_congestion_control = htcp
# What ports we can use
net.ipv4.ip_local_port_range = 1024 65535
# TIME_WAIT sockets quick utilization
net.ipv4.tcp_tw_recycle = 1
# We can reuse TIME_WAIT sockets
net.ipv4.tcp_tw_reuse = 1
# (tcp_keepalive_intvl * tcp_keepalive_probes) before connection will be disconnected when there is no response
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl = 15
# We do not use SACK in out TCP stack
net.ipv4.tcp_sack = 0
# And D-SACK too
net.ipv4.tcp_dsack = 0

#
# Before use conntrack, we must load this module in our core!
# https://www.kernel.org/doc/Documentation/networking/nf_conntrack-sysctl.txt
#

# Default for generic timeout (Def 600)
net.netfilter.nf_conntrack_generic_timeout = 30
# Time out for established connection (Def 432000 (5 days))
net.netfilter.nf_conntrack_tcp_timeout_established = 300
# Timeout for SYN packets (Def 120)
net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 30
net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 30
# Timeout for TIME_WAIT connections (Def 120)
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 30
# Timeout for FIN_WAIT connections (Def 120)
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 30
# Timeout for CLOSE_WAIT connections (Def 60)
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 15
# Max count our connections (sysctl net.netfilter.nf_conntrack_count)
net.netfilter.nf_conntrack_expect_max = 4096
net.netfilter.nf_conntrack_max = 1048576