Hello,
We are currently migrating from Solaris 10 to RHEL 5...
We have TCP tuning variables on our Sun boxes that we would like to do on our RHEL boxes...
I have a script that runs on boot that does these values for me...
Code:
echo "Begin TCP and IP tuning ..."
# if netstat -s |grep tcpListenDrop is non-zero, this value is not high enough.
# the further from zero it is, the larger the change needed.
# I saw a web site with 8192 as the value for _both_ max_q and max_q0 values.
/usr/sbin/ndd -set /dev/tcp tcp_conn_req_max_q 1024
/usr/sbin/ndd -set /dev/tcp tcp_conn_req_max_q0 2048
/usr/sbin/ndd -set /dev/tcp tcp_rexmit_interval_min 1500
/usr/sbin/ndd -set /dev/tcp tcp_rexmit_interval_initial 3000
/usr/sbin/ndd -set /dev/tcp tcp_rexmit_interval_max 10000
if [ `uname -r | cut -d"." -f2` -ge 9 ] ;then
#Solaris 9 gets some bigger values (as recommended by Helios) ...
/usr/sbin/ndd -set /dev/tcp tcp_cwnd_max 262144
/usr/sbin/ndd -set /dev/tcp tcp_xmit_hiwat 131088
/usr/sbin/ndd -set /dev/tcp tcp_recv_hiwat 131088
else
/usr/sbin/ndd -set /dev/tcp tcp_cwnd_max 262144
/usr/sbin/ndd -set /dev/tcp tcp_xmit_hiwat 65536
/usr/sbin/ndd -set /dev/tcp tcp_recv_hiwat 65536
fi
# This value tells how long to keep alive a connection. The default is 2 hours;
# this value is 300 seconds, 5 minutes. (prev version of this script was: 900000, i.e. 15 minutes)
/usr/sbin/ndd -set /dev/tcp tcp_keepalive_interval 300000
/usr/sbin/ndd -set /dev/tcp tcp_ip_abort_interval 60000
# Per CERT "SMURF" advisory
/usr/sbin/ndd -set /dev/ip ip_respond_to_echo_broadcast 0
/usr/sbin/ndd -set /dev/ip ip_forward_directed_broadcasts 0
# Additional values, per CYMRU ...
if [ -f ${trustednet} ] ; then
echo "Trusted Network; CYMRU values skipped ..."
else
/usr/sbin/ndd -set /dev/ip ip_ignore_redirect 1
/usr/sbin/ndd -set /dev/ip ip_send_redirects 0
/usr/sbin/ndd -set /dev/arp arp_cleanup_interval 60000
/usr/sbin/ndd -set /dev/ip ip_forward_src_routed 0
fi
# Tuning value per MacroMedia (along with values in /etc/system)
# specifically for use running both a web server and application server ...
/usr/sbin/ndd -set /dev/tcp tcp_slow_start_initial 2
#
# This time_wait value was incorrectly named pre- Solaris 2.7
thisos=`uname -r`
thisos=`echo "${thisos} * 10" | bc | sed 's/\(.*\)\../\1/'`
baseos=57
#
if [ ${thisos} -lt ${baseos} ] ;then
/usr/sbin/ndd -set /dev/tcp tcp_close_wait_interval 60000
else
/usr/sbin/ndd -set /dev/tcp tcp_time_wait_interval 60000
fi
#
# This is to prevent a bad guy from "guessing" the next TCP sequence number,
# allowing an intruder to intercept a connection. Setting to 2 makes the
# next sequence number "random" instead of predictable increment.
/usr/sbin/ndd -set /dev/tcp tcp_strong_iss 2
#
echo "Finish TCP and IP tuning ..."
How would I do that ^ on a RHEL box?
-C