Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.


  Search this Thread
Old 06-03-2010, 06:26 PM   #1
Senior Member
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,977
Blog Entries: 1

Rep: Reputation: 209Reputation: 209Reputation: 209
TCP tuning on RHEL 5


We are currently migrating from Solaris 10 to RHEL 5...

We have TCP tuning variables on our Sun boxes that we would like to do on our RHEL boxes...

I have a script that runs on boot that does these values for me...
echo "Begin  TCP and IP tuning ..."

  # if netstat -s |grep tcpListenDrop is non-zero, this value is not high enough.
  #  the further from zero it is, the larger the change needed.
  #  I saw a web site with 8192 as the value for _both_ max_q and max_q0 values.
  /usr/sbin/ndd -set /dev/tcp tcp_conn_req_max_q 1024
  /usr/sbin/ndd -set /dev/tcp tcp_conn_req_max_q0 2048

  /usr/sbin/ndd -set /dev/tcp tcp_rexmit_interval_min     1500
  /usr/sbin/ndd -set /dev/tcp tcp_rexmit_interval_initial 3000
  /usr/sbin/ndd -set /dev/tcp tcp_rexmit_interval_max    10000

  if [ `uname -r | cut -d"." -f2` -ge 9 ] ;then
    #Solaris 9 gets some bigger values (as recommended by Helios) ...
    /usr/sbin/ndd -set /dev/tcp tcp_cwnd_max  262144
    /usr/sbin/ndd -set /dev/tcp tcp_xmit_hiwat 131088
    /usr/sbin/ndd -set /dev/tcp tcp_recv_hiwat 131088
    /usr/sbin/ndd -set /dev/tcp tcp_cwnd_max  262144
    /usr/sbin/ndd -set /dev/tcp tcp_xmit_hiwat 65536
    /usr/sbin/ndd -set /dev/tcp tcp_recv_hiwat 65536

  # This value tells how long to keep alive a connection. The default is 2 hours;
  #  this value is 300 seconds, 5 minutes. (prev version of this script was: 900000, i.e. 15 minutes)
  /usr/sbin/ndd -set /dev/tcp tcp_keepalive_interval 300000
  /usr/sbin/ndd -set /dev/tcp tcp_ip_abort_interval   60000

  # Per CERT "SMURF" advisory
  /usr/sbin/ndd -set /dev/ip ip_respond_to_echo_broadcast   0
  /usr/sbin/ndd -set /dev/ip ip_forward_directed_broadcasts 0

  # Additional values, per CYMRU ...
  if [ -f ${trustednet} ] ; then
    echo "Trusted Network; CYMRU values skipped ..."
    /usr/sbin/ndd -set /dev/ip ip_ignore_redirect 1
    /usr/sbin/ndd -set /dev/ip ip_send_redirects 0
    /usr/sbin/ndd -set /dev/arp arp_cleanup_interval 60000
    /usr/sbin/ndd -set /dev/ip ip_forward_src_routed 0

  # Tuning value per MacroMedia (along with values in /etc/system)
  # specifically for use running both a web server and application server ...
  /usr/sbin/ndd -set /dev/tcp tcp_slow_start_initial 2
  # This time_wait value was incorrectly named pre- Solaris 2.7
  thisos=`uname -r`
  thisos=`echo "${thisos} * 10" | bc | sed 's/\(.*\)\../\1/'`
  if [ ${thisos} -lt ${baseos} ] ;then
    /usr/sbin/ndd -set /dev/tcp tcp_close_wait_interval 60000
    /usr/sbin/ndd -set /dev/tcp tcp_time_wait_interval 60000

  # This is to prevent a bad guy from "guessing" the next TCP sequence number,
  #  allowing an intruder to intercept a connection. Setting to 2 makes the 
  #  next sequence number "random" instead of predictable increment.
  /usr/sbin/ndd -set /dev/tcp tcp_strong_iss 2

  echo "Finish TCP and IP tuning ..."
How would I do that ^ on a RHEL box?

Old 06-03-2010, 06:50 PM   #2
LQ Guru
Registered: Mar 2004
Distribution: SusE 8.2
Posts: 5,863
Blog Entries: 1

Rep: Reputation: Disabled
Hi -

You should be able to do much of the same thing by editing "/etc/sysctl.conf". Here are a couple of links:


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
tuning RHEL for "long fat" links dpnctl Linux - Networking 3 06-01-2010 05:30 PM
TCP tuning for a server with very short HTTP connections jampy Linux - Networking 1 12-24-2009 09:15 AM
TCP tuning in Linux for non-blocking socket connection over long-path WAN mmmike123 Linux - Networking 0 04-23-2009 01:32 PM
How to open port 1951/tcp on a RHEL AS 4 machine? tieuphongvan Linux - Networking 4 05-06-2008 02:53 PM
NFS rhel - tcp/udp ebcdic Linux - Software 1 04-09-2007 09:45 AM > Forums > Enterprise Linux Forums > Linux - Enterprise

All times are GMT -5. The time now is 05:44 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration