I'd like to discuss this at the meeting today, here are the optimizations as they stand for our proxy boxes. Its ticket #222:
# Kernel sysctl configuration file for Red Hat Linux # # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and # sysctl.conf(5) for more details.
# Controls IP packet forwarding net.ipv4.ip_forward = 0
# Controls source route verification net.ipv4.conf.default.rp_filter = 1
# Controls the System Request debugging functionality of the kernel kernel.sysrq = 1
# Controls whether core dumps will append the PID to the core filename. # Useful for debugging multi-threaded applications. kernel.core_uses_pid = 1
# Ensure connection tracking isn't limiting our connections net.ipv4.ip_conntrack_max=6553600
# Allow higher than default file descriptors fs.file-max=4947900
# How many pages to free at a time vm.page-cluster = 7
# Try to always keep this amount free vm.min_free_kbytes = 10000
# Allow system to be a swappier than normal when it needs to be for caching server vm.swappiness = 60
# Security, protects against TIME WAIT attacks net.ipv4.tcp_rfc1337 = 1
# Security, protects against SYN floods net.ipv4.tcp_syncookies = 1
# Lower keep alive time on the edge proxies net.ipv4.tcp_keepalive_time = 300
# Limit tcp orphans #net.ipv4.tcp_max_orphans = 1000
# Give the network stack access to more memory for queueing net.core.rmem_default = 262144 net.core.rmem_max = 262144