Document Information
Preface
1. Overview of Solaris System Tuning
2. Solaris Kernel Tunable Parameters
3. NFS Tunable Parameters
4. Internet Protocol Suite Tunable Parameters
Where to Find Tunable Parameter Information
Overview of Tuning IP Suite Parameters
TCP Tunable Parameters
UDP Tunable Parameters
IPQoS Tunable Parameter
SCTP Tunable Parameters
Per-Route Metrics
5. Network Cache and Accelerator Tunable Parameters
6. System Facility Parameters
A. Tunable Parameters Change History
B. Revision History for This Manual
Index
|
IP Tunable Parameters
ip_icmp_err_interval and ip_icmp_err_burst
- Description
Controls the rate of IP in generating IPv4 or IPv6 ICMP error messages. IP generates only up to ip_icmp_err_burst IPv4 or IPv6 ICMP error messages in any ip_icmp_err_interval. The ip_icmp_err_interval parameter protects IP from denial of service attacks. Setting this parameter to 0 disables rate limiting. It does not disable the generation of error messages. - Default
100 milliseconds for ip_icmp_err_interval 10 error messages for ip_icmp_err_burst - Range
0 – 99,999 milliseconds for ip_icmp_err_interval 1 – 99,999 error messages for ip_icmp_err_burst - Dynamic?
Yes - When to Change
If you need a higher error message generation rate for diagnostic purposes. - Commitment Level
Unstable
ip_respond_to_echo_broadcast and ip6_respond_to_echo_multicast
- Description
Controls whether IPv4 or IPv6 responds to a broadcast ICMPv4 echo request or a multicast ICMPv6 echo request. - Default
1 (enabled) - Range
0 (disabled) or 1 (enabled) - Dynamic?
Yes - When to Change
If you do not want this behavior for security reasons, disable it. - Commitment Level
Unstable
ip_send_redirects and ip6_send_redirects
- Description
Controls whether IPv4 or IPv6 sends out ICMPv4 or ICMPv6 redirect messages. - Default
1 (enabled) - Range
0 (disabled) or 1 (enabled) - Dynamic?
Yes - When to Change
If you do not want this behavior for security reasons, disable it. - Commitment Level
Unstable
ip_forward_src_routed and ip6_forward_src_routed
- Description
Controls whether IPv4 or IPv6 forwards packets with source IPv4 routing options or IPv6 routing headers. - Default
0 (disabled) - Range
0 (disabled) or 1 (enabled) - Dynamic?
Yes - When to Change
Keep this parameter disabled to prevent denial of service attacks. - Commitment Level
Unstable - Change History
For information, see ip_forward_src_routed and ip6_forward_src_routed (Solaris 10 Release).
ip_addrs_per_if
- Description
Defines the maximum number of logical interfaces associated with a real interface. - Default
256 - Range
1 to 8192 - Dynamic?
Yes - When to Change
Do not change the value. If more logical interfaces are required, you might consider increasing the value. However, recognize that this change might have a negative impact on IP's performance. - Commitment Level
Unstable
ip_strict_dst_multihoming and ip6_strict_dst_multihoming
- Description
Determines whether a packet arriving on a non forwarding interface can be accepted for an IP address that is not explicitly configured on that interface. If ip_forwarding is enabled, or xxx:ip_forwarding for the appropriate interfaces is enabled, then this parameter is ignored, because the packet is actually forwarded. Refer to RFC 1122, 3.3.4.2. - Default
0 (loose multihoming) - Range
0 = Off (loose multihoming) 1 = On (strict multihoming) - Dynamic?
Yes - When to Change
If a machine has interfaces that cross strict networking domains (for example, a firewall or a VPN node), set this parameter to 1. - Commitment Level
Unstable
ip_multidata_outbound
- Description
Enables the network stack to send more than one packet at one time to the network device driver during transmission. Enabling this parameter reduces the per-packet processing costs by improving host CPU utilization, network throughput, or both. This parameter now controls the use of multidata transmit (MDT) for transmitting IP fragments. For example, when sending out a UDP payload larger than the link MTU. When this tunable is enabled, IP fragments of a particular upper-level protocol, such as UDP, are delivered in batches to the network device driver. Disabling this feature results in both TCP and IP fragmentation logic in the network stack to revert back to sending one packet at a time to the driver. The MDT feature is only effective for device drivers that support this feature. See also tcp_mdt_max_pbufs. - Default
1 (Enabled) - Range
0 (disabled) or 1 (enabled) - Dynamic?
Yes - When to Change
If you do not want this parameter enabled for debugging purposes or for any other reasons, disable it. - Commitment Level
Unstable - Change History
For information, see ip_multidata_outbound (Solaris 10 Release).
ip_squeue_fanout
- Description
Determines the mode of associating TCP/IP connections with squeues A value of 0 associates a new TCP/IP connection with the CPU that creates the connection. A value of 1 associates the connection with multiple squeues that belong to different CPUs. The number of squeues that are used to fanout the connection is based upon ip_soft_rings_cnt. - Default
0 - Range
0 or 1 - Dynamic?
Yes - When to Change
Consider setting this parameter to 1 to spread the load across all CPUs in certain situations. For example, when the number of CPUs exceed the number of NICs, and one CPU is not capable of handling the network load of a single NIC, change this parameter to 1. - Zone Configuration
This parameter can only be set in the global zone. - Commitment Level
Unstable - Change History
For information, see ip_squeue_fanout (Solaris 10 11/06 Release).
ip_soft_rings_cnt
- Description
Determines the number of squeues to be used to fanout the incoming TCP/IP connections.
Note - The incoming traffic is placed on one of the rings. If the ring is overloaded, packets are dropped. For every packet that gets dropped, the kstat dls counter, dls_soft_ring_pkt_drop, is incremented.
- Default
2 - Range
0 - nCPUs, where nCPUs is the maximum number of CPUs in the system - Dynamic?
No. The interface should be plumbed again when changing this parameter. - When to Change
Consider setting this parameter to a value greater than 2 on systems that have 10 Gbps NICs and many CPUs. - Zone Configuration
This parameter can only be set in the global zone. - Commitment Level
Obsolete - Change History
For information, see ip_soft_rings_cnt (Solaris 10 11/06 Release).
IP Tunable Parameters With Additional Cautions
Changing the following parameters is not recommended.
ip_ire_pathmtu_interval
- Description
Specifies the interval in milliseconds when IP flushes the path maximum transfer unit (PMTU) discovery information, and tries to rediscover PMTU. Refer to RFC 1191 on PMTU discovery. - Default
10 minutes - Range
5 seconds to 277 hours - Dynamic?
Yes - When to Change
Do not change this value. - Commitment Level
Unstable
ip_icmp_return_data_bytes and ip6_icmp_return_data_bytes
- Description
When IPv4 or IPv6 sends an ICMPv4 or ICMPv6 error message, it includes the IP header of the packet that caused the error message. This parameter controls how many extra bytes of the packet beyond the IPv4 or IPv6 header are included in the ICMPv4 or ICMPv6 error message. - Default
64 bytes - Range
8 to 65,536 bytes - Dynamic?
Yes - When to Change
Do not change the value. Including more information in an ICMP error message might help in diagnosing network problems. If this feature is needed, increase the value. - Commitment Level
Unstable
|