#!/bin/tcsh -f # /etc/network/tweaks # # Tweaks and optimizations to improve routing performance. None of # these settings should ever be required, but are tweaked here for # performance improvements. DO NOT PUT REQUIRED SETTINGS IN HERE, # put them in /etc/network/interfaces or /etc/network/firewall. # # These are mostly undocumented, but some information can be found # on the web. Simon Kirby, 2002/09/17 #------------------------------------------------------------------------------ # Neighbour/ARP tweaks cd /proc/sys/net/ipv4/neigh # Raise the base reachable time (average ARP refresh time) to compensate for # lowering the check intervals (later). foreach a (*/) echo 42 > "$a"/base_reachable_time # ARP/neigh refresh avg interval [dfl: 30] echo 300 > "$a"/gc_stale_time # Check interval for stale neigh entries [dfl: 60] end # BLURP: I think the documentation for gc_stale_time is incorrect here. # It is not a check interval at all, but just a time used to consider an # entry "dead" if unused. Fine, but it seems entries are "unused" unless # there is a route cache entry (?) referring to it (eg: "ref" in "ip -s # neigh") which gets flushed often because of BGP changes. Whew. So, # make gc_stale_time high for now. # Lower the check interval. This just makes things smoother and helps # make ARP expiry more predictable. echo 5 > default/gc_interval # What appears to really be the check interval [dfl: 30] echo 300 > default/gc_stale_time # "Check interval for stale neigh entries", but actually the gc_staletime [dfl: 60] echo 512 > default/gc_thresh1 # Neighbour table low watermark (no gc) [dfl: 128] echo 4096 > default/gc_thresh2 # Neighbour table medium watermark (gc at gc_interval) [dfl: 512] echo 8192 > default/gc_thresh3 # Neighbour table high watermark (always gc) [dfl: 1024] # Routing tweaks cd ../route # Since kernel 2.4.21 (and 2.4.22-pre1), these tweaks have become unnecessary # due to optimizations resulting from a thread started on linux-net regarding # forwarding efficiency. gc_min_interval now defaults to 0.5 (will show as "0" # via proc), and the internals have been changed to quickly recycle entries # when required (when forwarding random src/dst traffic). # The only change we make now is to decrease gc_elasticity which has been # somewhat overloaded as a "maximum number of entries per hash bucket" garbage # collection trigger. By keeping this low, we recycle entries faster without # slowing lookups during a DoS attack. echo 3 > gc_elasticity # Higher is weaker, 0 will nuke all [dfl: 8] echo 16384 > gc_thresh # Threshold where GC starts [dfl: depends on hash size/RAM: 4096] echo 86400 > secret_interval # rtcache secret rehash time (whatever) [dfl: 600] exit 0