Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Solaris Tunable Parameters Reference Manual
Previous Next

IP Tunable Parameters

ip_icmp_err_interval and ip_icmp_err_burst

Description

Controls the rate of IP in generating IPv4 or IPv6 ICMP error messages. IP generates only up to ip_icmp_err_burst IPv4 or IPv6 ICMP error messages in any ip_icmp_err_interval.

The ip_icmp_err_interval parameter protects IP from denial of service attacks. Setting this parameter to 0 disables rate limiting. It does not disable the generation of error messages.

Default

100 milliseconds for ip_icmp_err_interval

10 error messages for ip_icmp_err_burst

Range

0 – 99,999 milliseconds for ip_icmp_err_interval

1 – 99,999 error messages for ip_icmp_err_burst

Dynamic?

Yes

When to Change

If you need a higher error message generation rate for diagnostic purposes.

Commitment Level

Unstable

ip_respond_to_echo_broadcast and ip6_respond_to_echo_multicast

Description

Controls whether IPv4 or IPv6 responds to a broadcast ICMPv4 echo request or a multicast ICMPv6 echo request.

Default

1 (enabled)

Range

0 (disabled) or 1 (enabled)

Dynamic?

Yes

When to Change

If you do not want this behavior for security reasons, disable it.

Commitment Level

Unstable

ip_send_redirects and ip6_send_redirects

Description

Controls whether IPv4 or IPv6 sends out ICMPv4 or ICMPv6 redirect messages.

Default

1 (enabled)

Range

0 (disabled) or 1 (enabled)

Dynamic?

Yes

When to Change

If you do not want this behavior for security reasons, disable it.

Commitment Level

Unstable

ip_forward_src_routed and ip6_forward_src_routed

Description

Controls whether IPv4 or IPv6 forwards packets with source IPv4 routing options or IPv6 routing headers.

Default

0 (disabled)

Range

0 (disabled) or 1 (enabled)

Dynamic?

Yes

When to Change

Keep this parameter disabled to prevent denial of service attacks.

Commitment Level

Unstable

Change History

For information, see ip_forward_src_routed and ip6_forward_src_routed (Solaris 10 Release).

ip_addrs_per_if

Description

Defines the maximum number of logical interfaces associated with a real interface.

Default

256

Range

1 to 8192

Dynamic?

Yes

When to Change

Do not change the value. If more logical interfaces are required, you might consider increasing the value. However, recognize that this change might have a negative impact on IP's performance.

Commitment Level

Unstable

ip_strict_dst_multihoming and ip6_strict_dst_multihoming

Description

Determines whether a packet arriving on a non forwarding interface can be accepted for an IP address that is not explicitly configured on that interface. If ip_forwarding is enabled, or xxx:ip_forwarding for the appropriate interfaces is enabled, then this parameter is ignored, because the packet is actually forwarded.

Refer to RFC 1122, 3.3.4.2.

Default

0 (loose multihoming)

Range

0 = Off (loose multihoming)

1 = On (strict multihoming)

Dynamic?

Yes

When to Change

If a machine has interfaces that cross strict networking domains (for example, a firewall or a VPN node), set this parameter to 1.

Commitment Level

Unstable

ip_multidata_outbound

Description

Enables the network stack to send more than one packet at one time to the network device driver during transmission.

Enabling this parameter reduces the per-packet processing costs by improving host CPU utilization, network throughput, or both.

This parameter now controls the use of multidata transmit (MDT) for transmitting IP fragments. For example, when sending out a UDP payload larger than the link MTU. When this tunable is enabled, IP fragments of a particular upper-level protocol, such as UDP, are delivered in batches to the network device driver. Disabling this feature results in both TCP and IP fragmentation logic in the network stack to revert back to sending one packet at a time to the driver.

The MDT feature is only effective for device drivers that support this feature.

See also tcp_mdt_max_pbufs.

Default

1 (Enabled)

Range

0 (disabled) or 1 (enabled)

Dynamic?

Yes

When to Change

If you do not want this parameter enabled for debugging purposes or for any other reasons, disable it.

Commitment Level

Unstable

Change History

For information, see ip_multidata_outbound (Solaris 10 Release).

ip_squeue_fanout

Description

Determines the mode of associating TCP/IP connections with squeues

A value of 0 associates a new TCP/IP connection with the CPU that creates the connection. A value of 1 associates the connection with multiple squeues that belong to different CPUs. The number of squeues that are used to fanout the connection is based upon ip_soft_rings_cnt.

Default

0

Range

0 or 1

Dynamic?

Yes

When to Change

Consider setting this parameter to 1 to spread the load across all CPUs in certain situations. For example, when the number of CPUs exceed the number of NICs, and one CPU is not capable of handling the network load of a single NIC, change this parameter to 1.

Zone Configuration

This parameter can only be set in the global zone.

Commitment Level

Unstable

Change History

For information, see ip_squeue_fanout (Solaris 10 11/06 Release).

ip_soft_rings_cnt

Description

Determines the number of squeues to be used to fanout the incoming TCP/IP connections.

Note - The incoming traffic is placed on one of the rings. If the ring is overloaded, packets are dropped. For every packet that gets dropped, the kstat dls counter, dls_soft_ring_pkt_drop, is incremented.

Default

2

Range

0 - nCPUs, where nCPUs is the maximum number of CPUs in the system

Dynamic?

No. The interface should be plumbed again when changing this parameter.

When to Change

Consider setting this parameter to a value greater than 2 on systems that have 10 Gbps NICs and many CPUs.

Zone Configuration

This parameter can only be set in the global zone.

Commitment Level

Obsolete

Change History

For information, see ip_soft_rings_cnt (Solaris 10 11/06 Release).

IP Tunable Parameters With Additional Cautions

Changing the following parameters is not recommended.

ip_ire_pathmtu_interval
Description

Specifies the interval in milliseconds when IP flushes the path maximum transfer unit (PMTU) discovery information, and tries to rediscover PMTU.

Refer to RFC 1191 on PMTU discovery.

Default

10 minutes

Range

5 seconds to 277 hours

Dynamic?

Yes

When to Change

Do not change this value.

Commitment Level

Unstable

ip_icmp_return_data_bytes and ip6_icmp_return_data_bytes
Description

When IPv4 or IPv6 sends an ICMPv4 or ICMPv6 error message, it includes the IP header of the packet that caused the error message. This parameter controls how many extra bytes of the packet beyond the IPv4 or IPv6 header are included in the ICMPv4 or ICMPv6 error message.

Default

64 bytes

Range

8 to 65,536 bytes

Dynamic?

Yes

When to Change

Do not change the value. Including more information in an ICMP error message might help in diagnosing network problems. If this feature is needed, increase the value.

Commitment Level

Unstable
Previous Next

 
 
  Published under the terms fo the Public Documentation License Version 1.01. Design by Interspire