Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Solaris Tunable Parameters Reference Manual
Previous Next

TCP Tunable Parameters

tcp_deferred_ack_interval

Description

Specifies the time-out value for the TCP-delayed acknowledgment (ACK) timer for hosts that are not directly connected.

Refer to RFC 1122, 4.2.3.2.

Default

100 milliseconds

Range

1 millisecond to 1 minute

Dynamic?

Yes

When to Change

Do not increase this value to more than 500 milliseconds.

Increase the value under the following circumstances:

  • Slow network links (less than 57.6 Kbps) with greater than 512 bytes maximum segment size (MSS)

  • The interval for receiving more than one TCP segment is short

Commitment Level

Unstable

tcp_local_dack_interval

Description

Specifies the time-out value for TCP-delayed acknowledgment (ACK) timer for hosts that are directly connected.

Refer to RFC 1122, 4.2.3.2.

Default

50 milliseconds

Range

1 millisecond to 1 minute

Dynamic?

Yes

When to Change

Do not increase this value to more than 500 milliseconds.

Increase the value under the following circumstances:

  • Slow network links (less than 57.6 Kbps) with greater than 512 bytes maximum segment size (MSS)

  • The interval for receiving more than one TCP segment is short

Commitment Level

Unstable

tcp_deferred_acks_max

Description

Specifies the maximum number of TCP segments received from remote destinations (not directly connected) before an acknowledgment (ACK) is generated. TCP segments are measured in units of maximum segment size (MSS) for individual connections. If set to 0 or 1, no ACKs are delayed, assuming all segments are 1 MSS long. The actual number is dynamically calculated for each connection. The value is the default maximum.

Default

2

Range

0 to 16

Dynamic?

Yes

When to Change

Do not change the value. In some circumstances, when the network traffic becomes very bursty because of the delayed ACK effect, decrease the value. Do not decrease this value below 2.

Commitment Level

Unstable

tcp_local_dacks_max

Description

Specifies the maximum number of TCP segments received from directly connected destinations before an acknowledgment (ACK) is generated. TCP segments are measured in units of maximum segment size (MSS) for individual connections. If set to 0 or 1, it means no ACKs are delayed, assuming all segments are 1 MSS long. The actual number is dynamically calculated for each connection. The value is the default maximum.

Default

8

Range

0 to 16

Dynamic?

Yes

When to Change

Do not change the value. In some circumstances, when the network traffic becomes very bursty because of the delayed ACK effect, decrease the value. Do not decrease this value below 2.

Commitment Level

Unstable

tcp_wscale_always

Description

When this parameter is enabled, which is the default setting, TCP always sends a SYN segment with the window scale option, even if the window scale option value is 0. Note that if TCP receives a SYN segment with the window scale option, even if the parameter is disabled, TCP responds with a SYN segment with the window scale option. In addition, the option value is set according to the receive window size.

Refer to RFC 1323 for the window scale option.

Default

1 (enabled)

Range

0 (disabled) or 1 (enabled)

Dynamic?

Yes

When to Change

If there is an interoperability problem with an old TCP stack that does not support the window scale option, disable this parameter.

Commitment Level

Unstable

Change History

For information, see tcp_wscale_always (Solaris 9 Releases).

tcp_tstamp_always

Description

If set to 1, TCP always sends a SYN segment with the timestamp option. Note that if TCP receives a SYN segment with the timestamp option, TCP responds with a SYN segment with the timestamp option even if the parameter is set to 0.

Default

0 (disabled)

Range

0 (disabled) or 1 (enabled)

Dynamic?

Yes

When to Change

If getting an accurate measurement of round-trip time (RTT) and TCP sequence number wraparound is a problem, enable this parameter.

Refer to RFC 1323 for more reasons to enable this option.

Commitment Level

Unstable

tcp_xmit_hiwat

Description

Defines the default send window size in bytes. Refer to Per-Route Metrics for a discussion of setting a different value on a per-route basis. See also tcp_max_buf.

Default

49,152

Range

4096 to 1,073,741,824

Dynamic?

Yes

When to Change

An application can use setsockopt(3XNET) SO_SNDBUF to change the individual connection's send buffer.

Commitment Level

Unstable

tcp_recv_hiwat

Description

Defines the default receive window size in bytes. Refer to Per-Route Metrics for a discussion of setting a different value on a per-route basis. See also tcp_max_buf and tcp_recv_hiwat_minmss.

Default

49,152

Range

2048 to 1,073,741,824

Dynamic?

Yes

When to Change

An application can use setsockopt(3XNET) SO_RCVBUF to change the individual connection's receive buffer.

Commitment Level

Unstable

tcp_max_buf

Description

Defines the maximum buffer size in bytes. This parameter controls how large the send and receive buffers are set to by an application that uses setsockopt(3XNET).

Default

1,048,576

Range

8192 to 1,073,741,824

Dynamic?

Yes

When to Change

If TCP connections are being made in a high-speed network environment, increase the value to match the network link speed.

Commitment Level

Unstable

tcp_cwnd_max

Description

Defines the maximum value of the TCP congestion window (cwnd) in bytes.

For more information on the TCP congestion window, refer to RFC 1122 and RFC 2581.

Default

1,048,576

Range

128 to 1,073,741,824

Dynamic?

Yes

When to Change

Even if an application uses setsockopt(3XNET) to change the window size to a value higher than tcp_cwnd_max, the actual window used can never grow beyond tcp_cwnd_max. Thus, tcp_max_buf should be greater than tcp_cwnd_max.

Commitment Level

Unstable

tcp_slow_start_initial

Description

Defines the maximum initial congestion window (cwnd) size in the maximum segment size (MSS) of a TCP connection.

Refer to RFC 2414 on how the initial congestion window size is calculated.

Default

4

Range

1 to 4

Dynamic?

Yes

When to Change

Do not change the value.

If the initial cwnd size causes network congestion under special circumstances, decrease the value.

Commitment Level

Unstable

tcp_slow_start_after_idle

Description

The congestion window size in the maximum segment size (MSS) of a TCP connection after it has been idled (no segment received) for a period of one retransmission timeout (RTO).

Refer to RFC 2414 on how the initial congestion window size is calculated.

Default

4

Range

1 to 16,384

Dynamic?

Yes

When to Change

For more information, see tcp_slow_start_initial.

Commitment Level

Unstable

tcp_sack_permitted

Description

If set to 2, TCP always sends a SYN segment with the selective acknowledgment (SACK) permitted option. If TCP receives a SYN segment with a SACK-permitted option and this parameter is set to 1, TCP responds with a SACK-permitted option. If the parameter is set to 0, TCP does not send a SACK-permitted option, regardless of whether the incoming segment contains the SACK permitted option.

Refer to RFC 2018 for information on the SACK option.

Default

2 (active enabled)

Range

0 (disabled), 1 (passive enabled), or 2 (active enabled)

Dynamic?

Yes

When to Change

SACK processing can improve TCP retransmission performance so it should be actively enabled. Sometimes, the other side can be confused with the SACK option actively enabled. If this confusion occurs, set the value to 1 so that SACK processing is enabled only when incoming connections allow SACK processing.

Commitment Level

Unstable

tcp_rev_src_routes

Description

If set to 0, TCP does not reverse the IP source routing option for incoming connections for security reasons. If set to 1, TCP does the normal reverse source routing.

Default

0 (disabled)

Range

0 (disabled) or 1 (enabled)

Dynamic?

Yes

When to Change

If IP source routing is needed for diagnostic purposes, enable it.

Commitment Level

Unstable

tcp_time_wait_interval

Description

Specifies the time in milliseconds that a TCP connection stays in TIME-WAIT state.

For more information, refer to RFC 1122, 4.2.2.13.

Default

60,000 (60 seconds)

Range

1 second to 10 minutes

Dynamic?

Yes

When to Change

Do not set the value lower than 60 seconds.

For information on changing this parameter, refer to RFC 1122, 4.2.2.13.

Commitment Level

Unstable

tcp_ecn_permitted

Description

Controls Explicit Congestion Notification (ECN) support.

If this parameter is set to 0, TCP does not negotiate with a peer that supports the ECN mechanism.

If this parameter is set to 1 when initiating a connection, TCP does not tell a peer that it supports ECN mechanism.

However, TCP tells a peer that it supports ECN mechanism when accepting a new incoming connection request if the peer indicates that it supports ECN mechanism in the SYN segment.

If this parameter is set to 2, in addition to negotiating with a peer on the ECN mechanism when accepting connections, TCP indicates in the outgoing SYN segment that it supports the ECN mechanism when TCP makes active outgoing connections.

Refer to RFC 3168 for information on ECN.

Default

1 (passive enabled)

Range

0 (disabled), 1 (passive enabled), or 2 (active enabled)

Dynamic?

Yes

When to Change

ECN can help TCP better handle congestion control. However, there are existing TCP implementations, firewalls, NATs, and other network devices that are confused by this mechanism. These devices do not comply to the IETF standard.

Because of these devices, the default value of this parameter is set to 1. In rare cases, passive enabling can still cause problems. Set the parameter to 0 only if absolutely necessary.

Commitment Level

Unstable

tcp_conn_req_max_q

Description

Specifies the default maximum number of pending TCP connections for a TCP listener waiting to be accepted by accept(3SOCKET). See also tcp_conn_req_max_q0.

Default

128

Range

1 to 4,294,967,296

Dynamic?

Yes

When to Change

For applications such as web servers that might receive several connection requests, the default value might be increased to match the incoming rate.

Do not increase the parameter to a very large value. The pending TCP connections can consume excessive memory. Also, if an application cannot handle that many connection requests fast enough because the number of pending TCP connections is too large, new incoming requests might be denied.

Note that increasing tcp_conn_req_max_q does not mean that applications can have that many pending TCP connections. Applications can use listen(3SOCKET) to change the maximum number of pending TCP connections for each socket. This parameter is the maximum an application can use listen() to set the number to. Thus, even if this parameter is set to a very large value, the actual maximum number for a socket might be much less than tcp_conn_req_max_q, depending on the value used in listen().

Commitment Level

Unstable

Change History

For information, see xxx:ip_forwarding (Solaris 9 Releases).

tcp_conn_req_max_q0

Description

Specifies the default maximum number of incomplete (three-way handshake not yet finished) pending TCP connections for a TCP listener.

For more information on TCP three-way handshake, refer to RFC 793. See also tcp_conn_req_max_q.

Default

1024

Range

0 to 4,294,967,296

Dynamic?

Yes

When to Change

For applications such as web servers that might receive excessive connection requests, you can increase the default value to match the incoming rate.

The following explains the relationship between tcp_conn_req_max_q0 and the maximum number of pending connections for each socket.

When a connection request is received, TCP first checks if the number of pending TCP connections (three-way handshake is done) waiting to be accepted exceeds the maximum (N) for the listener. If the connections are excessive, the request is denied. If the number of connections is allowable, then TCP checks if the number of incomplete pending TCP connections exceeds the sum of N and tcp_conn_req_max_q0. If it does not, the request is accepted. Otherwise, the oldest incomplete pending TCP request is dropped.

Commitment Level

Unstable

Change History

For information, see xxx:ip_forwarding (Solaris 9 Releases).

tcp_conn_req_min

Description

Specifies the default minimum value for the maximum number of pending TCP connection requests for a listener waiting to be accepted. This is the lowest maximum value of listen(3SOCKET) that an application can use.

Default

1

Range

1 to 1024

Dynamic?

Yes

When to Change

This parameter can be a solution for applications that use listen(3SOCKET) to set the maximum number of pending TCP connections to a value too low. Increase the value to match the incoming connection request rate.

Commitment Level

Unstable

tcp_rst_sent_rate_enabled

Description

If this parameter is set to 1, the maximum rate of sending a RST segment is controlled by the ndd parameter, tcp_rst_sent_rate. If this parameter is set to 0, no rate control when sending a RST segment is available.

Default

1 (enabled)

Range

0 (disabled) or 1 (enabled)

Dynamic?

Yes

When to Change

This tunable helps defend against denial of service attacks on TCP by limiting the rate by which a RST segment is sent out. The only time this rate control should be disabled is when strict conformance to RFC 793 is required.

Commitment Level

Unstable

tcp_rst_sent_rate

Description

Sets the maximum number of RST segments that TCP can send out per second.

Default

40

Range

0 to 4,294,967,296

Dynamic?

Yes

When to Change

In a TCP environment, there might be a legitimate reason to generate more RSTs than the default value allows. In this case, increase the default value of this parameter.

Commitment Level

Unstable

tcp_mdt_max_pbufs

Description

Specifies the number of payload buffers that can be carried by a single M_MULTIDATA message that is generated by TCP. See also ip_multidata_outbound.

Default

16

Range

1 to 16

Dynamic?

Yes

When to Change

Decreasing this parameter might aid in debugging device driver development by limiting the amount of payload buffers per M_MULTIDATA message that is generated by TCP.

Commitment Level

Unstable

tcp_keepalive_interval

Description

This ndd parameter sets a probe interval that is first sent out after a TCP connection is idle on a system-wide basis.

Solaris supports the TCP keep-alive mechanism as described in RFC 1122. This mechanism is enabled by setting the SO_KEEPALIVE socket option on a TCP socket.

If SO_KEEPALIVE is enabled for a socket, the first keep-alive probe is sent out after a TCP connection is idle for two hours, the default value of the tcp_keepalive_interval parameter. If the peer does not respond to the probe after eight minutes, the TCP connection is aborted. For more information, refer to tcp_keepalive_abort_interval.

You can also use the TCP_KEEPALIVE_THRESHOLD socket option on individual applications to override the default interval so that each application can have its own interval on each socket. The option value is an unsigned integer in milliseconds. See also tcp(7P).

Default

2 hours

Range

10 seconds to 10 days

Units

Unsigned integer (milliseconds)

Dynamic?

Yes

When to Change

Do not change the value. If under special circumstances, the first keepalive probe needs to be sent earlier than two hours, use the TCP_KEEPALIVE_THRESHOLD socket option to reduce the interval on an individual application.

Commitment Level

Unstable

tcp_keepalive_abort_interval

Description

This ndd parameter sets a default time threshold to abort a TCP connection after the keepalive probing mechanism has failed.

This abort time threshold can also be changed on a per socket basis by using the TCP_KEEPALIVE_ABORT_THRESHOLD option on a TCP socket. The option value is an unsigned integer in milliseconds.

If an application has the SO_KEEPALIVE socket option enabled, it can then use the TCP_KEEPALIVE_THRESHOLD socket option to change the initial probe interval and TCP_KEEPALIVE_ABORT_THRESHOLD socket option to change the abort interval.

A value of zero means that TCP should never time out and abort the connection when probing.

See also tcp_keepalive_interval.

Default

8 minutes

Range

0 to 8 minutes

Units

Unsigned integer (milliseconds)

Dynamic?

Yes

When to Change

Do not change the value. If under special circumstances, a TCP connection needs to be aborted earlier than the default eight minutes of the keepalive probing, use the TCP_KEEPALIVE_ABORT_THRESHOLD socket option to reduce the abort interval on an individual application.

Commitment Level

Unstable

TCP/IP Parameters Set in the /etc/system File

The following parameters can be set only in the /etc/system file. After the file is modified, reboot the system.

For example, the following entry sets the ipcl_conn_hash_size parameter:

set ip:ipcl_conn_hash_sizes=value
ipcl_conn_hash_size
Description

Controls the size of the connection hash table used by IP. The default value of 0 means that the system automatically sizes an appropriate value for this parameter at boot time, depending on the available memory.

Data Type

Unsigned integer

Default

0

Range

0 to 82,500

Dynamic?

No. The parameter can only be changed at boot time.

When to Change

If the system consistently has tens of thousands of TCP connections, the value can be increased accordingly. Increasing the hash table size means that more memory is wired down, thereby reducing available memory to user applications.

Commitment Level

Unstable

ip_squeue_worker_wait
Description

Governs the maximum delay in waking up a worker thread to process TCP/IP packets that are enqueued on an squeue. An squeue is a serialization queue that is used by the TCP/IP kernel code to process TCP/IP packets.

Default

10 milliseconds

Range

0 – 50 milliseconds

Dynamic?

Yes

When to Change

Consider tuning this parameter if latency is an issue, and network traffic is light. For example, if the machine serves mostly interactive network traffic.

The default value usually works best on a network file server, a web server, or any server that has substantial network traffic.

Zone Configuration

This parameter can only be set in the global zone.

Commitment Level

Unstable

Change History

For information, see ip_squeue_worker_wait (Solaris 10 11/06 Release).

TCP Parameters With Additional Cautions

Changing the following parameters is not recommended.

tcp_ip_abort_interval
Description

Specifies the default total retransmission timeout value for a TCP connection. For a given TCP connection, if TCP has been retransmitting for tcp_ip_abort_interval period of time and it has not received any acknowledgment from the other endpoint during this period, TCP closes this connection.

For TCP retransmission timeout (RTO) calculation, refer to RFC 1122, 4.2.3. See also tcp_rexmit_interval_max.

Default

8 minutes

Range

500 milliseconds to 1193 hours

Dynamic?

Yes

When to Change

Do not change this value. See tcp_rexmit_interval_max for exceptions.

Commitment Level

Unstable

tcp_rexmit_interval_initial
Description

Specifies the default initial retransmission timeout (RTO) value for a TCP connection. Refer to Per-Route Metrics for a discussion of setting a different value on a per-route basis.

Default

3 seconds

Range

1 millisecond to 20 seconds

Dynamic?

Yes

When to Change

Do not change this value. Lowering the value can result in unnecessary retransmissions.

Commitment Level

Unstable

tcp_rexmit_interval_max
Description

Defines the default maximum retransmission timeout value (RTO). The calculated RTO for all TCP connections cannot exceed this value. See also tcp_ip_abort_interval.

Default

60 seconds

Range

1 millisecond to 2 hours

Dynamic?

Yes

When to Change

Do not change the value in a normal network environment.

If, in some special circumstances, the round-trip time (RTT) for a connection is about 10 seconds, you can increase this value. If you change this value, you should also change the tcp_ip_abort_interval parameter. Change the value of tcp_ip_abort_interval to at least four times the value of tcp_rexmit_interval_max.

Commitment Level

Unstable

tcp_rexmit_interval_min
Description

Specifies the default minimum retransmission time out (RTO) value. The calculated RTO for all TCP connections cannot be lower than this value. See also tcp_rexmit_interval_max.

Default

400 milliseconds

Range

1 millisecond to 20 seconds

Dynamic?

Yes

When to Change

Do not change the value in a normal network environment.

TCP's RTO calculation should cope with most RTT fluctuations. If, in some very special circumstances, the round-trip time (RTT) for a connection is about 10 seconds, increase this value. If you change this value, you should change the tcp_rexmit_interval_max parameter. Change the value of tcp_rexmit_interval_max to at least eight times the value of tcp_rexmit_interval_min.

Commitment Level

Unstable

tcp_rexmit_interval_extra
Description

Specifies a constant added to the calculated retransmission time out value (RTO).

Default

0 milliseconds

Range

0 to 2 hours

Dynamic?

Yes

When to Change

Do not change the value.

When the RTO calculation fails to obtain a good value for a connection, you can change this value to avoid unnecessary retransmissions.

Commitment Level

Unstable

tcp_tstamp_if_wscale
Description

If this parameter is set to 1, and the window scale option is enabled for a connection, TCP also enables the timestamp option for that connection.

Default

1 (enabled)

Range

0 (disabled) or 1 (enabled)

Dynamic?

Yes

When to Change

Do not change this value. In general, when TCP is used in high-speed network, protection against sequence number wraparound is essential. Thus, you need the timestamp option.

Commitment Level

Unstable

tcp_recv_hiwat_minmss
Description

Controls the default minimum receive window size. The minimum is tcp_recv_hiwat_minmss times the size of maximum segment size (MSS) of a connection.

Default

4

Range

1 to 65,536

Dynamic?

Yes

When to Change

Do not change the value. If changing it is necessary, do not change the value lower than 4.

Commitment Level

Unstable
Previous Next

 
 
  Published under the terms fo the Public Documentation License Version 1.01. Design by Interspire