Chapter 4TCP/IP Tunable Parameters
This section describes the TCP/IP tunable parameters.
Where to Find Tunable Parameter Information
Overview of Tuning TCP/IP Parameters
You can set all of the tuning parameters described in this chapter with
the ndd command, except for the following two parameters
that can only be set in the /etc/system
file:
Use the following syntax to set TCP/IP parameters with the ndd command.
# ndd -set driver parameter
|
For example, the following ndd command disables IP
forwarding.
# ndd -set /dev/ip ip_forwarding 0
|
For more information, see ndd(1M).
To set a TCP/IP parameter across system reboots, include the appropriate ndd command in a system startup script. Use the following guidelines
to create a system startup script to include ndd commands:
Create a script in the /etc/init.d directory
and create links to it in the /etc/rc2.d, /etc/rc1.d, and /etc/rcS.d directories.
The script should run between the existing S69inet and S72inetsvc scripts.
Name the script with the S70 or S71 prefix. Scripts with the same prefix are run in some sequential
way so it doesn't matter if there is more than one script with the same prefix.
For more information on naming run control scripts, see the README file in the /etc/init.d directory.
For more information on creating a startup script, see "Run Control Scripts"
in System Administration Guide: Basic Administration.
TCP/IP Parameter Validation
All of the TCP/IP parameters described in this section are checked to
verify they fall in the parameter range, which is provided in each tunable
section, except for the two parameters that can be set only in the /etc/system file described above. For more information, see the
validation section for tcp_conn_hash_size and ipc_tcp_conn_hash_size.
Internet Request for Comments (RFCs)
Internet protocol and standard specifications are described in RFC documents.
You can get copies of RFCs by using anonymous ftp to the sri-nic.arpa machine. Browse RFC topics by viewing the rfc-index.txt file at this site.
IP Tunable Parameters
This section describes some of the IP tunable parameters.
ip_icmp_err_interval and ip_icmp_err_burst
| Description | Control the rate of
IP in generating IPv4 or IPv6 ICMP error messages. IP generates only up to ip_icmp_err_burst IPv4 or IPv6 ICMP error messages in any ip_icmp_err_interval. This parameter protects IP from denial of
service attacks. Set ip_icmp_err_interval to 0 to disable
IP to generate IPv4 or IPv6 ICMP error messages.
| | Default | 100 milliseconds for ip_icmp_err_interval
10 for ip_icmp_err_burst
| | Range | 0 - 99,999 milliseconds for ip_icmp_err_interval
1 - 99,999 for ip_icmp_err_burst
| | Dynamic? | Yes
| | When to Change | Change the parameter
values if you need a higher error message generation rate for diagnostic purposes.
| | Commitment Level | Unstable
|
ip_forwarding and ip6_forwarding
| Description | Control whether IP does
IPv4 or IPv6 forwarding between interfaces. See also xxx:ip_forwarding below.
| | Default | 0 (disabled)
| | Range | 0 (disabled), 1 (enabled)
| | Dynamic? | Yes
| | When to Change | If IP forwarding
is needed, enable it.
| | Commitment Level | Unstable
|
xxx:ip_forwarding
| Description | Enables IPv4 forwarding
for a particular xxx interface. The exact name
of the parameter is interface-name:ip_forwarding. For example, two interfaces are hme0 and hme1. Their corresponding parameter names are:
hme0:ip_forwarding and hme1:ip_forwarding
| | Default | 0 (disabled)
| | Range | 0 (disabled), 1 (enabled)
| | Dynamic? | Yes
| | When to Change | If you need IPv4
forwarding, use this parameter to enable forwarding on a per-interface basis.
| | Commitment Level | Unstable
|
|
Previous