| arpqsize |
- Purpose:
- Specifies the maximum number of packets to queue while waiting
for Address Resolution Protocol (ARP) responses.
- Tuning:
- This attribute is supported by Ethernet, 802.3, Token Ring and
FDDI interfaces.
|
| arpt_killc |
- Purpose:
- Specifies the time in minutes before a complete ARP entry will
be deleted.
- Tuning:
- To reduce ARP activity in a stable network, you can increase arpt_killc.
|
| arptab_bsiz |
- Purpose:
- Specifies Address Resolution Protocol (ARP) table bucket size.
- Tuning:
- netstat -p arp will show the number of ARP packets sent
and the number of ARP entries purged from the ARP table. If large
number of entries are being purged, the ARP table size should be increased.
Use arp -a to show the ARP table hashing distribution.
|
| arptab_nb |
- Purpose:
- Specifies the number of ARP table buckets.
- Tuning:
- netstat -p arp will show the number of ARP packets sent
and the number of ARP entries purged from the ARP table. If large
number of entries are being purged, the ARP table size should be increased.
Use arp -a to show the ARP table hashing distribution. Increase this
value for systems that have a large number of clients or servers.
The default provides for 149 x 7 = 1043 ARP entries, but assumes an
even hash distribution.
|
| bcastping |
- Purpose:
- Allows response to ICMP echo packets to the broadcast address.
- Tuning:
- A value of 0 disables it; while a value on 1 enables
it. The default is to not respond to echo packets to a broadcast address.
This prevents so called 'broadcast storms' on the network that can
result when multiple machines respond to a broadcast address.
|
| clean_partial_conns |
- Purpose:
- Specifies whether or not we are avoiding SYN attacks. If non-zero, clean_partial_conns specifies
how many partial connections to be removed randomly to make room for
new non-attack connections.
- Tuning:
- A value of 0 disables this option. This option should be
turned on for servers that need to protect against network attacks.
|
| delayack |
- Purpose:
- Delays ACKs for certain TCP packets and attempts to piggyback
them with the next packet sent instead.
- Tuning:
- This action will only be performed for connections whose destination
port is specified in the list of the delayackports attribute.
This can be used to increase the performance when communicating with
an HTTP server by reducing the total number of packets sent. The parameter
can have one of following four values:
- 0
- No delays, normal operation
- 1
- Delays the ACK for the server's SYN
- 2
- Delays the ACK for the server's FIN
- 3
- Delay both the ACKs for the SYN and FIN
|
| delayackports |
- Purpose:
- Specifies the list of destination ports for which the operation
defined by the delayack port option will be performed.
- Tuning:
- The attribute takes a maximum of ten ports, separated by commas
and enclosed in curly braces. For example:
no -o delayackports={80,30080}.
To
clear the list, set the option to {}.
|
| dgd_packets_lost |
- Purpose:
- Specifies how many consecutive packets must be lost before Dead
Gateway Detection decides that a gateway is down.
|
| dgd_ping_time |
- Purpose:
- Specifies how many seconds should pass between pings of a gateway
by Active Dead Gateway Detection.
|
| dgd_retry_time |
- Purpose:
- Specifies how many minutes a route's cost should remain raised
when it has been raised by Passive Dead Gateway Detection. After this
many minutes pass, the route's cost is restored to its user-configured
value. The unit is numeric.
|
| directed_broadcast |
- Purpose:
- Specifies whether or not to allow a directed broadcast to a gateway.
- Tuning:
- The value of 1 allows packets to be directed to a gateway to be
broadcasted on a network on the other side of the gateway.
|
| fasttimo |
- Purpose:
- Allows you to set the millisecond delay for the TCP fast timeout
timer. This timeout controls how often the system scans the TCP control
blocks to send delayed acknowledgments.
- Tuning:
- Reducing this timer value may improve performance with some non-IBM
systems. However, this may also result in slightly increased system
utilization.
|
| hstcp |
- Purpose:
- Enables the HighSpeed TCP as specified in RFC 3649. This modifies
the congestion control mechanism for use with TCP connections with
large congestion windows to improve the average throughput.
- Tuning:
- A value of 1 enables the HighSpeed TCP enhancements on a system-wide
scale. A value of 0 disables it.
|
| icmp6_errmsg_rate |
- Purpose:
- Specifies the upper limit for the number of ICMP v6 error messages
that can be sent per second. This prevents excessive bandwidth being
used by ICMP v6 error messages.
|
| icmpaddressmask |
- Purpose:
- Specifies whether the system responds to an ICMP address mask
request.
- Tuning:
- If the value 0 is set, the network silently ignores any ICMP address
mask request that it receives.
|
| ie5_old_multicast_mapping |
- Purpose:
- Specifies IP multicasts on token ring should be mapped to the
broadcast address rather than a functional address when value 1 is
used.
|
| ifsize |
- Purpose:
- Specifies the maximum number of network interface structures per
interface of a single type. This limit does not apply to ethernet
interface structures for which the infrastructure expands dynamically
to handle any number of ethernet interface structures.
- Tuning:
- The ifsize parameter needs to be large on machines that
supports hotplug adapters and on DLPAR configurations because adapters
can be added on the fly and the static interface tables must be large
enough to accept the worst case number of adapters that may be added
for this system or partition. If the system detects at boot time that
more adapters of a type are present that would be allowed by the current
value of ifsize, it will automatically increase the value to
support the number of adapters present.
|
| ip6_defttl |
- Purpose:
- Specifies the default hop count that is used for IP version 6
packets if no other hop count is specified.
|
| ip6_prune |
- Purpose:
- Specifies how often to check the IP version 6 routing table for
expired routes, in seconds.
|
| ip6forwarding |
- Purpose:
- Specifies whether the kernel should forward IP version 6 packets.
- Tuning:
- The default value of 0 prevents forwarding of ipv6 packets when
they are not for the local systems. A value of 1 enables forwarding.
|
| ip6srcrouteforward |
- Purpose:
- Specifies whether the system forwards source-routed IP version
6 packets.
- Tuning:
- A value of 1 allows the forwarding of source-routed packets. A
value of 0 causes all source-routed packets that are not at their
destinations to be discarded.
|
| ip_ifdelete_notify |
- Purpose:
- Specifies that when an interface address is deleted, all the existing
TCP connections that were bound locally to the interface address deleted
must be notified with error ENETDOWN.
- Tuning:
- Existing FTP/Telnet connections are disconnected when the ENETDOWN
error is returned.
|
| ip_nfrag |
- Purpose:
- Specifies the maximum number of fragments of a IP packet that
can be kept on IP reassembly queue at a time.
|
| ipforwarding |
- Purpose:
- Specifies whether the kernel should forward packets.
- Tuning:
- Set this parameter to 1, if the system is acting as an IP router.
|
| ipfragttl |
- Purpose:
- Specifies the time to live for IP fragments in half-seconds.
- Tuning:
- Check for fragments dropped after timeout (netstat -p ip). If
value of IP: fragments dropped after timeout is nonzero, increasing ipfragttl may
reduce retransmissions.
|
| ipignoreredirects |
- Purpose:
- Specifies whether or not to process redirects that are received.
- Tuning:
- A value of 0 processes redirects as usual. A value of 1 ignores
redirects.
|
| ipqmaxlen |
- Purpose:
- Specifies the number of received packets that can be queued on
the IP protocol input queue.
- Tuning:
- Examine if ipintrq overflows (netstat -s) or use crash to access
IP input queue overflow counter. Increase size if system is using
a lot of loopback sessions. Most operating system network drivers
call IP directly and do not use the IP queue. On these devices increasing ipqmaxlen has
no effect.
|
| ipsendredirects |
- Purpose:
- Specifies whether the kernel should send redirect signals.
- Tuning:
- This is a configuration decision with performance consequences.
|
| ipsrcrouteforward |
- Purpose:
- Specifies whether the system forwards source routed packets.
- Tuning:
- The default value of 1 allows the forwarding of source-routed
packets. A value of 0 causes all source-routed packets that are not
at their destinations to be discarded.
|
| ipsrcrouterecv |
- Purpose:
- Specifies whether the system accepts source routed packets.
- Tuning:
- The default value of 0 causes all source-routed packets destined
for this system to be discarded. A value of 1 allows source-routed
packets to be received.
|
| ipsrcroutesend |
- Purpose:
- Specifies whether applications can send source routed packets.
- Tuning:
- The default value of 1 allows source-routed packets to be sent.
A value of 0 causes setsockopt() to return an error if an application
attempts to set the source routing option, and removes any source
routing options from outgoing packets.
|
| limited_ss |
- Purpose:
- Enables the Limited SlowStart as specified in RFC 3742. This limits
the number of segments by which the congestion window is increased
for one window during slow-start. This enhancement improves the performance
for TCP connections with large congestion windows.
- Tuning:
- A value from 1 to 100 enables the Limited SlowStart enhancements
on a system-wide scale and sets it as the number of segments to the
value of the maximum SlowStart threshold. A value of 0 disables it.
The default value is 0.
|
| llsleep_timeout |
- Purpose:
- Specifies timeout value in seconds for link local timeouts (used
when multi_homed=1).
|
| lo_perf |
- Purpose:
- Specifies whether the loopback traffic enabled or disabled.
|
| lowthresh |
- Purpose:
- Specifies the maximum number of bytes that can be allocated using
the allocb call for the BPRI_LO priority.
- Tuning:
- When the total amount of memory allocated by the net_malloc call
reaches this threshold, then the allocb request for the BPRI_LO priority
returns 0. The lowthresh attribute represents a percentage of the thewall attribute
and you can set its value from 0 to 100.
|
| main_if6 |
- Purpose:
- Specifies the interface to use for link local addresses.
|
| main_site6 |
- Purpose:
- Specifies the interface to use for site local address routing.
|
| maxnip6q |
- Purpose:
- Specifies the maximum number of IP version 6 packet reassembly
queues.
|
| maxttl |
- Purpose:
- Specifies the time to live (in seconds) for RIP packets.
|
| medthresh |
- Purpose:
- Specifies the maximum number of bytes that can be allocated using
the allocb call for the BPRI_MED priority.
- Tuning:
- When the total amount of memory allocated by the net_malloc call
reaches this threshold, then the allocb request for the BPRI_MED priority
returns 0. The medthresh attribute represents a percentage
of the thewall attribute. A typical setting of 95 represents
95% of thewall attribute.
|
| mpr_policy |
- Purpose:
- Specifies the policy to be used for Multipath Routing.
- Tuning:
- The following are the available routing policies:
- Weighted Round-Robin (1)
- Based on user-configured weights assigned to the multiple routes
(through the route command) round-robin is applied. If no weights
are configured then it behaves identical to plain round-robin.
- Random (2)
- Chooses a route at random.
- Weighted Random (3)
- Chooses a route based on user-configured weights and a randomization
routine. The policy adds up the weights of all the routes and pick
a random number between 0 and total weight. Each of the individual
weights are removed from the total weight, until this number is zero.
This picks a route in the range of the total number of routes available.
- Lowest Utilization (4)
- Chooses a route with the minimum number of current connections
going through it.
- Hash-based (5)
- Hash-based algorithm chooses a route by hashing based on the destination
IP address.
|
| multi_homed |
- Purpose:
- Specifies the level of multi-homed IP version 6 host support.
- Tuning:
- This will only be performed for connections whose destination
port is specified in the list of the delayackports parameter. This
can be used to increase performance when communicating with an HTTP
server. The parameter can have one of four values:
- 0
- Indicates the original functionality in AIX 4.3.
- 1
- Indicates that link local addresses will be a resolved by querying
each interface for the link local address.
- 2
- Indicates that link local addresses will only be examined for
the interface defined by main_if6.
- 3
- Indicates that link local addresses will only be examined for
the interface defined by main_if6 and site local addresses will only
be routed for the main_site6 interface.
|
| nbc_limit |
- Purpose:
- Specifies the total maximum amount of memory that can be used
for the Network Buffer Cache.
- Tuning:
- This attribute is in number of KBytes. When the cache grows to
this limit, the rarely used cache objects are flushed out of the cache
to make room for the new ones.
|
| nbc_max_cache |
- Purpose:
- Specifies the maximum size of the cache object allowed in the
Network Buffer Cache without using the private segments.
- Tuning:
- This parameter is in number of bytes. A data object bigger than
this size is either cached in a private segment or is not cached at
all.
|
| nbc_min_cache |
- Purpose:
- Specifies the minimum size of the cache object allowed in the
Network Buffer Cache.
- Tuning:
- This attribute is in number of bytes. A data object smaller than
this size is not put into the NBC. This attribute only applies for send_file() API
and some Web servers that use the get engine in the kernel.
|
| nbc_ofile_hashsz |
- Purpose:
- Specifies the size of the hash table used for hashing cache objects
in the Network Buffer Cache.
- Tuning:
- This hash table size applies to only opened file entries i.e.
entries that cache files from the filesystem. Since this attribute
resizes the hash table size and affects the hashing of all existing
entries, this attribute can only be modified when the Network Buffer
Cache is empty.
|
| nbc_pseg |
- Purpose:
- Specifies the maximum number of private segments that can be created
for the Network Buffer Cache.
- Tuning:
- When this option is set at nonzero0, a data object between the
size specified in nbc_max_cache and the segment size (256MB)
is cached in a private segment. A data object bigger than the segment
size is not cached at all. When the maximum number of private segments
exist, cache data in private segments may be flushed for new cache
data so that the number of private segments do not exceed the limit.
When nbc_pseg is set to 0, all cache in private segments are
flushed.
|
| nbc_pseg_limit |
- Purpose:
- Specifies the maximum amount of cached data size allowed in private
segments in the Network Buffer Cache.
- Tuning:
- This value is expressed in KBytes. Since data cached in private
segments are pinned by the Network Buffer Cache, nbc_pseg_limit controls
the amount of pinned memory used for the Network Buffer Cache in addition
to the network buffers in global segments. When the amount of cached
data reaches this limit, cache data in private segments may be flushed
for new cache data so that the total pinned memory size doesn't exceed
the limit. When nbc_pseg_limit is set to 0, all cache in private
segments are flushed.
|
| ndd_event_name |
- Purpose:
- Specifies the list of interface names for ns_alloc and ns_free events
to be captured, when the trace of ns_alloc/ns_free events is
enabled by setting the ndd_event_tracing option.
- Tuning:
|
| ndd_event_tracing |
- Purpose:
- Specifies the size of the ns_alloc/ns_free trace buffer.
- Tuning:
- If the value of this option is non-zero all ns_alloc/ns_free events
will be traced in a kernel buffer. A value of zero disables this event
tracing. Values of ndd_event_tracing is larger than 1024 will
allocate as many items in the kernel buffer for tracing.
|
| ndp_mmaxtries |
- Purpose:
- Specifies the maximum number of Multicast NDP Neighbor Discovery
Protocol (NDP) packets to send.
|
| ndp_umaxtries |
- Purpose:
- Specifies the maximum number of Unicast Neighbor Discovery Protocol
(NDP) packets to send.
|
| ndpqsize |
- Purpose:
- Specifies the number of packets to hold waiting on completion
of a Neighbor Discovery Protocol (NDP) entry (used by IP version 6).
|
| ndpt_down |
- Purpose:
- Specifies the time, in half seconds, to hold down a NDP entry.
- Tuning:
- Starting from AIX 52B, this
tunable becomes obsolete.
|
| ndpt_keep |
- Purpose:
- Specifies the time, in half seconds, to keep a Neighbor Discovery
Protocol (NDP) entry.
|
| ndpt_probe |
- Purpose:
- Specifies the time, in half seconds, to delay before sending their
first Neighbor Discovery Protocol (NDP) probe.
|
| ndpt_reachable |
- Purpose:
- Specifies the time, in half seconds, to test if a Neighbor Discovery
Protocol (NDP) entry is still valid.
|
| ndpt_retrans |
- Purpose:
- Specifies the time, in half seconds, to wait before retransmitting
a NDP request.
|
| net_buf_size |
- Purpose:
- Specifies a list of buffer sizes for net_malloc/net_free events
to be captured.
- Tuning:
- The net_buf_size strings represents a list of sizes. If
this attribute is not all, only net_malloc/net_free events
of those sizes will be captured. A value of all means that the events
of any size are captured.
|
| net_buf_type |
- Purpose:
- Specifies a list of buffer types for net_malloc/net_free events
to be captured.
- Tuning:
- The net_buf_type string represents a list of types. If
the string is not empty and different from all, only net_malloc/net_free events
of that type will be captured.
|
| net_malloc_frag_mask |
- Purpose:
- It is used as boolean attribute for mask with each bucket requesting
that such fragments be promoted to full pages.
- Tuning:
- Allows promotion of allocations smaller than 1 page to full pages
for better detection of memory overwriting problems. It's a mask for
each bucket size requesting so that such fragments should be promoted
to full pages. Enabling this option for memory fragments will result
in lower performance.
|
| netm_page_promote |
- Purpose:
- Specifies whether to allow promotion of a fragment to page size.
- Tuning:
- This option allows promotion of fragment sizes specified in net_malloc_frag_mask to
page size. Setting this option to 0, disables the page promotion irrespective
of the sizes set in net_malloc_frag_mask.
|
| nonlocsrcroute |
- Purpose:
- Tells the Internet Protocol that strictly source-routed packets
may be addressed to hosts outside the local network.
- Tuning:
- A value of 0 disallows addressing to outside hosts. A value of
1 allows packets to be addressed to outside hosts. Loosely source
routed packets are not affected by this attribute.
|
| nstrpush |
- Purpose:
- Specifies the maximum number (must be at least 8) of modules that
you can push onto a single Stream.
- Tuning:
- Read-only in AIX 5.2 and
later. This attribute can be set during boot in the /etc/pse_tune.conf file.
|
| passive_dgd |
- Purpose:
- Specifies whether Passive Dead Gateway Detection is enabled.
- Tuning:
- A value of 0 disables passive_dgd, and a value of 1 enables
it for all gateways in use.
|
| pmtu_default_age |
- Purpose:
- This option is now unused because UDP applications are now required
to always set IP_DONTFRAG socket option to be able to detect
decreases in Path MTU.
- Tuning:
- A value of zero allows no aging. The default value is 10 minutes.
The pmtu_default_age value can be overridden by UDP applications. pmtu_default_age is
a runtime attribute. On AIX 5.3,
this option is unused as UDP applications will have to set the IP_DONTFRAG socket
option to detect decreases in the Path MTU.
|
| pmtu_expire |
- Purpose:
- Specifies the default amount of time (in minutes) before which
the path MTU entries with reference count of zero are deleted.
- Tuning:
- A value of 0 suggests that the pmtu entries will not expire.
|
| pmtu_rediscover_interval |
- Purpose:
- Specifies the default amount of time (in minutes) before the path
MTU value for UDP and TCP paths are checked for a higher value.
- Tuning:
- A value of 0 allows no path MTU rediscovery.
|
| psebufcalls |
- Purpose:
- Specifies the maximum number of bufcalls to allocate by
Streams.
- Tuning:
- The Stream subsystem allocates certain number of bufcall structures
at initialization, so that when the allocb call fails, the
user can register their requests for the bufcall. You are not
allowed to lower this value until the system reboots, at which time
it returns to its default value.
|
| psecache |
- Purpose:
- Controls the number of stream buffers.
|
| psetimers |
- Purpose:
- Specifies the maximum number of timers to allocate by Streams.
- Tuning:
- The Stream subsystem allocates certain a number of timer structures
at initialization, so that the streams driver or module can register
their timeout calls. You are not allowed to lower this value until
the system reboots, at which time it returns to its default value.
|
| rfc1122addrchk |
- Purpose:
- Performs address validation as specified by RFC1122, Requirements
for Internet Hosts-Communication Layers.
- Tuning:
- A value of 0 does not perform address validation. A value of 1
performs address validation.
|
| rfc1323 |
- Purpose:
- Enables TCP enhancements as specified by RFC 1323, TCP Extensions
for High Performance.
- Tuning:
- A value of 0 disables the RFC enhancements on a system-wide scale.
A value of 1 specifies that all TCP connections will attempt to negotiate
the RFC enhancements. The SOCKETS application can override the default
behavior on individual TCP connections, using the setsockopt subroutine.
The rfc1323 network option can also be set on a per interface
basis via the ifconfig command.
|
| rfc2414 |
- Purpose:
- Enables the increasing of TCP's initial window as described in
RFC 2414.
- Tuning:
- When it is on, the initial window will depend on the setting of
the tunable tcp_init_window.
|
| route_expire |
- Purpose:
- Specifies whether the route expires.
- Tuning:
- A value of 0 allows no route expiration. Negative values are not
allowed for this option.
|
| routerevalidate |
- Purpose:
- Specifies that each connection's cached route should be revalidated
each time a new route is added to the routing table.
- Tuning:
- This will ensure that applications that keep the same connection
open for long periods of time (for example NFS) will use the correct
route after routing table changes occur. A value of 0 does not revalidate
the cached routes. Turning this option on may cause some performance
degradation.
|
| rto_high |
- Purpose:
- Specifies the TCP Retransmit Time out high value used in calculating
factors and the maximum retransmits allowable used in TCP data segment
retransmits.
- Tuning:
- rto_high is the high factor.
|
| rto_length |
- Purpose:
- Specifies the TCP Retransmit Time Out length value used in calculating
factors and the maximum retransmits allowable used in TCP data segment
retransmits.
- Tuning:
- rto_length is the total number of time segments.
|
| rto_limit |
- Purpose:
- Specifies the TCP Retransmit Time out limit value used in calculating
factors and the maximum retransmits allowable used in TCP data segment
retransmits.
- Tuning:
- rto_limit is the number of time segments from rto_low to rto_high.
|
| rto_low |
- Purpose:
- Specifies the TCP Retransmit Time Out low value used in calculating
factors and the maximum retransmits allowable used in TCP data segment
retransmits.
- Tuning:
- rto_low is the low factor.
|
| sack |
- Purpose:
- Enables TCP Selective Acknowledgment as described in RFC 2018.
- Tuning:
- A value of 1 will make all TCP connections negotiate sack. Default
is zero which disables the negotiation. sack feature needs support
from the peer TCP. The negotiation phase during connection initiation
determines that. When receiving out of order segments, Selective
Acknowledgments from the receiver will inform the sender of data that
has been received so that the sender can retransmit only the missing
segments resulting in less unnecessarily retransmitted segments. Sack
is useful for recovering fast from multiple packet drops in a window
of data.
|
| sb_max |
- Purpose:
- Specifies the maximum buffer size allowed for a TCP and UDP socket.
Limits setsockopt, udp_sendspace, udp_recvspace, tcp_sendspace,
and tcp_recvspace.
- Tuning:
- Increase size, preferably to multiple of 4096. Should be approximately
two to four times the largest socket buffer limit.
|
| send_file_duration |
- Purpose:
- Specifies the cache validation duration for all the file objects
that system call send_file accessed in the network buffer cache.
- Tuning:
- This attribute is in number of seconds. A value of 0 means that
the cache will be validated for every access.
|
| site6_index |
- Purpose:
- Specifies the maximum interface number for site local routing.
|
| sockthresh |
- Purpose:
- Specifies the maximum amount of network memory that can be allocated
for sockets. Used to prevent new sockets or TCP connections from exhausting
all MBUF memory and reserve the remaining memory for the existing
sockets or TCP connections.
- Tuning:
- When the total amount of memory allocated by the net_malloc subroutine
reaches the sockthresh threshold, the socket and socketpair system
calls fail with an error of ENOBUFS. Incoming connection requests
are silently discarded. Existing sockets can continue to use additional
memory. The sockthresh attribute represents a percentage of
the thewall attribute.
|
| sodebug |
- Purpose:
- Specifies whether the newly created sockets will have SO_DEBUG flag
on.
|
| sodebug_env |
- Purpose:
- Specifies whether SODEBUG process environment variable will be
checked for the newly created sockets; if this is the case, these
sockets will have SO_DEBUG flag on.
|
| somaxconn |
- Purpose:
- Specifies the maximum listen backlog.
- Tuning:
- Increase this parameter on busy Web servers to handle peak connection
rates.
|
| strctlsz |
- Purpose:
- Specifies the maximum number of bytes of information that a single
system call can pass to a Stream to place into the control part of
a message (in an M_PROTO or M_PCPROTO block).
- Tuning:
- The putmsg call with a control part exceeding this size
will fail with ERANGE.
|
| strmsgsz |
- Purpose:
- Specifies the maximum number of bytes of information that a single
system call can pass to a Stream to place into the data part of a
message (in M_DATA blocks).
- Tuning:
- Any write call exceeding this size is broken into multiple messages.
The putmsg call with a data part exceeding this size will fail
with ERANGE.
|
| strthresh |
- Purpose:
- Specifies the maximum number of bytes Streams are normally allowed
to allocate.
- Tuning:
- When the threshold is passed, strthresh does not allow
users without the appropriate privilege to open Streams, push modules,
or write to Stream devices, and returns ENOSR. The threshold applies
only the output and does not affect data coming into the system (e.g.
console continues to work properly). A value of zero means that there
is no threshold. The strthresh attribute represents a percentage
of the thewall attribute. The thewall attribute indicates
the maximum number of bytes that can be allocated by Streams and Sockets
using the net_malloc call.
|
| strturncnt |
- Purpose:
- Specifies the maximum number of requests handled by the current
running thread for Module or Elsewhere level Streams synchronization.
- Tuning:
- The Module level synchronization works in a way that only one
thread can run in the module at any time and all other threads which
try to acquire the same module will enqueue their requests and leave.
After the current running thread completes its work, it dequeues all
the previously enqueued requests one by one and runs them. If there
are a large number of requests enqueued in the list, then the current
running thread has to serve everyone and will always be busy serving
others and starves itself. To avoid this the current running thread
serves only the strturncnt number of threads, after that a
separate kernel thread activates and runs all the pending requests.
|
| subnetsarelocal |
- Purpose:
- Specifies whether all subnets that match the subnet mask are to
be considered local for purposes of establishing, for example, the
TCP maximum segment size.
- Tuning:
- This parameter is used by the in_localaddress subroutine.
The default value, 1 specifies that addresses that match the
local network mask are local. If the value is 0, only addresses matching
the local subnetwork are local. This is a configuration decision with
performance consequences. If all the subnets does not have the same
MTU, fragmentation at bridges may degrade performance. If the subnets
does have the same MTU, and subnetsarelocal is 0, TCP sessions
may use a small MSS.
|
| tcp_bad_port_limit |
- Purpose:
- Enables TCP level support for Explicit Congestion Notification
as described in RFC 2481.
- Tuning:
- Default is off (0). Turning it on (1) will make all connections
negotiate ECN capability with the peer. For this feature to work you
need support from the peer TCP and also IP level ECN support from
the routers in the path.
|
| tcp_cwnd_modified |
- Purpose:
- Allows the TCP IP applications with specific socket options to
adjust the network congestion window. This parameter might be used
only in a specific wide area network (WAN) environment.
- Tuning:
- Default value is 0, which disables the tuning parameter. Tuning
it to a value of 1 allows you to adjust the network congestion window.
|
| tcp_ephemeral_high |
- Purpose:
- Specifies the largest port number to allocate for TCP ephemeral
ports.
- Tuning:
- The number of ephemeral sockets is determined by tcp_ephemeral_high minus tcp_ephemeral_low.
For maximum number of ephemeral sockets, set tcp_ephemeral_high to
65535 and tcp_ephemeral_low to 1024.
|
| tcp_ephemeral_low |
- Purpose:
- Specifies the smallest port number to allocate for TCP ephemeral
ports.
- Tuning:
- The number of ephemeral sockets is determined by tcp_ephemeral_high minus tcp_ephemeral_low.
For maximum number of ephemeral sockets, set tcp_ephemeral_high to
65535 and tcp_ephemeral_low to 1024.
|
| tcp_finwait2 |
- Purpose:
- Specifies the length of time to wait in the FIN_WAIT2 state before
closing the connection, measured in half seconds.
|
| tcp_icmpsecure |
- Purpose:
- Specifies whether or not ICMP (Internet Control Message Protocol)
attacks on TCP are avoided.
- Tuning:
- This option should be turned on to protect TCP connections against
ICMP attacks. The ICMP attacks may be of the form of ICMP source quench
attacks and PMTUD (Path MTU Discovery) attacks. If this network option
is turned on, the system does not react to ICMP source quench messages.
This will protect against ICMP source quench attacks. Also, if this
network option is enabled, the payload of the ICMP message is tested
to determine if the sequence number of the TCP header portion of the
payload is within the range of acceptable sequence numbers. This will
mitigate PMTUD attacks to a large extent.
|
| tcp_init_window |
- Purpose:
- This value is used only when rfc2414 is turned on (ignored otherwise).
- Tuning:
- If rfc2414 is on and this value is zero, then the initial window
computation is done according to rfc2414. If this value is non-zero,
the initial (congestion) window is initialized a number of maximum
sized segments equal to tcp_init_window. Changing tcp_init_window allows
you to tune the TCP slow start to control the number of TCP segments
(packets) outstanding before an ACK is received. For example, setting
this value to 6 would allow 6 packets to be sent initially, instead
of the normal 2 or 3 packets, thus speeding up the initial packet
rate.
|
| tcp_inpcb_hashtab_siz |
- Purpose:
- Specifies the size of the inpcb hash table for TCP connections.
- Tuning:
- This table holds the inpcbs required for connection management
and is implemented as a table of hash chains. A larger table means
that the linked hash chains will be smaller and lower traversal time
on the average but the memory footprint will be larger. This value
should be a prime number. This option impacts performance and should
be used with extreme caution. Please consult a performance analyst
in case it is felt that the value needs to be changed. The execution
environment could have an influence on the value. It is strongly encouraged
to maintain the system defined defaults as they tend to execute optimally
in most environments.
|
| tcp_keepcnt |
- Purpose:
- tcp_keepcnt represents the number of keepalive probes that
could be sent before terminating the connection.
|
| tcp_keepidle |
- Purpose:
- Specifies the length of time to keep the connection active, measured
in half seconds.
|
| tcp_keepinit |
- Purpose:
- Sets the initial timeout value for a tcp connection, measured
in half seconds.
|
| tcp_keepintvl |
- Purpose:
- Specifies the interval, measured in half seconds, between packets
sent to validate the connection.
- Tuning:
- For example, 150 half seconds results in 75 seconds between validation
probes. This will allow TCP to know that a connection is still valid
and keep the connection open when it is otherwise idle. This is a
configuration decision with minimal performance consequences. No change
is recommended. If the interval were shortened significantly, processing
and bandwidth costs might become significant.
|
| tcp_limited_transmit |
- Purpose:
- Enables the feature that enhances TCP's loss recovery as described
in the RFC 3042.
- Tuning:
- A value of 1 enables this option and zero (0) disables the option.
|
| tcp_low_rto |
- Purpose:
- Specifies the TCP retransmit timeout (RTO), in ticks, for connections
experiencing packet drops.
- Tuning:
- A tick is 0.6 seconds (one 100th of a second). The option timer_wheel_tick must
be set to non-zero value before setting tcp_low_rto option.
Also, tcp_low_rto must be equal to or a multiple of ten times
the timer_wheel_tick value. This tunable allows TCP to use
smaller timeout values for packet timeout and retransmit on high speed
networks. Normal TCP retransmit timeout is 1.5 seconds.
|
| tcp_maxburst |
- Purpose:
- Specifies the number of back-to-back packets that TCP can send
before pausing to allow those packets to be forwarded to their destination.
- Tuning:
- This can be useful if routers are unable to handle large bursts
of TCP packets and are dropping some of them. A value of 0 means no
limitation for back-to-back packets before pausing.
|
| tcp_mssdflt |
- Purpose:
- Default maximum segment size used in communicating with remote
networks.
- Tuning:
- tcp_mssdflt is only used if path MTU discovery is not enabled
or path MTU discovery fails to discovery a path MTU. The tcp_mssdflt network
option can also be set on a per interface basis (see the documentation
for ISNO options). Limiting data to (MTU - 40) bytes ensures that,
where possible, only full packets will be sent.
|
| tcp_nagle_limit |
- Purpose:
- This is the Nagle Algorithm threshold in bytes which can be used
to disable Nagle.
- Tuning:
- The default is Nagle turned on. To disable Nagle, set this value
to 0 or 1. TCP disables Nagle for data segments larger than or equal
to this threshold value.
|
| tcp_nagleoverride |
- Purpose:
- Setting the option tcp_nagle_limit turns off the nagle algorithm
system wide and setting tcp_nodelay option for a socket turns off
the nagle algorithm for that specific connection whereas setting tcp_
nagleoverride disables the nagle algorithm only for certain situations
during the connection.
- Tuning:
- The value of 1 disables nagle algorithm only for certain
TCP packets in a connection.
|
| tcp_ndebug |
- Purpose:
- Specifies the number of tcp_debug structures.
|
| tcp_newreno |
- Purpose:
- Enables the modification to TCP's Fast Recovery algorithm as described
in RFC 2582.
- Tuning:
- This fixes the limitation of TCP's Fast Retransmit algorithm to
recover fast from dropped packets when multiple packets in a window
are dropped. sack also achieves the same thing but sack needs support
from both ends of the TCP connection; the NewReno modification is
only on the sender side.
|
| tcp_nodelayack |
- Purpose:
- Turning this parameter on causes TCP to send immediate acknowledgement
(Ack) packets to the sender. When tcp_nodelayack is disabled,
TCP delays sending Ack packets by up to 200ms. This allows the Ack
to be piggy-backed onto a response and minimizes system overhead.
- Tuning:
- This option can be used to overcome bugs in other implementations
of the TCP nagle algorithm. Setting this option to 1 will cause slightly
more system overhead, but can result in much higher performance for
network transfers if the sender is waiting on the receiver's acknowledgement.
|
| tcp_pmtu_discover |
- Purpose:
- Enables or disables path MTU discovery for TCP applications.
- Tuning:
- A value of 0 disables path MTU discovery for TCP applications,
while a value of 1 enables it.
|
| tcp_recvspace |
- Purpose:
- Specifies the system default socket buffer size for receiving
data. This affects the window size used by TCP.
- Tuning:
- The optimum buffer size is the product of the media bandwidth
and the average round-trip time of a packet. The tcp_recvspace network
option can also be set on a per interface basis (reference documentation
on Interface Specific Network Options (ISNO) ). Most interfaces now
have this tunable set in the ISNO defaults. The tcp_recvspace attribute
must specify a socket buffer size less than or equal to the setting
of the sb_max attribute.
|
| tcp_sendspace |
- Purpose:
- Specifies the system default socket buffer size for sending data.
- Tuning:
- The optimum buffer size is the product of the media bandwidth
and the average round-trip time of a packet: optimum_window=bandwidth
* average_round_trip_time. The tcp_sendspace network
option can also be set on a per interface basis (reference documentation
on Interface Specific Network Options (ISNO) ). Most interfaces now
have this tunable set in the ISNO defaults. The tcp_sendspace attribute
must specify a socket buffer size less than or equal to the setting
of the sb_max attribute.
|
| tcp_tcpsecure |
- Purpose:
- Specifies whether or not connection reset attacks and data corruption
attacks on TCP are avoided.
- Tuning:
- This option is used to protect TCP connections from one or more
of the following three vulnerabilities. The first vulnerability involves
the sending of a fake SYN to an established connection to abort the
connection. A tcp_tcpsecure value of 1 provides protection
from this vulnerability. The second vulnerability involves the sending
of a fake RST to an established connection to abort the connection.
A tcp_tcpsecure value of 2 provides protection from this vulnerability.
The third vulnerability involves injecting fake data in an established
TCP connection. A tcp_tcpsecure value of 4 provides protection
from this vulnerability. Values for tcp_tcpsecure can range
from a minimum of 0 (this is the default value and provides no protection
from these vulnerabilities) to a maximum value of 7. Values of 3,
5, 6, or 7 will protect the connection from combinations of these
three vulnerabilities.
|
| tcp_timewait |
- Purpose:
- The tcp_timewait option is used to configure how long connections
are kept in the timewait state.
- Tuning:
- It is given in 15 second intervals. Increasing this value will
degrade performance of Web servers or applications that open and close
a lot of TCP connections.
|
| tcp_ttl |
- Purpose:
- Specifies the time to live for TCP packets, expressed in ticks.
- Tuning:
- A tick is 0.6 seconds (there are 100 ticks per minutes).
|
| tcprexmtthresh |
- Purpose:
- Specifies the number of consecutive duplicate acknowledgements
which will cause TCP to goto fast retransmit phase.
- Tuning:
- Increase this parameter if TCP performance is low due to an increased
number of duplicate acknowledgements but the network is not congested.
Be aware that setting a high value for this option can cause TCP to
time out and retransmit.
|
| tcptr_enable |
- Purpose:
- Enables TCP traffic regulation defined by policies created using
the tcptr command. A value of 0 means disabled. Any non-zero value
means traffic regulation is enabled.
- Tuning:
- A value of 0 disables this option. This option should be turned
on for servers that need to protect against network attacks.
|
| thewall |
- Purpose:
- Specifies the maximum amount of memory, in kilobytes, that is
allocated to the memory pool.
- Tuning:
- Cannot be set anymore.
|
| timer_wheel_tick |
- Purpose:
- Specifies the slot interval of the timer wheel, in ticks, where
a tick=1000/HZ=10ms.
- Tuning:
- This attribute is used in conjunction with tcp_low_rto attribute
to reduce the TCP timeout values to smaller units.
|
| tn_filter |
- Purpose:
- The option is valid for Trusted AIX environment
only. If the option is disabled in this environment, the MAC checks
are bypassed at the IP layer.
|
| udp_bad_port_limit |
- Purpose:
- Specifies the number of UDP packets to a port with no socket that
can be received in a 500 millisecond period before UDP stops sending
ICMP errors in response to such packets.
- Tuning:
- If set to 0, ICMP errors will always be sent when UDP packets
are received for a bad port number. If greater than 0, it specifies
the number of packets to be received before UDP stops sending ICMP
errors.
|
| udp_ephemeral_high |
- Purpose:
- Specifies the largest port number to allocate for UDP ephemeral
ports.
|
| udp_ephemeral_low |
- Purpose:
- Specifies the smallest port number to allocate for UDP ephemeral
ports.
|
| udp_inpcb_hashtab_siz |
- Purpose:
- Specifies the size of the inpcb hash table for UDP connections.
This table holds the inpcbs required for connection management and
is implemented as a table of hash chains. A larger table means that
the linked hash chains will be smaller and lower traversal time on
the average but the memory footprint will be larger.
- Tuning:
- This value should be a prime number. This option impacts performance
and should be used with extreme caution. Please consult a performance
analyst in case it is felt that the value needs to be changed. The
execution environment could have an influence on the value. It is
strongly encouraged to maintain the system defined defaults as they
tend to execute optimally in most environments.
|
| udp_pmtu_discover |
- Purpose:
- Enables or disables path MTU discovery for UDP applications.
- Tuning:
- UDP applications must be specifically written to utilize path
MTU discovery. A value of 0 disables the feature, while a value of
1 enables it.
|
| udp_recvspace |
- Purpose:
- Specifies the system default socket buffer size for receiving
UDP data.
- Tuning:
- Change when nonzero n in netstat -s report of udp: n socket
buffer overflows. The udp_recvspace parameter must specify
a socket buffer size less than or equal to the setting of the sb_max parameter.
Increase size, preferably to multiple of 4096.
|
| udp_sendspace |
- Purpose:
- Specifies the system default socket buffer size (in bytes) for
sending UDP data.
- Tuning:
- The udp_sendspace attribute must specify a socket buffer
size less than or equal to the setting of the sb_max attribute. udp_sendspace must
be at least as large as the largest datagram size that the application
will send. Increase size, preferably to multiple of 4096.
|
| udp_ttl |
- Purpose:
- Specifies the time to live (in seconds) for UDP packets.
|
| udpcksum |
- Purpose:
- Allows UDP checksum to be turned on/off.
- Tuning:
- A value of 0 turns it off; while a value of 1 turns it on.
|
| use_sndbufpool |
- Purpose:
- Enables caching of mbuf clusters to improve performance.
- Tuning:
- If this value is disabled, then to allocate a mbuf cluster, AIX has to allocate a cluster buffer
and also an mbuf buffer to point to it, thus requiring two buffer
allocation operations. Likewise, to free the cluster, two buffer free
operations are required. With this option enabled, AIX will maintain a cache of clusters for each
cluster size that is being used. This improves performance by reducing
overhead to allocate and free mbuf clusters. The default value of
1 enables this option on a system-wide scale. The mbuf cluster cache
can be displayed using the netstat -M command.
|