no Command

Purpose

Manages network tuning parameters.

Syntax

no [ -p | -r ] { -o Tunable[=NewValue] }

no [ -p | -r ] {-d Tunable }

no [ -p | -r ] { -D }

no [ -p | -r ] [-F] -a

no -h [ Tunable ]

no [-F] -L [ Tunable ]

no [-F] -x [ Tunable ]

Note: Multiple flags -o, -d, -x, and -L are allowed.

Description

Use the no command to configure network tuning parameters. The no command sets or displays current or next boot values for network tuning parameters. This command can also make permanent changes or defer changes until the next reboot. Whether the command sets or displays a parameter is determined by the accompanying flag. The -o flag performs both actions. It can either display the value of a parameter or set a new value for a parameter. When the no command is used to modify a network option it logs a message to the syslog using the LOG_KERN facility. For a more information on how the network parameters interact with each other, refer to the AIX® Version 7.1 Networks and communication management.

Understanding the Effect of Changing Tunable Parameters

Be careful when you use this command. If used incorrectly, the no command can cause your system to become inoperable.

Before modifying any tunable parameter, you should first carefully read about all its characteristics in the Tunable Parameters section below, and follow any Refer To pointer, in order to fully understand its purpose.

You must then make sure that the Diagnosis and Tuning sections for this parameter truly apply to your situation and that changing the value of this parameter could help improve the performance of your system.

If the Diagnosis and Tuning sections both contain only "N/A", you should probably never change this parameter unless specifically directed by AIX development.

Flags

Item Description
-a Displays current, reboot (when used in conjunction with -r) or permanent (when used in conjunction with -p) value for all tunable parameters, one per line in pairs Tunable = Value. For the permanent options, a value only displays for a parameter if its reboot and current values are equal. Otherwise NONE displays as the value.
-d Tunable Resets Tunable its to default value. If Tunable needs to be changed (that is it is currently not set to its default value) and it is of type Bosboot or Reboot, or if it is of type Incremental and has been changed from its default value, and -r is not used in combination, it is not changed but a warning displays instead.
-D Resets all tunables to their default value. If a tunable needing to be changed are of type Bosboot or Reboot, or if they are of type Incremental and have been changed from their default value, and neither -p nor -r are used in combination, they will not be changed but a warning displayed instead.
-F Forces restricted tunable parameters to be displayed when the options -a, -L or -x are specified on the command line. If you do not specify the -F flag, restricted tunables are not included, unless they are specifically named in association with a display option.
-h [Tunable] Displays help about Tunable parameter if one is specified. Otherwise, displays the no command usage statement.
-L [Tunable] Lists the characteristics of one or all Tunables, one per line, using the following format:
NAME              CUR    DEF    BOOT   MIN    MAX    UNIT       TYPE
 DEPENDENCIES 
---------------------------------------------------------------------
General Network 
Parameters 
---------------------------------------------------------------------
sockthresh        85     85     85     0      100    %_of_thewall  D
---------------------------------------------------------------------
fasttimo          200    200    200    50     200    millisecond   D
---------------------------------------------------------------------
inet_stack_size   16     16     16     1             kbyte         R
---------------------------------------------------------------------
... 
where: 
    CUR = current value 
    DEF = default value 
    BOOT = reboot value 
    MIN = minimal value 
    MAX = maximum value 
    UNIT = tunable unit of measure 
    TYPE = parameter type: D (for Dynamic), 
           S (for Static), R (for Reboot),B (for Bosboot), M (for Mount),
           I (for Incremental), C (for Connect), and d (for Deprecated) 
    DEPENDENCIES = list of dependent tunable parameters, one per line
-o Tunable [=NewValue ] Displays the value or sets the Tunable to NewValue. If a tunable needs to be changed (the specified value is different than current value), and is of type Bosboot or Reboot, or if it is of type Incremental and its current value is bigger than the specified value, and -r is not used in combination, it will not be changed but a warning displays instead.

When -r is used in combination without a new value, the nextboot value for Tunable is displayed. When -p is used in combination without a new value, a value displays only if the current and next boot values for tunable are the same Otherwise NONE displays as the value.

-p Makes changes apply to both current and reboot values when used in combination with -o, -d or -D, that is turns on updating of the /etc/tunables/nextboot file in addition to the updating of the current value. These combinations cannot be used on Reboot and Bosboot type parameters because their current value can't be changed.

When used with -a or -o without specifying a new value, values displays only if the current and next boot values for a parameter are the same. Otherwise NONE displays as the value.

-r Makes changes apply to reboot values when used in combination with -o, -d or -D , that is is turns on the updating of the /etc/tunables/nextboot file. If any parameter of type Bosboot is changed, the user is prompted to run bosboot. When used with -a or -o without specifying a new value, next boot values for tunables display instead of the current values.
-x [Tunable] Lists characteristics of one or all tunables, one per line, using the following (spreadsheet) format:
tunable,current,default,reboot,min,max,unit,type,{dtunable } 

where: 
    current = current value 
    default = default value 
    reboot = reboot value 
    min = minimal value 
    max = maximum value 
    unit = tunable unit of measure 
    TYPE = parameter type: D (for Dynamic), 
           S (for Static), R (for Reboot),B (for Bosboot), M (for Mount),
           I (for Incremental), C (for Connect), and d (for Deprecated) 
        dtunable = space separated list of dependent tunable parameters 

If you make any change (with -o, -d or -D) to a restricted tunable parameter, it results in a warning message that a tunable parameter of the restricted-use type has been modified. If you also specify the -r or -p options on the command line, you are prompted for confirmation of the change. In addition, at system reboot, the presence of restricted tunables in the /etc/tunables/nextboot file, which were modified to a value that is different from their default value (using a command line specifying the -r or -p options), results in an error log entry that identifies the list of these modified tunables.

If you make any change (with -o, -d, or -D) to a parameter of type Mount, it results in a warning message that the change is only effective for future mountings.

If you make any change (with -o, -d or -D) to a parameter of type Connect, it results in inetd being restarted, and a warning message that the change is only effective for future socket connections.

If you make any change (with -o, -d, or -D) to a parameter of type Bosboot or Reboot without -r, it results in an error message.

If you make any change (with -o, -d, or -D but without -r) to the current value of a parameter of type Incremental with a new value smaller than the current value, it results in an error message.

Tunable Parameters Type

All the tunable parameters manipulated by the tuning commands (no, nfso, vmo, ioo, schedo, and raso) have been classified into these categories:
Item Description
Dynamic If the parameter can be changed at any time
Static If the parameter can never be changed
Reboot If the parameter can only be changed during reboot
Bosboot If the parameter can only be changed by running bosboot and rebooting the machine
Mount If changes to the parameter are only effective for future file systems or directory mounts
Incremental If the parameter can only be incremented, except at boot time
Connect If changes to the parameter are only effective for future socket connections
Deprecated If changing this parameter is no longer supported by the current release of AIX.
For parameters of type Bosboot, whenever a change is performed, the tuning commands automatically prompt the user to ask if they want to execute the bosboot command. For parameters of type Connect, the tuning commands automatically restart the inetd daemon if pre520tune is disabled.

Note that the current set of parameters managed by the no command only includes Reboot, Static, Dynamic, Incremental, and Connect types.

Tunable Parameters

For default values and range of values for tunables, refer the no command help (-h <tunable_parameter_name>).
Item Description
arpqsize
Purpose:
Specifies the maximum number of packets to queue while waiting for Address Resolution Protocol (ARP) responses.
Tuning:
This attribute is supported by Ethernet, 802.3, Token Ring and FDDI interfaces.
arpt_killc
Purpose:
Specifies the time in minutes before a complete ARP entry will be deleted.
Tuning:
To reduce ARP activity in a stable network, you can increase arpt_killc.
arptab_bsiz
Purpose:
Specifies Address Resolution Protocol (ARP) table bucket size.
Tuning:
netstat -p arp will show the number of ARP packets sent and the number of ARP entries purged from the ARP table. If large number of entries are being purged, the ARP table size should be increased. Use arp -a to show the ARP table hashing distribution.
arptab_nb
Purpose:
Specifies the number of ARP table buckets.
Tuning:
netstat -p arp will show the number of ARP packets sent and the number of ARP entries purged from the ARP table. If large number of entries are being purged, the ARP table size should be increased. Use arp -a to show the ARP table hashing distribution. Increase this value for systems that have a large number of clients or servers. The default provides for 149 x 7 = 1043 ARP entries, but assumes an even hash distribution.
bcastping
Purpose:
Allows response to ICMP echo packets to the broadcast address.
Tuning:
A value of 0 disables it; while a value on 1 enables it. The default is to not respond to echo packets to a broadcast address. This prevents so called 'broadcast storms' on the network that can result when multiple machines respond to a broadcast address.
clean_partial_conns
Purpose:
Specifies whether or not we are avoiding SYN attacks. If non-zero, clean_partial_conns specifies how many partial connections to be removed randomly to make room for new non-attack connections.
Tuning:
A value of 0 disables this option. This option should be turned on for servers that need to protect against network attacks.
delayack
Purpose:
Delays ACKs for certain TCP packets and attempts to piggyback them with the next packet sent instead.
Tuning:
This action will only be performed for connections whose destination port is specified in the list of the delayackports attribute. This can be used to increase the performance when communicating with an HTTP server by reducing the total number of packets sent. The parameter can have one of following four values:
0
No delays, normal operation
1
Delays the ACK for the server's SYN
2
Delays the ACK for the server's FIN
3
Delay both the ACKs for the SYN and FIN
delayackports
Purpose:
Specifies the list of destination ports for which the operation defined by the delayack port option will be performed.
Tuning:
The attribute takes a maximum of ten ports, separated by commas and enclosed in curly braces. For example:
no -o delayackports={80,30080}.
To clear the list, set the option to {}.
dgd_packets_lost
Purpose:
Specifies how many consecutive packets must be lost before Dead Gateway Detection decides that a gateway is down.
dgd_ping_time
Purpose:
Specifies how many seconds should pass between pings of a gateway by Active Dead Gateway Detection.
dgd_retry_time
Purpose:
Specifies how many minutes a route's cost should remain raised when it has been raised by Passive Dead Gateway Detection. After this many minutes pass, the route's cost is restored to its user-configured value. The unit is numeric.
directed_broadcast
Purpose:
Specifies whether or not to allow a directed broadcast to a gateway.
Tuning:
The value of 1 allows packets to be directed to a gateway to be broadcasted on a network on the other side of the gateway.
fasttimo
Purpose:
Allows you to set the millisecond delay for the TCP fast timeout timer. This timeout controls how often the system scans the TCP control blocks to send delayed acknowledgments.
Tuning:
Reducing this timer value may improve performance with some non-IBM systems. However, this may also result in slightly increased system utilization.
hstcp
Purpose:
Enables the HighSpeed TCP as specified in RFC 3649. This modifies the congestion control mechanism for use with TCP connections with large congestion windows to improve the average throughput.
Tuning:
A value of 1 enables the HighSpeed TCP enhancements on a system-wide scale. A value of 0 disables it.
icmp6_errmsg_rate
Purpose:
Specifies the upper limit for the number of ICMP v6 error messages that can be sent per second. This prevents excessive bandwidth being used by ICMP v6 error messages.
icmpaddressmask
Purpose:
Specifies whether the system responds to an ICMP address mask request.
Tuning:
If the value 0 is set, the network silently ignores any ICMP address mask request that it receives.
ie5_old_multicast_mapping
Purpose:
Specifies IP multicasts on token ring should be mapped to the broadcast address rather than a functional address when value 1 is used.
ifsize
Purpose:
Specifies the maximum number of network interface structures per interface of a single type. This limit does not apply to ethernet interface structures for which the infrastructure expands dynamically to handle any number of ethernet interface structures.
Tuning:
The ifsize parameter needs to be large on machines that supports hotplug adapters and on DLPAR configurations because adapters can be added on the fly and the static interface tables must be large enough to accept the worst case number of adapters that may be added for this system or partition. If the system detects at boot time that more adapters of a type are present that would be allowed by the current value of ifsize, it will automatically increase the value to support the number of adapters present.
ip6_defttl
Purpose:
Specifies the default hop count that is used for IP version 6 packets if no other hop count is specified.
ip6_prune
Purpose:
Specifies how often to check the IP version 6 routing table for expired routes, in seconds.
ip6forwarding
Purpose:
Specifies whether the kernel should forward IP version 6 packets.
Tuning:
The default value of 0 prevents forwarding of ipv6 packets when they are not for the local systems. A value of 1 enables forwarding.
ip6srcrouteforward
Purpose:
Specifies whether the system forwards source-routed IP version 6 packets.
Tuning:
A value of 1 allows the forwarding of source-routed packets. A value of 0 causes all source-routed packets that are not at their destinations to be discarded.
ip_ifdelete_notify
Purpose:
Specifies that when an interface address is deleted, all the existing TCP connections that were bound locally to the interface address deleted must be notified with error ENETDOWN.
Tuning:
Existing FTP/Telnet connections are disconnected when the ENETDOWN error is returned.
ip_nfrag
Purpose:
Specifies the maximum number of fragments of a IP packet that can be kept on IP reassembly queue at a time.
ipforwarding
Purpose:
Specifies whether the kernel should forward packets.
Tuning:
Set this parameter to 1, if the system is acting as an IP router.
ipfragttl
Purpose:
Specifies the time to live for IP fragments in half-seconds.
Tuning:
Check for fragments dropped after timeout (netstat -p ip). If value of IP: fragments dropped after timeout is nonzero, increasing ipfragttl may reduce retransmissions.
ipignoreredirects
Purpose:
Specifies whether or not to process redirects that are received.
Tuning:
A value of 0 processes redirects as usual. A value of 1 ignores redirects.
ipqmaxlen
Purpose:
Specifies the number of received packets that can be queued on the IP protocol input queue.
Tuning:
Examine if ipintrq overflows (netstat -s) or use crash to access IP input queue overflow counter. Increase size if system is using a lot of loopback sessions. Most operating system network drivers call IP directly and do not use the IP queue. On these devices increasing ipqmaxlen has no effect.
ipsendredirects
Purpose:
Specifies whether the kernel should send redirect signals.
Tuning:
This is a configuration decision with performance consequences.
ipsrcrouteforward
Purpose:
Specifies whether the system forwards source routed packets.
Tuning:
The default value of 1 allows the forwarding of source-routed packets. A value of 0 causes all source-routed packets that are not at their destinations to be discarded.
ipsrcrouterecv
Purpose:
Specifies whether the system accepts source routed packets.
Tuning:
The default value of 0 causes all source-routed packets destined for this system to be discarded. A value of 1 allows source-routed packets to be received.
ipsrcroutesend
Purpose:
Specifies whether applications can send source routed packets.
Tuning:
The default value of 1 allows source-routed packets to be sent. A value of 0 causes setsockopt() to return an error if an application attempts to set the source routing option, and removes any source routing options from outgoing packets.
limited_ss
Purpose:
Enables the Limited SlowStart as specified in RFC 3742. This limits the number of segments by which the congestion window is increased for one window during slow-start. This enhancement improves the performance for TCP connections with large congestion windows.
Tuning:
A value from 1 to 100 enables the Limited SlowStart enhancements on a system-wide scale and sets it as the number of segments to the value of the maximum SlowStart threshold. A value of 0 disables it. The default value is 0.
llsleep_timeout
Purpose:
Specifies timeout value in seconds for link local timeouts (used when multi_homed=1).
lo_perf
Purpose:
Specifies whether the loopback traffic enabled or disabled.
lowthresh
Purpose:
Specifies the maximum number of bytes that can be allocated using the allocb call for the BPRI_LO priority.
Tuning:
When the total amount of memory allocated by the net_malloc call reaches this threshold, then the allocb request for the BPRI_LO priority returns 0. The lowthresh attribute represents a percentage of the thewall attribute and you can set its value from 0 to 100.
main_if6
Purpose:
Specifies the interface to use for link local addresses.
main_site6
Purpose:
Specifies the interface to use for site local address routing.
maxnip6q
Purpose:
Specifies the maximum number of IP version 6 packet reassembly queues.
maxttl
Purpose:
Specifies the time to live (in seconds) for RIP packets.
medthresh
Purpose:
Specifies the maximum number of bytes that can be allocated using the allocb call for the BPRI_MED priority.
Tuning:
When the total amount of memory allocated by the net_malloc call reaches this threshold, then the allocb request for the BPRI_MED priority returns 0. The medthresh attribute represents a percentage of the thewall attribute. A typical setting of 95 represents 95% of thewall attribute.
mpr_policy
Purpose:
Specifies the policy to be used for Multipath Routing.
Tuning:
The following are the available routing policies:
Weighted Round-Robin (1)
Based on user-configured weights assigned to the multiple routes (through the route command) round-robin is applied. If no weights are configured then it behaves identical to plain round-robin.
Random (2)
Chooses a route at random.
Weighted Random (3)
Chooses a route based on user-configured weights and a randomization routine. The policy adds up the weights of all the routes and pick a random number between 0 and total weight. Each of the individual weights are removed from the total weight, until this number is zero. This picks a route in the range of the total number of routes available.
Lowest Utilization (4)
Chooses a route with the minimum number of current connections going through it.
Hash-based (5)
Hash-based algorithm chooses a route by hashing based on the destination IP address.
multi_homed
Purpose:
Specifies the level of multi-homed IP version 6 host support.
Tuning:
This will only be performed for connections whose destination port is specified in the list of the delayackports parameter. This can be used to increase performance when communicating with an HTTP server. The parameter can have one of four values:
0
Indicates the original functionality in AIX 4.3.
1
Indicates that link local addresses will be a resolved by querying each interface for the link local address.
2
Indicates that link local addresses will only be examined for the interface defined by main_if6.
3
Indicates that link local addresses will only be examined for the interface defined by main_if6 and site local addresses will only be routed for the main_site6 interface.
nbc_limit
Purpose:
Specifies the total maximum amount of memory that can be used for the Network Buffer Cache.
Tuning:
This attribute is in number of KBytes. When the cache grows to this limit, the rarely used cache objects are flushed out of the cache to make room for the new ones.
nbc_max_cache
Purpose:
Specifies the maximum size of the cache object allowed in the Network Buffer Cache without using the private segments.
Tuning:
This parameter is in number of bytes. A data object bigger than this size is either cached in a private segment or is not cached at all.
nbc_min_cache
Purpose:
Specifies the minimum size of the cache object allowed in the Network Buffer Cache.
Tuning:
This attribute is in number of bytes. A data object smaller than this size is not put into the NBC. This attribute only applies for send_file() API and some Web servers that use the get engine in the kernel.
nbc_ofile_hashsz
Purpose:
Specifies the size of the hash table used for hashing cache objects in the Network Buffer Cache.
Tuning:
This hash table size applies to only opened file entries i.e. entries that cache files from the filesystem. Since this attribute resizes the hash table size and affects the hashing of all existing entries, this attribute can only be modified when the Network Buffer Cache is empty.
nbc_pseg
Purpose:
Specifies the maximum number of private segments that can be created for the Network Buffer Cache.
Tuning:
When this option is set at nonzero0, a data object between the size specified in nbc_max_cache and the segment size (256MB) is cached in a private segment. A data object bigger than the segment size is not cached at all. When the maximum number of private segments exist, cache data in private segments may be flushed for new cache data so that the number of private segments do not exceed the limit. When nbc_pseg is set to 0, all cache in private segments are flushed.
nbc_pseg_limit
Purpose:
Specifies the maximum amount of cached data size allowed in private segments in the Network Buffer Cache.
Tuning:
This value is expressed in KBytes. Since data cached in private segments are pinned by the Network Buffer Cache, nbc_pseg_limit controls the amount of pinned memory used for the Network Buffer Cache in addition to the network buffers in global segments. When the amount of cached data reaches this limit, cache data in private segments may be flushed for new cache data so that the total pinned memory size doesn't exceed the limit. When nbc_pseg_limit is set to 0, all cache in private segments are flushed.
ndd_event_name
Purpose:
Specifies the list of interface names for ns_alloc and ns_free events to be captured, when the trace of ns_alloc/ns_free events is enabled by setting the ndd_event_tracing option.
Tuning:
ndd_event_tracing
Purpose:
Specifies the size of the ns_alloc/ns_free trace buffer.
Tuning:
If the value of this option is non-zero all ns_alloc/ns_free events will be traced in a kernel buffer. A value of zero disables this event tracing. Values of ndd_event_tracing is larger than 1024 will allocate as many items in the kernel buffer for tracing.
ndp_mmaxtries
Purpose:
Specifies the maximum number of Multicast NDP Neighbor Discovery Protocol (NDP) packets to send.
ndp_umaxtries
Purpose:
Specifies the maximum number of Unicast Neighbor Discovery Protocol (NDP) packets to send.
ndpqsize
Purpose:
Specifies the number of packets to hold waiting on completion of a Neighbor Discovery Protocol (NDP) entry (used by IP version 6).
ndpt_down
Purpose:
Specifies the time, in half seconds, to hold down a NDP entry.
Tuning:
Starting from AIX 52B, this tunable becomes obsolete.
ndpt_keep
Purpose:
Specifies the time, in half seconds, to keep a Neighbor Discovery Protocol (NDP) entry.
ndpt_probe
Purpose:
Specifies the time, in half seconds, to delay before sending their first Neighbor Discovery Protocol (NDP) probe.
ndpt_reachable
Purpose:
Specifies the time, in half seconds, to test if a Neighbor Discovery Protocol (NDP) entry is still valid.
ndpt_retrans
Purpose:
Specifies the time, in half seconds, to wait before retransmitting a NDP request.
net_buf_size
Purpose:
Specifies a list of buffer sizes for net_malloc/net_free events to be captured.
Tuning:
The net_buf_size strings represents a list of sizes. If this attribute is not all, only net_malloc/net_free events of those sizes will be captured. A value of all means that the events of any size are captured.
net_buf_type
Purpose:
Specifies a list of buffer types for net_malloc/net_free events to be captured.
Tuning:
The net_buf_type string represents a list of types. If the string is not empty and different from all, only net_malloc/net_free events of that type will be captured.
net_malloc_frag_mask
Purpose:
It is used as boolean attribute for mask with each bucket requesting that such fragments be promoted to full pages.
Tuning:
Allows promotion of allocations smaller than 1 page to full pages for better detection of memory overwriting problems. It's a mask for each bucket size requesting so that such fragments should be promoted to full pages. Enabling this option for memory fragments will result in lower performance.
netm_page_promote
Purpose:
Specifies whether to allow promotion of a fragment to page size.
Tuning:
This option allows promotion of fragment sizes specified in net_malloc_frag_mask to page size. Setting this option to 0, disables the page promotion irrespective of the sizes set in net_malloc_frag_mask.
nonlocsrcroute
Purpose:
Tells the Internet Protocol that strictly source-routed packets may be addressed to hosts outside the local network.
Tuning:
A value of 0 disallows addressing to outside hosts. A value of 1 allows packets to be addressed to outside hosts. Loosely source routed packets are not affected by this attribute.
nstrpush
Purpose:
Specifies the maximum number (must be at least 8) of modules that you can push onto a single Stream.
Tuning:
Read-only in AIX 5.2 and later. This attribute can be set during boot in the /etc/pse_tune.conf file.
passive_dgd
Purpose:
Specifies whether Passive Dead Gateway Detection is enabled.
Tuning:
A value of 0 disables passive_dgd, and a value of 1 enables it for all gateways in use.
pmtu_default_age
Purpose:
This option is now unused because UDP applications are now required to always set IP_DONTFRAG socket option to be able to detect decreases in Path MTU.
Tuning:
A value of zero allows no aging. The default value is 10 minutes. The pmtu_default_age value can be overridden by UDP applications. pmtu_default_age is a runtime attribute. On AIX 5.3, this option is unused as UDP applications will have to set the IP_DONTFRAG socket option to detect decreases in the Path MTU.
pmtu_expire
Purpose:
Specifies the default amount of time (in minutes) before which the path MTU entries with reference count of zero are deleted.
Tuning:
A value of 0 suggests that the pmtu entries will not expire.
pmtu_rediscover_interval
Purpose:
Specifies the default amount of time (in minutes) before the path MTU value for UDP and TCP paths are checked for a higher value.
Tuning:
A value of 0 allows no path MTU rediscovery.
psebufcalls
Purpose:
Specifies the maximum number of bufcalls to allocate by Streams.
Tuning:
The Stream subsystem allocates certain number of bufcall structures at initialization, so that when the allocb call fails, the user can register their requests for the bufcall. You are not allowed to lower this value until the system reboots, at which time it returns to its default value.
psecache
Purpose:
Controls the number of stream buffers.
psetimers
Purpose:
Specifies the maximum number of timers to allocate by Streams.
Tuning:
The Stream subsystem allocates certain a number of timer structures at initialization, so that the streams driver or module can register their timeout calls. You are not allowed to lower this value until the system reboots, at which time it returns to its default value.
rfc1122addrchk
Purpose:
Performs address validation as specified by RFC1122, Requirements for Internet Hosts-Communication Layers.
Tuning:
A value of 0 does not perform address validation. A value of 1 performs address validation.
rfc1323
Purpose:
Enables TCP enhancements as specified by RFC 1323, TCP Extensions for High Performance.
Tuning:
A value of 0 disables the RFC enhancements on a system-wide scale. A value of 1 specifies that all TCP connections will attempt to negotiate the RFC enhancements. The SOCKETS application can override the default behavior on individual TCP connections, using the setsockopt subroutine. The rfc1323 network option can also be set on a per interface basis via the ifconfig command.
rfc2414
Purpose:
Enables the increasing of TCP's initial window as described in RFC 2414.
Tuning:
When it is on, the initial window will depend on the setting of the tunable tcp_init_window.
route_expire
Purpose:
Specifies whether the route expires.
Tuning:
A value of 0 allows no route expiration. Negative values are not allowed for this option.
routerevalidate
Purpose:
Specifies that each connection's cached route should be revalidated each time a new route is added to the routing table.
Tuning:
This will ensure that applications that keep the same connection open for long periods of time (for example NFS) will use the correct route after routing table changes occur. A value of 0 does not revalidate the cached routes. Turning this option on may cause some performance degradation.
rto_high
Purpose:
Specifies the TCP Retransmit Time out high value used in calculating factors and the maximum retransmits allowable used in TCP data segment retransmits.
Tuning:
rto_high is the high factor.
rto_length
Purpose:
Specifies the TCP Retransmit Time Out length value used in calculating factors and the maximum retransmits allowable used in TCP data segment retransmits.
Tuning:
rto_length is the total number of time segments.
rto_limit
Purpose:
Specifies the TCP Retransmit Time out limit value used in calculating factors and the maximum retransmits allowable used in TCP data segment retransmits.
Tuning:
rto_limit is the number of time segments from rto_low to rto_high.
rto_low
Purpose:
Specifies the TCP Retransmit Time Out low value used in calculating factors and the maximum retransmits allowable used in TCP data segment retransmits.
Tuning:
rto_low is the low factor.
sack
Purpose:
Enables TCP Selective Acknowledgment as described in RFC 2018.
Tuning:
A value of 1 will make all TCP connections negotiate sack. Default is zero which disables the negotiation. sack feature needs support from the peer TCP. The negotiation phase during connection initiation determines that. When receiving out of order segments, Selective Acknowledgments from the receiver will inform the sender of data that has been received so that the sender can retransmit only the missing segments resulting in less unnecessarily retransmitted segments. Sack is useful for recovering fast from multiple packet drops in a window of data.
sb_max
Purpose:
Specifies the maximum buffer size allowed for a TCP and UDP socket. Limits setsockopt, udp_sendspace, udp_recvspace, tcp_sendspace, and tcp_recvspace.
Tuning:
Increase size, preferably to multiple of 4096. Should be approximately two to four times the largest socket buffer limit.
send_file_duration
Purpose:
Specifies the cache validation duration for all the file objects that system call send_file accessed in the network buffer cache.
Tuning:
This attribute is in number of seconds. A value of 0 means that the cache will be validated for every access.
site6_index
Purpose:
Specifies the maximum interface number for site local routing.
sockthresh
Purpose:
Specifies the maximum amount of network memory that can be allocated for sockets. Used to prevent new sockets or TCP connections from exhausting all MBUF memory and reserve the remaining memory for the existing sockets or TCP connections.
Tuning:
When the total amount of memory allocated by the net_malloc subroutine reaches the sockthresh threshold, the socket and socketpair system calls fail with an error of ENOBUFS. Incoming connection requests are silently discarded. Existing sockets can continue to use additional memory. The sockthresh attribute represents a percentage of the thewall attribute.
sodebug
Purpose:
Specifies whether the newly created sockets will have SO_DEBUG flag on.
sodebug_env
Purpose:
Specifies whether SODEBUG process environment variable will be checked for the newly created sockets; if this is the case, these sockets will have SO_DEBUG flag on.
somaxconn
Purpose:
Specifies the maximum listen backlog.
Tuning:
Increase this parameter on busy Web servers to handle peak connection rates.
strctlsz
Purpose:
Specifies the maximum number of bytes of information that a single system call can pass to a Stream to place into the control part of a message (in an M_PROTO or M_PCPROTO block).
Tuning:
The putmsg call with a control part exceeding this size will fail with ERANGE.
strmsgsz
Purpose:
Specifies the maximum number of bytes of information that a single system call can pass to a Stream to place into the data part of a message (in M_DATA blocks).
Tuning:
Any write call exceeding this size is broken into multiple messages. The putmsg call with a data part exceeding this size will fail with ERANGE.
strthresh
Purpose:
Specifies the maximum number of bytes Streams are normally allowed to allocate.
Tuning:
When the threshold is passed, strthresh does not allow users without the appropriate privilege to open Streams, push modules, or write to Stream devices, and returns ENOSR. The threshold applies only the output and does not affect data coming into the system (e.g. console continues to work properly). A value of zero means that there is no threshold. The strthresh attribute represents a percentage of the thewall attribute. The thewall attribute indicates the maximum number of bytes that can be allocated by Streams and Sockets using the net_malloc call.
strturncnt
Purpose:
Specifies the maximum number of requests handled by the current running thread for Module or Elsewhere level Streams synchronization.
Tuning:
The Module level synchronization works in a way that only one thread can run in the module at any time and all other threads which try to acquire the same module will enqueue their requests and leave. After the current running thread completes its work, it dequeues all the previously enqueued requests one by one and runs them. If there are a large number of requests enqueued in the list, then the current running thread has to serve everyone and will always be busy serving others and starves itself. To avoid this the current running thread serves only the strturncnt number of threads, after that a separate kernel thread activates and runs all the pending requests.
subnetsarelocal
Purpose:
Specifies whether all subnets that match the subnet mask are to be considered local for purposes of establishing, for example, the TCP maximum segment size.
Tuning:
This parameter is used by the in_localaddress subroutine. The default value, 1 specifies that addresses that match the local network mask are local. If the value is 0, only addresses matching the local subnetwork are local. This is a configuration decision with performance consequences. If all the subnets does not have the same MTU, fragmentation at bridges may degrade performance. If the subnets does have the same MTU, and subnetsarelocal is 0, TCP sessions may use a small MSS.
tcp_bad_port_limit
Purpose:
Enables TCP level support for Explicit Congestion Notification as described in RFC 2481.
Tuning:
Default is off (0). Turning it on (1) will make all connections negotiate ECN capability with the peer. For this feature to work you need support from the peer TCP and also IP level ECN support from the routers in the path.
tcp_cwnd_modified
Purpose:
Allows the TCP IP applications with specific socket options to adjust the network congestion window. This parameter might be used only in a specific wide area network (WAN) environment.
Tuning:
Default value is 0, which disables the tuning parameter. Tuning it to a value of 1 allows you to adjust the network congestion window.
tcp_ephemeral_high
Purpose:
Specifies the largest port number to allocate for TCP ephemeral ports.
Tuning:
The number of ephemeral sockets is determined by tcp_ephemeral_high minus tcp_ephemeral_low. For maximum number of ephemeral sockets, set tcp_ephemeral_high to 65535 and tcp_ephemeral_low to 1024.
tcp_ephemeral_low
Purpose:
Specifies the smallest port number to allocate for TCP ephemeral ports.
Tuning:
The number of ephemeral sockets is determined by tcp_ephemeral_high minus tcp_ephemeral_low. For maximum number of ephemeral sockets, set tcp_ephemeral_high to 65535 and tcp_ephemeral_low to 1024.
tcp_finwait2
Purpose:
Specifies the length of time to wait in the FIN_WAIT2 state before closing the connection, measured in half seconds.
tcp_icmpsecure
Purpose:
Specifies whether or not ICMP (Internet Control Message Protocol) attacks on TCP are avoided.
Tuning:
This option should be turned on to protect TCP connections against ICMP attacks. The ICMP attacks may be of the form of ICMP source quench attacks and PMTUD (Path MTU Discovery) attacks. If this network option is turned on, the system does not react to ICMP source quench messages. This will protect against ICMP source quench attacks. Also, if this network option is enabled, the payload of the ICMP message is tested to determine if the sequence number of the TCP header portion of the payload is within the range of acceptable sequence numbers. This will mitigate PMTUD attacks to a large extent.
tcp_init_window
Purpose:
This value is used only when rfc2414 is turned on (ignored otherwise).
Tuning:
If rfc2414 is on and this value is zero, then the initial window computation is done according to rfc2414. If this value is non-zero, the initial (congestion) window is initialized a number of maximum sized segments equal to tcp_init_window. Changing tcp_init_window allows you to tune the TCP slow start to control the number of TCP segments (packets) outstanding before an ACK is received. For example, setting this value to 6 would allow 6 packets to be sent initially, instead of the normal 2 or 3 packets, thus speeding up the initial packet rate.
tcp_inpcb_hashtab_siz
Purpose:
Specifies the size of the inpcb hash table for TCP connections.
Tuning:
This table holds the inpcbs required for connection management and is implemented as a table of hash chains. A larger table means that the linked hash chains will be smaller and lower traversal time on the average but the memory footprint will be larger. This value should be a prime number. This option impacts performance and should be used with extreme caution. Please consult a performance analyst in case it is felt that the value needs to be changed. The execution environment could have an influence on the value. It is strongly encouraged to maintain the system defined defaults as they tend to execute optimally in most environments.
tcp_keepcnt
Purpose:
tcp_keepcnt represents the number of keepalive probes that could be sent before terminating the connection.
tcp_keepidle
Purpose:
Specifies the length of time to keep the connection active, measured in half seconds.
tcp_keepinit
Purpose:
Sets the initial timeout value for a tcp connection, measured in half seconds.
tcp_keepintvl
Purpose:
Specifies the interval, measured in half seconds, between packets sent to validate the connection.
Tuning:
For example, 150 half seconds results in 75 seconds between validation probes. This will allow TCP to know that a connection is still valid and keep the connection open when it is otherwise idle. This is a configuration decision with minimal performance consequences. No change is recommended. If the interval were shortened significantly, processing and bandwidth costs might become significant.
tcp_limited_transmit
Purpose:
Enables the feature that enhances TCP's loss recovery as described in the RFC 3042.
Tuning:
A value of 1 enables this option and zero (0) disables the option.
tcp_low_rto
Purpose:
Specifies the TCP retransmit timeout (RTO), in ticks, for connections experiencing packet drops.
Tuning:
A tick is 0.6 seconds (one 100th of a second). The option timer_wheel_tick must be set to non-zero value before setting tcp_low_rto option. Also, tcp_low_rto must be equal to or a multiple of ten times the timer_wheel_tick value. This tunable allows TCP to use smaller timeout values for packet timeout and retransmit on high speed networks. Normal TCP retransmit timeout is 1.5 seconds.
tcp_maxburst
Purpose:
Specifies the number of back-to-back packets that TCP can send before pausing to allow those packets to be forwarded to their destination.
Tuning:
This can be useful if routers are unable to handle large bursts of TCP packets and are dropping some of them. A value of 0 means no limitation for back-to-back packets before pausing.
tcp_mssdflt
Purpose:
Default maximum segment size used in communicating with remote networks.
Tuning:
tcp_mssdflt is only used if path MTU discovery is not enabled or path MTU discovery fails to discovery a path MTU. The tcp_mssdflt network option can also be set on a per interface basis (see the documentation for ISNO options). Limiting data to (MTU - 40) bytes ensures that, where possible, only full packets will be sent.
tcp_nagle_limit
Purpose:
This is the Nagle Algorithm threshold in bytes which can be used to disable Nagle.
Tuning:
The default is Nagle turned on. To disable Nagle, set this value to 0 or 1. TCP disables Nagle for data segments larger than or equal to this threshold value.
tcp_nagleoverride
Purpose:
Setting the option tcp_nagle_limit turns off the nagle algorithm system wide and setting tcp_nodelay option for a socket turns off the nagle algorithm for that specific connection whereas setting tcp_ nagleoverride disables the nagle algorithm only for certain situations during the connection.
Tuning:
The value of 1 disables nagle algorithm only for certain TCP packets in a connection.
tcp_ndebug
Purpose:
Specifies the number of tcp_debug structures.
tcp_newreno
Purpose:
Enables the modification to TCP's Fast Recovery algorithm as described in RFC 2582.
Tuning:
This fixes the limitation of TCP's Fast Retransmit algorithm to recover fast from dropped packets when multiple packets in a window are dropped. sack also achieves the same thing but sack needs support from both ends of the TCP connection; the NewReno modification is only on the sender side.
tcp_nodelayack
Purpose:
Turning this parameter on causes TCP to send immediate acknowledgement (Ack) packets to the sender. When tcp_nodelayack is disabled, TCP delays sending Ack packets by up to 200ms. This allows the Ack to be piggy-backed onto a response and minimizes system overhead.
Tuning:
This option can be used to overcome bugs in other implementations of the TCP nagle algorithm. Setting this option to 1 will cause slightly more system overhead, but can result in much higher performance for network transfers if the sender is waiting on the receiver's acknowledgement.
tcp_pmtu_discover
Purpose:
Enables or disables path MTU discovery for TCP applications.
Tuning:
A value of 0 disables path MTU discovery for TCP applications, while a value of 1 enables it.
tcp_recvspace
Purpose:
Specifies the system default socket buffer size for receiving data. This affects the window size used by TCP.
Tuning:
The optimum buffer size is the product of the media bandwidth and the average round-trip time of a packet. The tcp_recvspace network option can also be set on a per interface basis (reference documentation on Interface Specific Network Options (ISNO) ). Most interfaces now have this tunable set in the ISNO defaults. The tcp_recvspace attribute must specify a socket buffer size less than or equal to the setting of the sb_max attribute.
tcp_sendspace
Purpose:
Specifies the system default socket buffer size for sending data.
Tuning:
The optimum buffer size is the product of the media bandwidth and the average round-trip time of a packet: optimum_window=bandwidth * average_round_trip_time. The tcp_sendspace network option can also be set on a per interface basis (reference documentation on Interface Specific Network Options (ISNO) ). Most interfaces now have this tunable set in the ISNO defaults. The tcp_sendspace attribute must specify a socket buffer size less than or equal to the setting of the sb_max attribute.
tcp_tcpsecure
Purpose:
Specifies whether or not connection reset attacks and data corruption attacks on TCP are avoided.
Tuning:
This option is used to protect TCP connections from one or more of the following three vulnerabilities. The first vulnerability involves the sending of a fake SYN to an established connection to abort the connection. A tcp_tcpsecure value of 1 provides protection from this vulnerability. The second vulnerability involves the sending of a fake RST to an established connection to abort the connection. A tcp_tcpsecure value of 2 provides protection from this vulnerability. The third vulnerability involves injecting fake data in an established TCP connection. A tcp_tcpsecure value of 4 provides protection from this vulnerability. Values for tcp_tcpsecure can range from a minimum of 0 (this is the default value and provides no protection from these vulnerabilities) to a maximum value of 7. Values of 3, 5, 6, or 7 will protect the connection from combinations of these three vulnerabilities.
tcp_timewait
Purpose:
The tcp_timewait option is used to configure how long connections are kept in the timewait state.
Tuning:
It is given in 15 second intervals. Increasing this value will degrade performance of Web servers or applications that open and close a lot of TCP connections.
tcp_ttl
Purpose:
Specifies the time to live for TCP packets, expressed in ticks.
Tuning:
A tick is 0.6 seconds (there are 100 ticks per minutes).
tcprexmtthresh
Purpose:
Specifies the number of consecutive duplicate acknowledgements which will cause TCP to goto fast retransmit phase.
Tuning:
Increase this parameter if TCP performance is low due to an increased number of duplicate acknowledgements but the network is not congested. Be aware that setting a high value for this option can cause TCP to time out and retransmit.
tcptr_enable
Purpose:
Enables TCP traffic regulation defined by policies created using the tcptr command. A value of 0 means disabled. Any non-zero value means traffic regulation is enabled.
Tuning:
A value of 0 disables this option. This option should be turned on for servers that need to protect against network attacks.
thewall
Purpose:
Specifies the maximum amount of memory, in kilobytes, that is allocated to the memory pool.
Tuning:
Cannot be set anymore.
timer_wheel_tick
Purpose:
Specifies the slot interval of the timer wheel, in ticks, where a tick=1000/HZ=10ms.
Tuning:
This attribute is used in conjunction with tcp_low_rto attribute to reduce the TCP timeout values to smaller units.
tn_filter
Purpose:
The option is valid for Trusted AIX environment only. If the option is disabled in this environment, the MAC checks are bypassed at the IP layer.
udp_bad_port_limit
Purpose:
Specifies the number of UDP packets to a port with no socket that can be received in a 500 millisecond period before UDP stops sending ICMP errors in response to such packets.
Tuning:
If set to 0, ICMP errors will always be sent when UDP packets are received for a bad port number. If greater than 0, it specifies the number of packets to be received before UDP stops sending ICMP errors.
udp_ephemeral_high
Purpose:
Specifies the largest port number to allocate for UDP ephemeral ports.
udp_ephemeral_low
Purpose:
Specifies the smallest port number to allocate for UDP ephemeral ports.
udp_inpcb_hashtab_siz
Purpose:
Specifies the size of the inpcb hash table for UDP connections. This table holds the inpcbs required for connection management and is implemented as a table of hash chains. A larger table means that the linked hash chains will be smaller and lower traversal time on the average but the memory footprint will be larger.
Tuning:
This value should be a prime number. This option impacts performance and should be used with extreme caution. Please consult a performance analyst in case it is felt that the value needs to be changed. The execution environment could have an influence on the value. It is strongly encouraged to maintain the system defined defaults as they tend to execute optimally in most environments.
udp_pmtu_discover
Purpose:
Enables or disables path MTU discovery for UDP applications.
Tuning:
UDP applications must be specifically written to utilize path MTU discovery. A value of 0 disables the feature, while a value of 1 enables it.
udp_recvspace
Purpose:
Specifies the system default socket buffer size for receiving UDP data.
Tuning:
Change when nonzero n in netstat -s report of udp: n socket buffer overflows. The udp_recvspace parameter must specify a socket buffer size less than or equal to the setting of the sb_max parameter. Increase size, preferably to multiple of 4096.
udp_sendspace
Purpose:
Specifies the system default socket buffer size (in bytes) for sending UDP data.
Tuning:
The udp_sendspace attribute must specify a socket buffer size less than or equal to the setting of the sb_max attribute. udp_sendspace must be at least as large as the largest datagram size that the application will send. Increase size, preferably to multiple of 4096.
udp_ttl
Purpose:
Specifies the time to live (in seconds) for UDP packets.
udpcksum
Purpose:
Allows UDP checksum to be turned on/off.
Tuning:
A value of 0 turns it off; while a value of 1 turns it on.
use_sndbufpool
Purpose:
Enables caching of mbuf clusters to improve performance.
Tuning:
If this value is disabled, then to allocate a mbuf cluster, AIX has to allocate a cluster buffer and also an mbuf buffer to point to it, thus requiring two buffer allocation operations. Likewise, to free the cluster, two buffer free operations are required. With this option enabled, AIX will maintain a cache of clusters for each cluster size that is being used. This improves performance by reducing overhead to allocate and free mbuf clusters. The default value of 1 enables this option on a system-wide scale. The mbuf cluster cache can be displayed using the netstat -M command.

Compatibility Mode

When running in pre 5.2 compatibility mode (controlled by the pre520tune attribute of sys0, see AIX 5.2 compatibility mode), reboot values for parameters, except those of type Bosboot, are not really meaningful because in this mode they are not applied at boot time.

In pre 5.2 compatibility mode, setting reboot values to tuning parameters continues to be achieved by imbedding calls to tuning commands in scripts called during the boot sequence. Parameters of type Reboot can therefore be set without the -r flag, so that existing scripts continue to work.

This mode is automatically turned ON when a machine is MIGRATED to AIX 5L™ Version 5.2. For complete installations, it is turned OFF and the reboot values for parameters are set by applying the content of the /etc/tunables/nextboot file during the reboot sequence. Only in that mode are the -r and -p flags fully functional. See Kernel Tuning in the AIX Version 7.1 Performance Tools Guide and Reference for details.

Security

Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.

Examples

  1. To display the maximum size of the mbuf pool, type:
    no -o thewall
  2. To reset the time to live for UDP packets its default size, type:
    no -d udp_ttl
  3. To change the default socket buffer sizes on your system, type:
    no -r -o tcp_sendspace=32768
    no -r -o udp_recvspace=32768
  4. To use a machine as an internet work router over TCP/IP networks, type:
     no -o ipforwarding=1
  5. To list the current and reboot value, range, unit, type and dependencies of all tunables parameters managed by the no command, type:
    no -L
  6. To display help information on udp_ephemeral_high, type:
    no -h udp_ephemeral_high
  7. To permanently turn off ip6srcrouteforward, type:
    no -p -o ip6srcrouteforward=0
  8. To list the reboot values for all Network tuning parameters, type:
    no -r -a
  9. To list (spreadsheet format) the current and reboot value, range, unit, type and dependencies of all tunables parameters managed by the no command, type:
    no -x
  10. To log all allocations and frees of type mbuf or socket that are size 256 or 4096, type:
    no -o net_buf_type={mbuf:socket} -o net_buf_size={256:4096} -o net_malloc_police=1
  11. To log all allocations and frees of type mbuf, type:
    no -o net_buf_type={mbuf} -o net_buf_size={all} -o net_malloc_police=1
  12. To log all ns_allocs and ns_frees for en0 or en3 using a 2000 events buffer size, type:
    no -o ndd_event_name={en0:en3} -o ndd_event_tracing=2000
  13. To log all ns_allocs and ns_frees for all en adapters using a 2000 events buffer size, type:
    no -o ndd_event_name={en} -o ndd_event_tracing=2000
  14. To log all ns_allocs and ns_frees for all adapters, type:
    no -o ndd_event_name={all} -o ndd_event_tracing=1