Penguin

This page describes some Linux SysControls and what they do.

SysControls can be viewed/edited via the sysctl(8) command, or via /proc/sys/. Therefore, sysctl foo.bar is equivalent to cat /proc/sys/foo/bar.


kernel:
kernel.panic:
This is the number of seconds to wait after a kernel has panicked before the machine will reboot itself automatically. Very useful for unattended servers, or machines that are difficult to get physical access to.
net:

These SysControls affect networking. See also http://bec.at/support/ipsysctl-tutorial/tcpvariables.html

net.ipv4:

The IPv4 specific networking SysControls.

net.ipv4.ip_forwarding:
Enable global IP forwarding. Very important.
net.ipv4.tcp_vegas_cong_avoid (0):

TCP Vegas congestion avoidance is a sender side congestion control algorithm (ie only used by the machine initiating the TCP connection) that causes TCP to back off when it detects the RTT changing (ie, queuing is occuring). It works well when there is only a few flows using the bottleneck link.

TCP Vegas is is no longer considered to be particularly useful. See TCP Westwood, below.

net.ipv4.tcp_westwood (0):
TCP Westwood+ is a sender side congestion control algorithm (like TCP Vegas) that keeps estimates of throughput to try and make sure that the stack uses the optimum amount of bandwidth at all times. It is very useful and should probably be enabled for many sites.
net.ipv4.tcp_sack (1):
Selective Acknowledgement reduces the number of segments that need to be retransmitted when packet loss occurs. Good to have on, needed to be enabled by both the sender and the reciever.
net.ipv4.tcp_fack:
Enable Forward Acknowledgement congestion avoidance and fast retransmission. Only has an effect if net.ipv4.tcp_sack is enabled. See http://www.psc.edu/networking/papers/fack_abstract.html for details on how this option works. Basically it seems to assume that missing sequence ranges are dropped (ie, implies no reordering). Linux will disable Forward Acknowledgement on a per connection basis if it detects reordering.
net.ipv4.tcp_low_latency (0):
"If set, the TCP stack makes decisions that prefer lower latency as opposed to higher throughput." This seems to disable a function called tcp_prequeue, no idea what it does.
net.ipv4.tcp_reordering (3):
How many duplicate ACKs you need before you enter fast retransmit. If you are on a network with lots of reordering then this will need to be raised. Linux can dynamically tune this on a per TCP flow basis, so changing it is normally not that necessary.
net.ipv4.tcp_ecn (0):
Explicit Congestion Notification can be used by routers on the internet to signal that congestion is imminent and to therefore to slow down sending before packet loss actually occurs. However many firewalls on the internet incorrectly detect the ECN data as an attack and drop all packets using ECN. Sigh.
net.ipv4.tcp_retries1 (3):
How many times to send a SYN/ACK packet before giving up on a connection.
net.ipv4.tcp_retries2 (15):
How many times to send a TCP data packet before giving up on a connection.
inet.ipv4.tcp_syn_retrans (5):
How many times to send a SYN packet before giving up on a connection.
inet.ipv4.tcp_retrans_collapse (1):
Whether retransmissions should be sent as full sized packets. Presumably works around some TCP implementation bugs.

See also SysctlNotes