#1  
Old 10-31-2004, 08:19 PM
ImportPassion.com's Avatar
ImportPassion.com ImportPassion.com is offline
CEO ImportPassion.com
 
Join Date: Feb 2004
Admin Experience: Guru
Location: Gilbert, AZ
Age: 42
Posts: 54
ImportPassion.com is on a distinguished road
Sharing my little secret
ok, I got this from someone and it brought my load down from the teens to 99% of the time under 2.

Now, I have a dedicated Linux box running dual xeons and 2gb ram. If you don't have SSh access, you can pretty much forget about trying this.

Make backups of anything and everything before trying this. I can't be held responsible for anything u mess up. proceed with caution.

Open /etc/sysctl.conf and replace what is in there with this

Code:
# Kernel sysctl configuration file for Red Hat Linux

# Controls IP packet forwarding
net.ipv4.ip_forward = 0

# Controls source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1

# Increase maximum amount of memory allocated to shm
# kernel.shmmax = 1073741824

# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.lo.log_martians = 1
net.ipv4.conf.eth0.log_martians = 1

# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 30

# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1800

# Turn on the tcp_window_scaling
net.ipv4.tcp_window_scaling = 1

# Turn on the tcp_sack
net.ipv4.tcp_sack = 1

# tcp_fack should be on because of sack
net.ipv4.tcp_fack = 1

# Turn on the tcp_timestamps
net.ipv4.tcp_timestamps = 1

# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1

# Enable ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts = 1

# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1

# Make more local ports available
# net.ipv4.ip_local_port_range = 1024 65000

# Set TCP Re-Ordering value in kernel to '5'
net.ipv4.tcp_reordering = 5

# Set SYN ACK retry attempts to '3'
net.ipv4.tcp_synack_retries = 3

# Various Settings
net.core.netdev_max_backlog = 1024

# Increase the maximum number of skb-heads to be cached
net.core.hot_list_length = 256

# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 360000

# This will increase the amount of memory available for socket input/output queues
net.core.rmem_default = 65535
net.core.rmem_max = 8388608
net.ipv4.tcp_rmem = 4096 87380 8388608
net.core.wmem_default = 65535
net.core.wmem_max = 8388608
net.ipv4.tcp_wmem = 4096 65535 8388608
net.ipv4.tcp_mem = 8388608 8388608 8388608
net.core.optmem_max = 40960
After you make the changes to make them effective without rebooting, simply run the following commands:

/sbin/sysctl -p
/sbin/sysctl -w net.ipv4.route.flush=1

Don't ask me what all this does, cause I really don't know. All I know it was my miracle cure for high loads.

YMMV

Would love to know if this works for others.

Derek
Reply With Quote
  #2  
Old 11-01-2004, 12:16 AM
Nexopia Nexopia is offline
Tazmanian
 
Join Date: Oct 2004
Admin Experience: Guru
Posts: 107
Nexopia is on a distinguished road
Default
Which kernel are you running? "uname -a" should tell you. That config changes alot of the kernel network options.
__________________
nexopia.com
Reply With Quote
  #3  
Old 11-01-2004, 06:43 AM
ImportPassion.com's Avatar
ImportPassion.com ImportPassion.com is offline
CEO ImportPassion.com
 
Join Date: Feb 2004
Admin Experience: Guru
Location: Gilbert, AZ
Age: 42
Posts: 54
ImportPassion.com is on a distinguished road
Default
Hre you go

2.4.21-9.0.1.ELsmp
Reply With Quote
  #4  
Old 11-01-2004, 08:41 AM
Kentaurus's Avatar
Kentaurus Kentaurus is offline
Tazmanian
 
Real Name: Rigel
Join Date: Feb 2004
Admin Experience: Guru
Location: California
Posts: 169
Kentaurus will become famous soon enough
Default
Maybe checking what were your defaults before would be useful.. .from what I see...

you are changing the memory used, that should be a nice optimization of memory vs. cpu
also I see icmp redirects being disabled, besides echo request and echo response the rest of the icmp isn't really convenient so that would be a good idea, you might want to disable all the rest of the icmp also.

I wouldn't do anything to my server without knowing exactly what I was doing
__________________
Social Groups For XenForo
Reply With Quote
  #5  
Old 11-06-2004, 04:34 AM
Nexopia Nexopia is offline
Tazmanian
 
Join Date: Oct 2004
Admin Experience: Guru
Posts: 107
Nexopia is on a distinguished road
Default
ok, after checking alot of these values in a couple places
http://www.netadmintools.com/html/7tcp.man.html
http://ipsysctl-tutorial.frozentux.n...-tutorial.html
and a couple others off google, I ended up using

Code:
net.ipv4.ip_forward=0
kernel.sysrq=0
kernel.core_uses_pid=1
kernel.shmmax = 134217728

net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

net.ipv4.tcp_fin_timeout = 20
net.ipv4.tcp_keepalive_time = 1800
net.ipv4.tcp_sack = 1
net.ipv4.tcp_fack = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.ip_local_port_range = 16384 65536

net.core.netdev_max_backlog = 512

net.core.rmem_default = 65535
net.core.rmem_max = 8388608
net.ipv4.tcp_rmem = 4096 87380 8388608
net.core.wmem_default = 65535
net.core.wmem_max = 8388608
net.ipv4.tcp_wmem = 4096 65535 8388608
net.ipv4.tcp_mem = 8388608 8388608 8388608
net.core.optmem_max = 40960
I found some other settings recommending different values for the memory usages, some as high as 25mb (this sets it to ~8), and heard of some troubles with them. This seems like a fairly good compromise.

I was hit with a huge (650mbit) DDoS last weekend, and obviously didn't survive, but I've been under a 5mbit syn flood for the past few days. Enabling syncookies instantly dropped the load averages. Despite still being under attack, the site is as responsive as ever.
__________________
nexopia.com
Reply With Quote
  #6  
Old 11-06-2004, 06:31 AM
DChapman DChapman is offline
Tazmanian
 
Real Name: David
Join Date: May 2004
Posts: 1,439
DChapman is a jewel in the rough
Default
Quote:
Originally Posted by Nexopia
I was hit with a huge (650mbit) DDoS last weekend, and obviously didn't survive, but I've been under a 5mbit syn flood for the past few days. Enabling syncookies instantly dropped the load averages. Despite still being under attack, the site is as responsive as ever.
650mbit? Good grief. How were you able to have that measured? It must have saturated your hosts backbone.

I've (knock on wood) only been hit with one bad DDoS so far. We were null routed for awhile because of that one.
__________________
Drink Kombucha tea.
Reply With Quote
  #7  
Old 11-06-2004, 06:12 PM
Nexopia Nexopia is offline
Tazmanian
 
Join Date: Oct 2004
Admin Experience: Guru
Posts: 107
Nexopia is on a distinguished road
Default
My host is sagonet. They have somewhere in the range of 10gbit worth of connections. They certainly weren't impressed with the attack, as it represented a large portion of their connection. They null routed my ip for 24h each time (I was hit twice).
__________________
nexopia.com
Reply With Quote
Reply

  Admin Zone Forums > The Community Zone > Managing an Online Community > Community Organization





Currently Active Users Viewing this Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Policies, TOS, Notices (etc) Content Sharing Thread FlyBoy73 Members & Staff 15 01-06-2005 11:07 AM
Sharing info with other admins Cynthia Members & Staff 5 04-29-2004 04:54 AM


 

All times are GMT -4. The time now is 10:08 PM.


Powered by: vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Page generated in 0.06255507 seconds with 15 queries
The Admin Zone copyright 2003-2014 All Rights Reserved. Content published on The Admin Zone requires permission for reprint.