systemvm/debian/etc/sysctl.conf - cloudstack - Git at Google

 # Kernel sysctl configuration file
 #
 # For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
 # sysctl.conf(5) for more details.
 # @VERSION@

 # Controls IP packet forwarding
 net.ipv4.ip_forward = 1

 # Controls source route verification
 net.ipv4.conf.default.rp_filter = 0

 # Do not accept source routing
 net.ipv4.conf.default.accept_source_route = 0

 # Respect local interface in ARP interactions
 net.ipv4.conf.default.arp_announce = 2
 net.ipv4.conf.default.arp_ignore = 2
 net.ipv4.conf.all.arp_announce = 2
 net.ipv4.conf.all.arp_ignore = 2

 # IPSec NETKEY -- avoid bogus redirects
 net.ipv4.conf.all.accept_redirects = 0
 net.ipv4.conf.default.accept_redirects = 0
 net.ipv4.conf.all.send_redirects = 0
 net.ipv4.conf.default.send_redirects = 0
 net.ipv4.conf.all.secure_redirects = 0
 net.ipv4.conf.default.secure_redirects = 0

 # Promote secondary ip to be primary if primary IP is removed
 net.ipv4.conf.all.promote_secondaries = 1
 net.ipv4.conf.default.promote_secondaries = 1

 # For smooth transition of the vip address in case of a keepalived failover
 net.ipv4.ip_nonlocal_bind = 1

 # Controls the System Request debugging functionality of the kernel
 kernel.sysrq = 0

 # Controls whether core dumps will append the PID to the core filename.
 # Useful for debugging multi-threaded applications.
 kernel.core_uses_pid = 1

 # A better way for the instance to die
 kernel.panic = 10
 kernel.panic_on_oops = 1
 vm.panic_on_oom = 1

 # Controls the use of TCP syncookies
 net.ipv4.tcp_syncookies = 1

 # disable tcp time stamps
 net.ipv4.tcp_timestamps = 0

 net.ipv4.tcp_tw_reuse = 1
 net.ipv4.tcp_max_tw_buckets = 1000000
 net.core.somaxconn = 65535
 net.nf_conntrack_max = 1000000
 net.netfilter.nf_conntrack_max = 1000000

 # Disable IPv6
 net.ipv6.conf.all.disable_ipv6 = 1
 net.ipv6.conf.all.forwarding = 0
 net.ipv6.conf.all.accept_ra = 0
 net.ipv6.conf.all.accept_redirects = 0
 net.ipv6.conf.all.autoconf = 0

 # Minimum swappiness without disabling it
 vm.swappiness=1

 # make the kernel more aggressive in reclaiming RAM from the disk and swap caches
 vm.vfs_cache_pressure = 200

 # try to maintain 'free' memory thereby reducing the size of disk cache, hence reducing swapping.
 vm.min_free_kbytes = 20480
	# Kernel sysctl configuration file
	#
	# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
	# sysctl.conf(5) for more details.
	# @VERSION@

	# Controls IP packet forwarding
	net.ipv4.ip_forward = 1

	# Controls source route verification
	net.ipv4.conf.default.rp_filter = 0

	# Do not accept source routing
	net.ipv4.conf.default.accept_source_route = 0

	# Respect local interface in ARP interactions
	net.ipv4.conf.default.arp_announce = 2
	net.ipv4.conf.default.arp_ignore = 2
	net.ipv4.conf.all.arp_announce = 2
	net.ipv4.conf.all.arp_ignore = 2

	# IPSec NETKEY -- avoid bogus redirects
	net.ipv4.conf.all.accept_redirects = 0
	net.ipv4.conf.default.accept_redirects = 0
	net.ipv4.conf.all.send_redirects = 0
	net.ipv4.conf.default.send_redirects = 0
	net.ipv4.conf.all.secure_redirects = 0
	net.ipv4.conf.default.secure_redirects = 0

	# Promote secondary ip to be primary if primary IP is removed
	net.ipv4.conf.all.promote_secondaries = 1
	net.ipv4.conf.default.promote_secondaries = 1

	# For smooth transition of the vip address in case of a keepalived failover
	net.ipv4.ip_nonlocal_bind = 1

	# Controls the System Request debugging functionality of the kernel
	kernel.sysrq = 0

	# Controls whether core dumps will append the PID to the core filename.
	# Useful for debugging multi-threaded applications.
	kernel.core_uses_pid = 1

	# A better way for the instance to die
	kernel.panic = 10
	kernel.panic_on_oops = 1
	vm.panic_on_oom = 1

	# Controls the use of TCP syncookies
	net.ipv4.tcp_syncookies = 1

	# disable tcp time stamps
	net.ipv4.tcp_timestamps = 0

	net.ipv4.tcp_tw_reuse = 1
	net.ipv4.tcp_max_tw_buckets = 1000000
	net.core.somaxconn = 65535
	net.nf_conntrack_max = 1000000
	net.netfilter.nf_conntrack_max = 1000000

	# Disable IPv6
	net.ipv6.conf.all.disable_ipv6 = 1
	net.ipv6.conf.all.forwarding = 0
	net.ipv6.conf.all.accept_ra = 0
	net.ipv6.conf.all.accept_redirects = 0
	net.ipv6.conf.all.autoconf = 0

	# Minimum swappiness without disabling it
	vm.swappiness=1

	# make the kernel more aggressive in reclaiming RAM from the disk and swap caches
	vm.vfs_cache_pressure = 200

	# try to maintain 'free' memory thereby reducing the size of disk cache, hence reducing swapping.
	vm.min_free_kbytes = 20480