Tuning EC2 ipsec and nat instances

Working on optimizing NAT and IPSEC kernel settings:



## reference URLs:
# https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
# https://www.kernel.org/doc/Documentation/networking/nf_conntrack-sysctl.txt
#
net.core.rmem_default = 8388608
net.core.rmem_max = 8388608
net.core.wmem_default = 8388608
net.core.wmem_max = 8388608
net.ipv4.ipfrag_high_thresh = 4194304
net.ipv4.ipfrag_high_thresh = 8388608
net.ipv4.ipfrag_low_thresh = 3145728
net.ipv4.ipfrag_low_thresh = 7340032
net.ipv4.ipfrag_max_dist = 64
net.ipv4.ipfrag_secret_interval = 600
net.ipv4.ipfrag_time = 30
net.ipv4.tcp_mem = 8388608 8388608 8388608
net.ipv4.tcp_rmem = 8192 873800 8388608
net.ipv4.tcp_wmem = 8192 873800 8388608
net.ipv4.netfilter.ip_conntrack_log_invalid = 255
net.ipv4.netfilter.ip_conntrack_max = 131072
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 14400


Comments

Post a Comment

Popular posts from this blog

Xubuntu Home Server on Dell XPS 13 9370

[ General warning, this isn't a newbie or step-by-step instruction on how to do this.  If you follow this blindly or don't know what a command does you might wipe something value on your system] Introduction I picked up this box through the Dell Outlet for working remotely, but not at home.  It functions okay for that task but I'm in need of a new home server to replace my old Alienware 14 R2 ancient box. Introduction Before Xubuntu 20.04 Installation BIOS Changes Make Bitwise Factory Backup Fresh Xubuntu Installation Zero out the harddrive Install Xubuntu Install latest updates System Configuration LUKS + PAM home directory Boot Xubuntu Live Image & Prepare new partition Create new user with admin privileges Configure PAM mount for primary user Install Software APT Repository Non APT Golang Google Chrome Configuration BIND PIN Entry Nginx + GIT docker XPS 13 9370 Clickpad Buttons Postfix via Gmail ZRam RamDisk Rsyslog Before Xubuntu 20.04 Installation BIOS Changes Acce
Read more

Cygwin + syslog-ng

Until I can get a real workstation at work and get off this winblows, Cygwin is my friend.  I am working on some OO programming with PERL and really need to be able to log syslog messages locally. After installing syslog-ng, I couldn't figure out how to run it, till I stumbled on a page that mentioned the syslogd-config command. Initially I had some problems because the /etc/passwd and /etc/group files were not world readable (don't know if that is a side effect of the Legato restore of my laptop or just the default behavior) however a quick " chmod a+r /etc/passwd /etc/group " seemed to help. running syslogd-config yielded this output: > syslogd-ng-config Creating default /etc/syslog-ng.conf file Warning: The syslogd service is already installed.  You can not run both, syslogd and syslog-ng in parallel. Do you want to deinstall the syslogd service in favor of syslog-ng? (yes/no) yes Warning: The following function requires administrator privileg
Read more

Installing Fedora 21 on a (late 2014) Mac Mini

First boot the Mac Mini with the default Yosemite OS. Download the latest sudo /Applications/Install\ OS\ X\ Yosemite.app/Contents/Resources/createinstallmedia --volume /Volumes/Untitled --applicationpath /Applications/Install\ OS\ X\ Yosemite.app --nointeraction Post Install configuration systemctl enable sshd.service systemctl start sshd.service Because I restored from a dump, the user directory, I found it required a Selinux relabel: groupadd vpnuser useradd vpnuser su - vpnuser restorecon -FRvv ~/ exit Additional Packages that I like: yum install rxvt-unicode-256color yum install screen yum install tigervnc yum install vim To run DNS locally for my home LAN and to cache DNS from the Internet: yum install bind-chroot # with this version of fedora, I'm finally going to move off of my ancient sendmail configuration for relaying email;  I am also going to move from relaying through verizon to relaying through gmail. # ssmtp is the new package # this ur
Read more