# local sysctl settings can be stored in this directory
# max open files
fs.file-max = 512000
# max read buffer
net.core.rmem_max = 15000000
# max write buffer
net.core.wmem_max = 7500000
net.core.optmem_max = 7500000
# default read buffer
net.core.rmem_default = 131072
# default write buffer
net.core.wmem_default = 131072
# max processor input queue
net.core.netdev_max_backlog = 4096
# max backlog
net.core.somaxconn = 4096

# resist SYN flood attacks
net.ipv4.tcp_syncookies = 1
# reuse timewait sockets when safe
net.ipv4.tcp_tw_reuse = 1
# turn off fast timewait sockets recycling
#net.ipv4.tcp_tw_recycle = 0
# short FIN timeout
#net.ipv4.tcp_fin_timeout = 60
# short keepalive time
#net.ipv4.tcp_keepalive_time = 2400
# outbound port range
net.ipv4.ip_local_port_range = 9999 65000
# max SYN backlog
net.ipv4.tcp_max_syn_backlog = 10240
# max timewait sockets held by system simultaneously
net.ipv4.tcp_max_tw_buckets = 10000
# turn on TCP Fast Open on both client and server side
#net.ipv4.tcp_fastopen = 3
# TCP receive buffer
net.ipv4.tcp_rmem = 4096 524288 7500000
# TCP write buffer
net.ipv4.tcp_wmem = 4096 524288 7500000
# TCP buffer
net.ipv4.tcp_mem = 768174 7500000 15000000
# UDP buffer
net.ipv4.udp_mem = 768174 75000000 150000000
# turn off path MTU discovery
net.ipv4.tcp_mtu_probing = 0

# for low-latency network, use cubic instead
# net.ipv4.tcp_congestion_control = balia

# Default conntrack is too small
net.netfilter.nf_conntrack_max=131072

net.ipv4.tcp_ecn=1
net.ipv4.tcp_retries2=10