Chapter 4 Internet Protocol Suite Tunable Parameters

This chapter describes various Internet Protocol suite parameters, such as TCP, IP, UDP, and SCTP.

• IP Tunable Parameters

• TCP Tunable Parameters

• UDP Tunable Parameters

• IPQoS Tunable Parameter

• SCTP Tunable Parameters

• Per-Route Metrics

Where to Find Tunable Parameter Information

Overview of Tuning IP Suite Parameters

For new information about IP forwarding, see New and Changed TCP/IP Parameters.

You can set all of the tuning parameters described in this chapter by using the ndd command except for the following parameters:

• ipcl_conn_hash_size

• ip_squeue_worker_wait

These parameters can only be set in the /etc/system file.

For example, use the following syntax to set TCP/IP parameters by using the ndd command:

# ndd -set driver parameter

For more information, see ndd(1M).

Although the SMF framework provides a method for managing system services, ndd commands are still included in system startup scripts. For more information on creating a startup script, see Using Run Control Scripts in System Administration Guide: Basic Administration.

IP Suite Parameter Validation

All parameters described in this section are checked to verify that they fall in the parameter range. The parameter's range is provided with the description for each parameter.

Internet Request for Comments (RFCs)

Internet protocol and standard specifications are described in RFC documents. You can get copies of RFCs from ftp://ftp.rfc-editor.org/in-notes. Browse RFC topics by viewing the rfc-index.txt file at this site.

IP Tunable Parameters

ip_icmp_err_interval and ip_icmp_err_burst

Description

Controls the rate of IP in generating IPv4 or IPv6 ICMP error messages. IP generates only up to ip_icmp_err_burst IPv4 or IPv6 ICMP error messages in any ip_icmp_err_interval.

The ip_icmp_err_interval parameter protects IP from denial of service attacks. Setting this parameter to 0 disables rate limiting. It does not disable the generation of error messages.

Default

100 milliseconds for ip_icmp_err_interval

10 error messages for ip_icmp_err_burst

Range

0 – 99,999 milliseconds for ip_icmp_err_interval

1 – 99,999 error messages for ip_icmp_err_burst

Dynamic?

Yes

When to Change

If you need a higher error message generation rate for diagnostic purposes.

Commitment Level

Unstable

ip_respond_to_echo_broadcast and ip6_respond_to_echo_multicast

Description

Controls whether IPv4 or IPv6 responds to a broadcast ICMPv4 echo request or a multicast ICMPv6 echo request.

Default

1 (enabled)

Range

0 (disabled) or 1 (enabled)

Dynamic?

Yes

When to Change

If you do not want this behavior for security reasons, disable it.

Commitment Level

Unstable

ip_send_redirects and ip6_send_redirects

Description

Controls whether IPv4 or IPv6 sends out ICMPv4 or ICMPv6 redirect messages.

Default

1 (enabled)

Range

0 (disabled) or 1 (enabled)

Dynamic?

Yes

When to Change

If you do not want this behavior for security reasons, disable it.

Commitment Level

Unstable

ip_forward_src_routed and ip6_forward_src_routed

Description

Controls whether IPv4 or IPv6 forwards packets with source IPv4 routing options or IPv6 routing headers.

Default

0 (disabled)

Range

0 (disabled) or 1 (enabled)

Dynamic?

Yes

When to Change

Keep this parameter disabled to prevent denial of service attacks.

Commitment Level

Unstable

Change History

For information, see ip_forward_src_routed and ip6_forward_src_routed (Solaris 10 Release).

ip_addrs_per_if

Description

Defines the maximum number of logical interfaces associated with a real interface.

Default

256

Range

1 to 8192

Dynamic?

Yes

When to Change

Do not change the value. If more logical interfaces are required, you might consider increasing the value. However, recognize that this change might have a negative impact on IP's performance.

Commitment Level

Unstable

ip_strict_dst_multihoming and ip6_strict_dst_multihoming

Description

Determines whether a packet arriving on a non forwarding interface can be accepted for an IP address that is not explicitly configured on that interface. If ip_forwarding is enabled, or xxx:ip_forwarding for the appropriate interfaces is enabled, then this parameter is ignored, because the packet is actually forwarded.

Refer to RFC 1122, 3.3.4.2.

Default

0 (loose multihoming)

Range

0 = Off (loose multihoming)

1 = On (strict multihoming)

Dynamic?

Yes

When to Change

If a machine has interfaces that cross strict networking domains (for example, a firewall or a VPN node), set this parameter to 1.

Commitment Level

Unstable

ip_multidata_outbound

Description

Enables the network stack to send more than one packet at one time to the network device driver during transmission.

Enabling this parameter reduces the per-packet processing costs by improving host CPU utilization, network throughput, or both.

This parameter now controls the use of multidata transmit (MDT) for transmitting IP fragments. For example, when sending out a UDP payload larger than the link MTU. When this tunable is enabled, IP fragments of a particular upper-level protocol, such as UDP, are delivered in batches to the network device driver. Disabling this feature results in both TCP and IP fragmentation logic in the network stack to revert back to sending one packet at a time to the driver.

The MDT feature is only effective for device drivers that support this feature.

See also tcp_mdt_max_pbufs.

Default

1 (Enabled)

Range

0 (disabled) or 1 (enabled)

Dynamic?

Yes

When to Change

If you do not want this parameter enabled for debugging purposes or for any other reasons, disable it.

Commitment Level

Unstable

Change History

For information, see ip_multidata_outbound (Solaris 10 Release).

ip_squeue_fanout

Description

Determines the mode of associating TCP/IP connections with squeues

A value of 0 associates a new TCP/IP connection with the CPU that creates the connection. A value of 1 associates the connection with multiple squeues that belong to different CPUs. The number of squeues that are used to fanout the connection is based upon ip_soft_rings_cnt.

Default

0

Range

0 or 1

Dynamic?

Yes

When to Change

Consider setting this parameter to 1 to spread the load across all CPUs in certain situations. For example, when the number of CPUs exceed the number of NICs, and one CPU is not capable of handling the network load of a single NIC, change this parameter to 1.

Zone Configuration

This parameter can only be set in the global zone.

Commitment Level

Unstable

Change History

For information, see ip_squeue_fanout (Solaris 10 11/06 Release).

ip_soft_rings_cnt

Description

Determines the number of squeues to be used to fanout the incoming TCP/IP connections.

---

Note –

The incoming traffic is placed on one of the rings. If the ring is overloaded, packets are dropped. For every packet that gets dropped, the kstat dls counter, dls_soft_ring_pkt_drop, is incremented.

---

Default

2

Range

0 - nCPUs, where nCPUs is the maximum number of CPUs in the system

Dynamic?

No. The interface should be plumbed again when changing this parameter.

When to Change

Consider setting this parameter to a value greater than 2 on systems that have 10 Gbps NICs and many CPUs.

Zone Configuration

This parameter can only be set in the global zone.

Commitment Level

Obsolete

Change History

For information, see ip_soft_rings_cnt (Solaris 10 11/06 Release).

IP Tunable Parameters With Additional Cautions

Changing the following parameters is not recommended.

ip_ire_pathmtu_interval

Description

Specifies the interval in milliseconds when IP flushes the path maximum transfer unit (PMTU) discovery information, and tries to rediscover PMTU.

Refer to RFC 1191 on PMTU discovery.

Default

10 minutes

Range

5 seconds to 277 hours

Dynamic?

Yes

When to Change

Do not change this value.

Commitment Level

Unstable

ip_icmp_return_data_bytes and ip6_icmp_return_data_bytes

Description

When IPv4 or IPv6 sends an ICMPv4 or ICMPv6 error message, it includes the IP header of the packet that caused the error message. This parameter controls how many extra bytes of the packet beyond the IPv4 or IPv6 header are included in the ICMPv4 or ICMPv6 error message.

Default

64 bytes

Range

8 to 65,536 bytes

Dynamic?

Yes

When to Change

Do not change the value. Including more information in an ICMP error message might help in diagnosing network problems. If this feature is needed, increase the value.

Commitment Level

Unstable

TCP Tunable Parameters

tcp_deferred_ack_interval

Description

Specifies the time-out value for the TCP-delayed acknowledgment (ACK) timer for hosts that are not directly connected.

Refer to RFC 1122, 4.2.3.2.

Default

100 milliseconds

Range

1 millisecond to 1 minute

Dynamic?

Yes

When to Change

Do not increase this value to more than 500 milliseconds.

Increase the value under the following circumstances:

• Slow network links (less than 57.6 Kbps) with greater than 512 bytes maximum segment size (MSS)

• The interval for receiving more than one TCP segment is short

Commitment Level

Unstable

tcp_local_dack_interval

Description

Specifies the time-out value for TCP-delayed acknowledgment (ACK) timer for hosts that are directly connected.

Refer to RFC 1122, 4.2.3.2.

Default

50 milliseconds

Range

10 milliseconds to 500 milliseconds

Dynamic?

Yes

When to Change

Do not increase this value to more than 500 milliseconds.

Increase the value under the following circumstances:

• Slow network links (less than 57.6 Kbps) with greater than 512 bytes maximum segment size (MSS)

• The interval for receiving more than one TCP segment is short

Commitment Level

Unstable

Change History

For information, see tcp_local_dack_interval (Solaris 10 Releases).

tcp_deferred_acks_max

Description

Specifies the maximum number of TCP segments received from remote destinations (not directly connected) before an acknowledgment (ACK) is generated. TCP segments are measured in units of maximum segment size (MSS) for individual connections. If set to 0 or 1, no ACKs are delayed, assuming all segments are 1 MSS long. The actual number is dynamically calculated for each connection. The value is the default maximum.

Default

2

Range

0 to 16

Dynamic?

Yes

When to Change

Do not change the value. In some circumstances, when the network traffic becomes very bursty because of the delayed ACK effect, decrease the value. Do not decrease this value below 2.

Commitment Level

Unstable

tcp_local_dacks_max

Description

Specifies the maximum number of TCP segments received from directly connected destinations before an acknowledgment (ACK) is generated. TCP segments are measured in units of maximum segment size (MSS) for individual connections. If set to 0 or 1, it means no ACKs are delayed, assuming all segments are 1 MSS long. The actual number is dynamically calculated for each connection. The value is the default maximum.

Default

8

Range

0 to 16

Dynamic?

Yes

When to Change

Do not change the value. In some circumstances, when the network traffic becomes very bursty because of the delayed ACK effect, decrease the value. Do not decrease this value below 2.

Commitment Level

Unstable

tcp_wscale_always

Description

When this parameter is enabled, which is the default setting, TCP always sends a SYN segment with the window scale option, even if the window scale option value is 0. Note that if TCP receives a SYN segment with the window scale option, even if the parameter is disabled, TCP responds with a SYN segment with the window scale option. In addition, the option value is set according to the receive window size.

Refer to RFC 1323 for the window scale option.

Default

1 (enabled)

Range

0 (disabled) or 1 (enabled)

Dynamic?

Yes

When to Change

If there is an interoperability problem with an old TCP stack that does not support the window scale option, disable this parameter.

Commitment Level

Unstable

Change History

For information, see tcp_wscale_always (Solaris 9 Releases).

tcp_tstamp_always

Description

If set to 1, TCP always sends a SYN segment with the timestamp option. Note that if TCP receives a SYN segment with the timestamp option, TCP responds with a SYN segment with the timestamp option even if the parameter is set to 0.

Default

0 (disabled)

Range

0 (disabled) or 1 (enabled)

Dynamic?

Yes

When to Change

If getting an accurate measurement of round-trip time (RTT) and TCP sequence number wraparound is a problem, enable this parameter.

Refer to RFC 1323 for more reasons to enable this option.

Commitment Level

Unstable

tcp_xmit_hiwat

Description

Defines the default send window size in bytes. Refer to Per-Route Metrics for a discussion of setting a different value on a per-route basis. See also tcp_max_buf.

Default

49,152

Range

4096 to 1,073,741,824

Dynamic?

Yes

When to Change

An application can use setsockopt(3XNET) SO_SNDBUF to change the individual connection's send buffer.

Commitment Level

Unstable

tcp_recv_hiwat

Description

Defines the default receive window size in bytes. Refer to Per-Route Metrics for a discussion of setting a different value on a per-route basis. See also tcp_max_buf and tcp_recv_hiwat_minmss.

Default

49,152

Range

2048 to 1,073,741,824

Dynamic?

Yes

When to Change

An application can use setsockopt(3XNET) SO_RCVBUF to change the individual connection's receive buffer.

Commitment Level

Unstable

tcp_max_buf

Description

Defines the maximum buffer size in bytes. This parameter controls how large the send and receive buffers are set to by an application that uses setsockopt(3XNET).

Default

1,048,576

Range

8192 to 1,073,741,824

Dynamic?

Yes

When to Change

If TCP connections are being made in a high-speed network environment, increase the value to match the network link speed.

Commitment Level

Unstable

tcp_cwnd_max

Description

Defines the maximum value of the TCP congestion window (cwnd) in bytes.

For more information on the TCP congestion window, refer to RFC 1122 and RFC 2581.

Default

1,048,576

Range

128 to 1,073,741,824

Dynamic?

Yes

When to Change

Even if an application uses setsockopt(3XNET) to change the window size to a value higher than tcp_cwnd_max, the actual window used can never grow beyond tcp_cwnd_max. Thus, tcp_max_buf should be greater than tcp_cwnd_max.

Commitment Level

Unstable

tcp_slow_start_initial

Description

Defines the maximum initial congestion window (cwnd) size in the maximum segment size (MSS) of a TCP connection.

Refer to RFC 2414 on how the initial congestion window size is calculated.

Default

4

Range

1 to 4

Dynamic?

Yes

When to Change

Do not change the value.

If the initial cwnd size causes network congestion under special circumstances, decrease the value.

Commitment Level

Unstable

tcp_slow_start_after_idle

Description

The congestion window size in the maximum segment size (MSS) of a TCP connection after it has been idled (no segment received) for a period of one retransmission timeout (RTO).

Refer to RFC 2414 on how the initial congestion window size is calculated.

Default

4

Range

1 to 16,384

Dynamic?

Yes

When to Change

For more information, see tcp_slow_start_initial.

Commitment Level

Unstable

tcp_sack_permitted

Description

If set to 2, TCP always sends a SYN segment with the selective acknowledgment (SACK) permitted option. If TCP receives a SYN segment with a SACK-permitted option and this parameter is set to 1, TCP responds with a SACK-permitted option. If the parameter is set to 0, TCP does not send a SACK-permitted option, regardless of whether the incoming segment contains the SACK permitted option.

Refer to RFC 2018 for information on the SACK option.

Default

2 (active enabled)

Range

0 (disabled), 1 (passive enabled), or 2 (active enabled)

Dynamic?

Yes

When to Change

SACK processing can improve TCP retransmission performance so it should be actively enabled. Sometimes, the other side can be confused with the SACK option actively enabled. If this confusion occurs, set the value to 1 so that SACK processing is enabled only when incoming connections allow SACK processing.

Commitment Level

Unstable

tcp_rev_src_routes

Description

If set to 0, TCP does not reverse the IP source routing option for incoming connections for security reasons. If set to 1, TCP does the normal reverse source routing.

Default

0 (disabled)

Range

0 (disabled) or 1 (enabled)

Dynamic?

Yes

When to Change

If IP source routing is needed for diagnostic purposes, enable it.

Commitment Level

Unstable

tcp_time_wait_interval

Description

Specifies the time in milliseconds that a TCP connection stays in TIME-WAIT state.

For more information, refer to RFC 1122, 4.2.2.13.

Default

60,000 (60 seconds)

Range

1 second to 10 minutes

Dynamic?

Yes

When to Change

Do not set the value lower than 60 seconds.

For information on changing this parameter, refer to RFC 1122, 4.2.2.13.

Commitment Level

Unstable

tcp_ecn_permitted

Description

Controls Explicit Congestion Notification (ECN) support.

If this parameter is set to 0, TCP does not negotiate with a peer that supports the ECN mechanism.

If this parameter is set to 1 when initiating a connection, TCP does not tell a peer that it supports ECN mechanism.

However, TCP tells a peer that it supports ECN mechanism when accepting a new incoming connection request if the peer indicates that it supports ECN mechanism in the SYN segment.

If this parameter is set to 2, in addition to negotiating with a peer on the ECN mechanism when accepting connections, TCP indicates in the outgoing SYN segment that it supports the ECN mechanism when TCP makes active outgoing connections.

Refer to RFC 3168 for information on ECN.

Default

1 (passive enabled)

Range

0 (disabled), 1 (passive enabled), or 2 (active enabled)

Dynamic?

Yes

When to Change

ECN can help TCP better handle congestion control. However, there are existing TCP implementations, firewalls, NATs, and other network devices that are confused by this mechanism. These devices do not comply to the IETF standard.

Because of these devices, the default value of this parameter is set to 1. In rare cases, passive enabling can still cause problems. Set the parameter to 0 only if absolutely necessary.

Commitment Level

Unstable

tcp_conn_req_max_q

Description

Specifies the default maximum number of pending TCP connections for a TCP listener waiting to be accepted by accept(3SOCKET). See also tcp_conn_req_max_q0.

Default

128

Range

1 to 4,294,967,296

Dynamic?

Yes

When to Change

For applications such as web servers that might receive several connection requests, the default value might be increased to match the incoming rate.

Do not increase the parameter to a very large value. The pending TCP connections can consume excessive memory. Also, if an application cannot handle that many connection requests fast enough because the number of pending TCP connections is too large, new incoming requests might be denied.

Note that increasing tcp_conn_req_max_q does not mean that applications can have that many pending TCP connections. Applications can use listen(3SOCKET) to change the maximum number of pending TCP connections for each socket. This parameter is the maximum an application can use listen() to set the number to. Thus, even if this parameter is set to a very large value, the actual maximum number for a socket might be much less than tcp_conn_req_max_q, depending on the value used in listen().

Commitment Level

Unstable

Change History

For information, see xxx:ip_forwarding (Solaris 9 Releases).

tcp_conn_req_max_q0

Description

Specifies the default maximum number of incomplete (three-way handshake not yet finished) pending TCP connections for a TCP listener.

For more information on TCP three-way handshake, refer to RFC 793. See also tcp_conn_req_max_q.

Default

1024

Range

0 to 4,294,967,296

Dynamic?

Yes

When to Change

For applications such as web servers that might receive excessive connection requests, you can increase the default value to match the incoming rate.

The following explains the relationship between tcp_conn_req_max_q0 and the maximum number of pending connections for each socket.

When a connection request is received, TCP first checks if the number of pending TCP connections (three-way handshake is done) waiting to be accepted exceeds the maximum (N) for the listener. If the connections are excessive, the request is denied. If the number of connections is allowable, then TCP checks if the number of incomplete pending TCP connections exceeds the sum of N and tcp_conn_req_max_q0. If it does not, the request is accepted. Otherwise, the oldest incomplete pending TCP request is dropped.

Commitment Level

Unstable

Change History

For information, see xxx:ip_forwarding (Solaris 9 Releases).

tcp_conn_req_min

Description

Specifies the default minimum value for the maximum number of pending TCP connection requests for a listener waiting to be accepted. This is the lowest maximum value of listen(3SOCKET) that an application can use.

Default

1

Range

1 to 1024

Dynamic?

Yes

When to Change

This parameter can be a solution for applications that use listen(3SOCKET) to set the maximum number of pending TCP connections to a value too low. Increase the value to match the incoming connection request rate.

Commitment Level

Unstable

tcp_rst_sent_rate_enabled

Description

If this parameter is set to 1, the maximum rate of sending a RST segment is controlled by the ndd parameter, tcp_rst_sent_rate. If this parameter is set to 0, no rate control when sending a RST segment is available.

Default

1 (enabled)

Range

0 (disabled) or 1 (enabled)

Dynamic?

Yes

When to Change

This tunable helps defend against denial of service attacks on TCP by limiting the rate by which a RST segment is sent out. The only time this rate control should be disabled is when strict conformance to RFC 793 is required.

Commitment Level

Unstable

tcp_rst_sent_rate

Description

Sets the maximum number of RST segments that TCP can send out per second.

Default

40

Range

0 to 4,294,967,296

Dynamic?

Yes

When to Change

In a TCP environment, there might be a legitimate reason to generate more RSTs than the default value allows. In this case, increase the default value of this parameter.

Commitment Level

Unstable

tcp_mdt_max_pbufs

Description

Specifies the number of payload buffers that can be carried by a single M_MULTIDATA message that is generated by TCP. See also ip_multidata_outbound.

Default

16

Range

1 to 16

Dynamic?

Yes

When to Change

Decreasing this parameter might aid in debugging device driver development by limiting the amount of payload buffers per M_MULTIDATA message that is generated by TCP.

Commitment Level

Unstable

TCP/IP Parameters Set in the /etc/system File

The following parameters can be set only in the /etc/system file. After the file is modified, reboot the system.

For example, the following entry sets the ipcl_conn_hash_size parameter:

set ip:ipcl_conn_hash_sizes=value

ipcl_conn_hash_size

Description

Controls the size of the connection hash table used by IP. The default value of 0 means that the system automatically sizes an appropriate value for this parameter at boot time, depending on the available memory.

Data Type

Unsigned integer

Default

0

Range

0 to 82,500

Dynamic?

No. The parameter can only be changed at boot time.

When to Change

If the system consistently has tens of thousands of TCP connections, the value can be increased accordingly. Increasing the hash table size means that more memory is wired down, thereby reducing available memory to user applications.

Commitment Level

Unstable

ip_squeue_worker_wait

Description

Governs the maximum delay in waking up a worker thread to process TCP/IP packets that are enqueued on an squeue. An squeue is a serialization queue that is used by the TCP/IP kernel code to process TCP/IP packets.

Default

10 milliseconds

Range

0 – 50 milliseconds

Dynamic?

Yes

When to Change

Consider tuning this parameter if latency is an issue, and network traffic is light. For example, if the machine serves mostly interactive network traffic.

The default value usually works best on a network file server, a web server, or any server that has substantial network traffic.

Zone Configuration

This parameter can only be set in the global zone.

Commitment Level

Unstable

Change History

For information, see ip_squeue_worker_wait (Solaris 10 11/06 Release).

TCP Parameters With Additional Cautions

Changing the following parameters is not recommended.

tcp_ip_abort_interval

Description

Specifies the default total retransmission timeout value for a TCP connection. For a given TCP connection, if TCP has been retransmitting for tcp_ip_abort_interval period of time and it has not received any acknowledgment from the other endpoint during this period, TCP closes this connection.

For TCP retransmission timeout (RTO) calculation, refer to RFC 1122, 4.2.3. See also tcp_rexmit_interval_max.

Default

8 minutes

Range

500 milliseconds to 1193 hours

Dynamic?

Yes

When to Change

Do not change this value. See tcp_rexmit_interval_max for exceptions.

Commitment Level

Unstable

tcp_rexmit_interval_initial

Description

Specifies the default initial retransmission timeout (RTO) value for a TCP connection. Refer to Per-Route Metrics for a discussion of setting a different value on a per-route basis.

Default

3 seconds

Range

1 millisecond to 20 seconds

Dynamic?

Yes

When to Change

Do not change this value. Lowering the value can result in unnecessary retransmissions.

Commitment Level

Unstable

tcp_rexmit_interval_max

Description

Defines the default maximum retransmission timeout value (RTO). The calculated RTO for all TCP connections cannot exceed this value. See also tcp_ip_abort_interval.

Default

60 seconds

Range

1 millisecond to 2 hours

Dynamic?

Yes

When to Change

Do not change the value in a normal network environment.

If, in some special circumstances, the round-trip time (RTT) for a connection is about 10 seconds, you can increase this value. If you change this value, you should also change the tcp_ip_abort_interval parameter. Change the value of tcp_ip_abort_interval to at least four times the value of tcp_rexmit_interval_max.

Commitment Level

Unstable

tcp_rexmit_interval_min

Description

Specifies the default minimum retransmission time out (RTO) value. The calculated RTO for all TCP connections cannot be lower than this value. See also tcp_rexmit_interval_max.

Default

400 milliseconds

Range

1 millisecond to 20 seconds

Dynamic?

Yes

When to Change

Do not change the value in a normal network environment.

TCP's RTO calculation should cope with most RTT fluctuations. If, in some very special circumstances, the round-trip time (RTT) for a connection is about 10 seconds, increase this value. If you change this value, you should change the tcp_rexmit_interval_max parameter. Change the value of tcp_rexmit_interval_max to at least eight times the value of tcp_rexmit_interval_min.

Commitment Level

Unstable

tcp_rexmit_interval_extra

Description

Specifies a constant added to the calculated retransmission time out value (RTO).

Default

0 milliseconds

Range

0 to 2 hours

Dynamic?

Yes

When to Change

Do not change the value.

When the RTO calculation fails to obtain a good value for a connection, you can change this value to avoid unnecessary retransmissions.

Commitment Level

Unstable

tcp_tstamp_if_wscale

Description

If this parameter is set to 1, and the window scale option is enabled for a connection, TCP also enables the timestamp option for that connection.

Default

1 (enabled)

Range

0 (disabled) or 1 (enabled)

Dynamic?

Yes

When to Change

Do not change this value. In general, when TCP is used in high-speed network, protection against sequence number wraparound is essential. Thus, you need the timestamp option.

Commitment Level

Unstable

tcp_recv_hiwat_minmss

Description

Controls the default minimum receive window size. The minimum is tcp_recv_hiwat_minmss times the size of maximum segment size (MSS) of a connection.

Default

4

Range

1 to 65,536

Dynamic?

Yes

When to Change

Do not change the value. If changing it is necessary, do not change the value lower than 4.

Commitment Level

Unstable

UDP Tunable Parameters

udp_xmit_hiwat

Description

Defines the default maximum UDP socket datagram size. For more information, see udp_max_buf.

Default

57,344 bytes

Range

1,024 to 1,073,741,824 bytes

Dynamic?

Yes

When to Change

Note that an application can use setsockopt(3XNET) SO_SNDBUF to change the size for an individual socket. In general, you do not need to change the default value.

Commitment Level

Unstable

Change History

For information, see udp_xmit_hiwat (Solaris 9 Releases).

udp_recv_hiwat

Description

Defines the default maximum UDP socket receive buffer size. For more information, see udp_max_buf.

Default

57,344 bytes

Range

128 to 1,073,741,824 bytes

Dynamic?

Yes

When to Change

Note that an application can use setsockopt(3XNET) SO_RCVBUF to change the size for an individual socket. In general, you do not need to change the default value.

Commitment Level

Unstable

Change History

For information, see udp_recv_hiwat (Solaris 9 Releases).

UDP Parameter With Additional Caution

Changing the following parameter is not recommended.

udp_max_buf

Description

Controls how large send and receive buffers can be for a UDP socket.

Default

2,097,152 bytes

Range

65,536 to 1,073,741,824 bytes

Dynamic?

Yes

When to Change

Do not change the value. If this parameter is set to a very large value, UDP socket applications can consume too much memory.

Commitment Level

Unstable

Change History

For information, see udp_max_buf (Solaris 9 Releases).

IPQoS Tunable Parameter

ip_policy_mask

Description

Enables or disables IPQoS processing in any of the following callout positions: forward outbound, forward inbound, local outbound, and local inbound. This parameter is a bitmask as follows:

Not Used	Not Used	Not Used	Not Used	Forward Outbound	Forward Inbound	Local Outbound	Local Inbound
X	X	X	X	0	0	0	0

A 1 in any of the position masks or disables IPQoS processing in that particular callout position. For example, a value of 0x01 disables IPQoS processing for all the local inbound packets.

Default

The default value is 0, meaning that IPQoS processing is enabled in all the callout positions.

Range

0 (0x00) to 15 (0x0F). A value of 15 indicates that IPQoS processing is disabled in all the callout positions.

Dynamic?

Yes

When to Change

If you want to enable or disable IPQoS processing in any of the callout positions.

Commitment Level

Unstable

SCTP Tunable Parameters

sctp_max_init_retr

Description

Controls the maximum number of attempts an SCTP endpoint should make at resending an INIT chunk. The SCTP endpoint can use the SCTP initiation structure to override this value.

Default

8

Range

0 to 128

Dynamic?

Yes

When to Change

The number of INIT retransmissions depend on sctp_pa_max_retr. Ideally, sctp_max_init_retr should be less than or equal to sctp_pa_max_retr.

Commitment Level

Unstable

sctp_pa_max_retr

Description

Controls the maximum number of retransmissions (over all paths) for an SCTP association. The SCTP association is aborted when this number is exceeded.

Default

10

Range

1 to 128

Dynamic?

Yes

When to Change

The maximum number of retransmissions over all paths depend on the number of paths and the maximum number of retransmission over each path. Ideally, sctp_pa_max_retr should be set to the sum of sctp_pp_max_retr over all available paths. For example, if there are 3 paths to the destination and the maximum number of retransmissions over each of the 3 paths is 5, then sctp_pa_max_retr should be set to less than or equal to 15. (See the Note in Section 8.2, RFC 2960.)

Commitment Level

Unstable

sctp_pp_max_retr

Description

Controls the maximum number of retransmissions over a specific path. When this number is exceeded for a path, the path (destination) is considered unreachable.

Default

5

Range

1 to 128

Dynamic?

Yes

When to Change

Do not change this value to less than 5.

Commitment Level

Unstable

sctp_cwnd_max

Description

Controls the maximum value of the congestion window for an SCTP association.

Default

1,048,576

Range

128 to 1,073,741,824

Dynamic?

Yes

When to Change

Even if an application uses setsockopt(3XNET) to change the window size to a value higher than sctp_cwnd_max, the actual window used can never grow beyond sctp_cwnd_max. Thus, sctp_max_buf should be greater than sctp_cwnd_max.

Commitment Level

Unstable

sctp_ipv4_ttl

Description

Controls the time to live (TTL) value in the IP version 4 header for the outbound IP version 4 packets on an SCTP association.

Default

64

Range

1 to 255

Dynamic?

Yes

When to Change

Generally, you do not need to change this value. Consider increasing this parameter if the path to the destination is likely to span more than 64 hops.

Commitment Level

Unstable

sctp_heartbeat_interval

Description

Computes the interval between HEARTBEAT chunks to an idle destination, that is allowed to heartbeat.

An SCTP endpoint periodically sends an HEARTBEAT chunk to monitor the reachability of the idle destinations transport addresses of its peer.

Default

30 seconds

Range

0 to 86,400 seconds

Dynamic?

Yes

When to Change

Refer to RFC 2960, section 8.3.

Commitment Level

Unstable

sctp_new_secret_interval

Description

Determines when a new secret needs to be generated. The generated secret is used to compute the MAC for a cookie.

Default

2 minutes

Range

0 to 1,440 minutes

Dynamic?

Yes

When to Change

Refer to RFC 2960, section 5.1.3.

Commitment Level

Unstable

sctp_initial_mtu

Description

Determines the initial maximum send size for an SCTP packet including the length of the IP header.

Default

1500 bytes

Range

68 to 65,535

Dynamic?

Yes

When to Change

Increase this parameter if the underlying link supports frame sizes that are greater than 1500 bytes.

Commitment Level

Unstable

sctp_deferred_ack_interval

Description

Sets the time-out value for SCTP delayed acknowledgment (ACK) timer in milliseconds.

Default

100 milliseconds

Range

1 to 60,000 milliseconds

Dynamic?

Yes

When to Change

Refer to RFC 2960, section 6.2.

Commitment Level

Unstable

sctp_ignore_path_mtu

Description

Enables or disables path MTU discovery.

Default

0 (disabled)

Range

0 (disabled) or 1 (enabled)

Dynamic?

Yes

When to Change

Enable this parameter if you want to ignore MTU changes along the path. However, doing so might result in IP fragmentation if the path MTU decreases.

Commitment Level

Unstable

sctp_initial_ssthresh

Description

Sets the initial slow start threshold for a destination address of the peer.

Default

102,400

Range

1024 to 4,294,967,295

Dynamic?

Yes

When to Change

Refer to RFC 2960, section 7.2.1.

Commitment Level

Unstable

sctp_xmit_hiwat

Description

Sets the default send window size in bytes. See also sctp_max_buf.

Default

102,400

Range

8,192 to 1,073,741,824

Dynamic?

Yes

When to Change

An application can use getsockopt(3SOCKET) SO_SNDBUF to change the individual association's send buffer.

Commitment Level

Unstable

sctp_xmit_lowat

Description

Controls the lower limit on the send window size.

Default

8,192

Range

8,192 to 1,073,741,824

Dynamic?

Yes

When to Change

Generally, you do not need to change this value. This parameter sets the minimum size required in the send buffer for the socket to be marked writable. If required, consider changing this parameter in accordance with sctp_xmit_hiwat.

Commitment Level

Unstable

sctp_recv_hiwat

Description

Controls the default receive window size in bytes. See also sctp_max_buf.

Default

102,400

Range

8,192 to 1,073,741,824

Dynamic?

Yes

When to Change

An application can use getsockopt(3SOCKET) SO_RCVBUF to change the individual association's receive buffer.

Commitment Level

Unstable

sctp_max_buf

Description

Controls the maximum buffer size in bytes. It controls how large the send and receive buffers are set to by an application that uses getsockopt(3SOCKET).

Default

1,048,576

Range

8,192 to 1,073,741,824

Dynamic?

Yes

When to Change

Increase the value of this parameter to match the network link speed if associations are being made in a high-speed network environment.

Commitment Level

Unstable

sctp_ipv6_hoplimit

Description

Sets the value of the hop limit in the IP version 6 header for the outbound IP version 6 packets on an SCTP association.

Default

60

Range

0 to 255

Dynamic?

Yes

When to Change

Generally, you do not need to change this value. Consider increasing this parameter if the path to the destination is likely to span more than 60 hops.

Commitment Level

Unstable

sctp_rto_min

Description

Sets the lower bound for the retransmission timeout (RTO) in milliseconds for all the destination addresses of the peer.

Default

1,000

Range

500 to 60,000

Dynamic?

Yes

When to Change

Refer to RFC 2960, section 6.3.1.

Commitment Level

Unstable

sctp_rto_max

Description

Controls the upper bound for the retransmission timeout (RTO) in milliseconds for all the destination addresses of the peer.

Default

60,000

Range

1,000 to 60,000,000

Dynamic?

Yes

When to Change

Refer to RFC 2960, section 6.3.1.

Commitment Level

Unstable

sctp_rto_initial

Description

Controls the initial retransmission timeout (RTO) in milliseconds for all the destination addresses of the peer.

Default

3,000

Range

1,000 to 60,000,000

Dynamic?

Yes

When to Change

Refer to RFC 2960, section 6.3.1.

Commitment Level

Unstable

sctp_cookie_life

Description

Sets the lifespan of a cookie in milliseconds.

Default

60,000

Range

10 to 60,000,000

Dynamic?

Yes

When to Change

Generally, you do not need to change this value. This parameter might be changed in accordance with sctp_rto_max.

Commitment Level

Unstable

sctp_max_in_streams

Description

Controls the maximum number of inbound streams permitted for an SCTP association.

Default

32

Range

1 to 65,535

Dynamic?

Yes

When to Change

Refer to RFC 2960, section 5.1.1.

Commitment Level

Unstable

sctp_initial_out_streams

Description

Controls the maximum number of outbound streams permitted for an SCTP association.

Default

32

Range

1 to 65,535

Dynamic?

Yes

When to Change

Refer to RFC 2960, section 5.1.1.

Commitment Level

Unstable

sctp_shutack_wait_bound

Description

Controls the maximum time, in milliseconds, to wait for a SHUTDOWN ACK after having sent a SHUTDOWN chunk.

Default

60,000

Range

0 to 300,000

Dynamic?

Yes

When to Change

Generally, you do not need to change this value. This parameter might be changed in accordance with sctp_rto_max.

Commitment Level

Unstable

sctp_maxburst

Description

Sets the limit on the number of segments to be sent in a burst.

Default

4

Range

2 to 8

Dynamic?

Yes

When to Change

You do not need to change this parameter. You might change it for testing purposes.

Commitment Level

Unstable

sctp_addip_enabled

Description

Enables or disables SCTP dynamic address reconfiguration.

Default

0 (disabled)

Range

0 (disabled) or 1 (enabled)

Dynamic?

Yes

When to Change

The parameter can be enabled if dynamic address reconfiguration is needed. Due to security implications, enable this parameter only for testing purposes.

Commitment Level

Unstable

sctp_prsctp_enabled

Description

Enables or disables the partial reliability extension (RFC 3758) to SCTP.

Default

1 (enabled)

Range

0 (disabled) or 1 (enabled)

Dynamic?

Yes

When to Change

Disable this parameter if partial reliability is not supported in your SCTP environment.

Commitment Level

Unstable

Per-Route Metrics

Starting in the Solaris 8 release, you can use per-route metrics to associate some properties with IPv4 and IPv6 routing table entries.

For example, a system has two different network interfaces, a fast Ethernet interface and a gigabit Ethernet interface. The system default tcp_recv_hiwat is 24,576 bytes. This default is sufficient for the fast Ethernet interface, but may not be sufficient for the gigabit Ethernet interface.

Instead of increasing the system's default for tcp_recv_hiwat, you can associate a different default TCP receive window size to the gigabit Ethernet interface routing entry. By making this association, all TCP connections going through the route will have the increased receive window size.

For example, the following is in the routing table (netstat -rn), assuming IPv4:

192.123.123.0        192.123.123.4         U        1      4  hme0
192.123.124.0        192.123.124.4         U        1      4  ge0
default              192.123.123.1         UG       1      8

In this example, do the following:

# route change -net 192.123.124.0 -recvpipe x

Then, all connections going to the 192.123.124.0 network, which is on the ge0 link, use the receive buffer size x, instead of the default 24567 receive window size.

If the destination is in the a.b.c.d network, and no specific routing entry exists for that network, you can add a prefix route to that network and change the metric. For example:

# route add -net a.b.c.d 192.123.123.1 -netmask w.x.y.z
# route change -net a.b.c.d -recvpipe y

Note that the prefix route's gateway is the default router. Then, all connections going to that network use the receive buffer size y. If you have more than one interface, use the -ifp argument to specify which interface to use. This way, you can control which interface to use for specific destinations. To verify the metric, use the route(1M) get command.