Solaris Tunable Parameters Reference Manual

IP Tunable Parameters

This section describes some of the IP tunable parameters.

`ip_icmp_err_interval` and `ip_icmp_err_burst`

Description

Control the rate of IP in generating IPv4 or IPv6 ICMP error messages. IP generates only up to ip_icmp_err_burst IPv4 or IPv6 ICMP error messages in any ip_icmp_err_interval. This parameter protects IP from denial of service attacks. Set ip_icmp_err_interval to 0 to disable IP to generate IPv4 or IPv6 ICMP error messages.

Default

100 milliseconds for ip_icmp_err_interval

10 for ip_icmp_err_burst

Range

0 - 99,999 milliseconds for ip_icmp_err_interval

1 - 99,999 for ip_icmp_err_burst

Dynamic?

Yes

When to Change

Change the parameter values if you need a higher error message generation rate for diagnostic purposes.

Commitment Level

Unstable

`ip_forwarding` and `ip6_forwarding`

Description: Control whether IP does IPv4 or IPv6 forwarding between interfaces. See also xxx:ip_forwarding below.
Default: 0 (disabled)
Range: 0 (disabled), 1 (enabled)
Dynamic?: Yes
When to Change: If IP forwarding is needed, enable it.
Commitment Level: Unstable

`xxx:ip_forwarding`

Description

Enables IPv4 forwarding for a particular xxx interface. The exact name of the parameter is interface-name:ip_forwarding. For example, two interfaces are hme0 and hme1. Their corresponding parameter names are:

hme0:ip_forwarding and hme1:ip_forwarding

Default

0 (disabled)

Range

0 (disabled), 1 (enabled)

Dynamic?

Yes

When to Change

If you need IPv4 forwarding, use this parameter to enable forwarding on a per-interface basis.

Commitment Level

Unstable

`ip_respond_to_echo_broadcast` and `ip6_respond_to_echo_multicast`

Description: Control whether IPv4 or IPv6 responds to broadcast ICMPv4 echo request or multicast ICMPv6 echo request.
Default: 1 (enabled)
Range: 0 (disabled), 1 (enabled)
Dynamic?: Yes
When to Change: If you do not want this behavior for security reasons, disable it.
Commitment Level: Unstable

`ip_send_redirects` and `ip6_send_redirects`

Description: Control whether IPv4 or IPv6 sends out ICMPv4 or ICMPv6 redirect messages. See also ip_forwarding and ip6_forwarding.
Default: 1 (enabled)
Range: 0 (disabled), 1 (enabled)
Dynamic?: Yes
When to Change: If you do not want this behavior for security reasons, disable it.
Commitment Level: Unstable

`ip_forward_src_routed` and `ip6_forward_src_routed`

Description: Control whether IPv4 or IPv6 forwards packets with source IPv4 routing options or IPv6 routing headers. See also ip_forwarding and ip6_forwarding.
Default: 1 (enabled)
Range: 0 (disabled), 1 (enabled)
Dynamic?: Yes
When to Change: If you do not want this behavior for security reasons, disable it.
Commitment Level: Unstable

`ip_addrs_per_if`

Description: The maximum number of logical interfaces associated with a real interface.
Default: 256
Range: 1 to 8192
Dynamic?: Yes
When to Change: Do not change the value. If more logical interfaces are required, increase the value, but recognize that this change might have a negative impact on IP's performance.
Commitment Level: Unstable

`ip_strict_dst_multihoming` and `ip6_strict_dst_multihoming`

Description

Determine whether a packet arriving on a non-forwarding interface can be accepted for an IP address that is not explicitly configured on that interface. If ip_forwarding is enabled, or xxx:ip_forwarding for the appropriate interfaces is enabled, then this parameter is ignored, because the packet is actually forwarded.

Refer to RFC 1122 3.3.4.2.

Default

0 (loose multihoming)

Range

0 = Off (loose multihoming)

1 = On (strict multihoming)

Dynamic?

Yes

When to Change

If a machine has interfaces that cross strict networking domains (for example, a firewall or a VPN node), set this variable to 1.

Commitment Level

Unstable

`ip_multidata_outbound`

Description

This parameter enables the network stack to send more than one packet at one time to the network device driver during transmission.

Enabling this parameter reduces the per-packet processing costs by improving the host CPU utilization and/or network throughput.

The multidata transmit (MDT) feature is only effective for device drivers that support this feature.

The following parameter must be enabled in the /etc/system file to use the MDT parameter:

set ip:ip_use_dl_cap = 0x1

Default

Disabled

Range

0 (disabled), 1 (enabled)

Dynamic?

Yes

When to Change

This feature can be enabled at any time to allow for improved system performance with the following cautions:

Enabling this feature might change the appearance of any packets between the IP layer and the DLPI provider. So, any third-party STREAMS module that is dynamically inserted between the IP layer and the DLPI provider by using ifconfig's modinsert feature, which doesn't understand the MDT STREAMS data type, might not work.

Modules that are inserted between the IP and the DLPI provider with the autopush(1m) mechanism might not work as well.
Keep this feature disabled when a STREAMS module is not MDT aware. For example, the public domain utilities such as ipfilter, Checkpoint Firewall-1, and so on, are not MDT aware.

Commitment Level

Unstable