This section describes parameters specific to the TCP transport protocol.
Specifies the default maximum number of pending TCP connections for a TCP listener waiting to be accepted by accept(). See also _conn_req_max_q0.
128
1 to 4,294,967,295
Yes
For applications such as web servers that might receive several connection requests, the default value might be increased to match the incoming rate.
Do not increase the parameter to a very large value. The pending TCP connections can consume excessive memory. Also, if an application cannot handle that many connection requests fast enough because the number of pending TCP connections is too large, new incoming requests might be denied.
Note that increasing _conn_req_max_q does not mean that applications can have that many pending TCP connections. Applications can use listen() to change the maximum number of pending TCP connections for each socket. This parameter is the maximum an application can use listen() to set the number to. Thus, even if this parameter is set to a very large value, the actual maximum number for a socket might be much less than _conn_req_max_q, depending on the value used in listen().
Unstable
Specifies the default maximum number of incomplete (three-way handshake not yet finished) pending TCP connections for a TCP listener.
For more information on TCP three-way handshake, refer to RFC 793. See also _conn_req_max_q.
1,024
0 to 4,294,967,295
Yes
For applications such as web servers that might receive excessive connection requests, you can increase the default value to match the incoming rate.
When a connection request is received, TCP first checks if the number of pending TCP connections (three-way handshake is done) waiting to be accepted exceeds the maximum (N) for the listener. If the connections are excessive, the request is denied. If the number of connections is allowable, then TCP checks if the number of incomplete pending TCP connections exceeds the sum of N and _conn_req_max_q0. If it does not, the request is accepted. Otherwise, the oldest incomplete pending TCP request is dropped.
Unstable
Specifies the default minimum value for the maximum number of pending TCP connection requests for a listener waiting to be accepted. This is the lowest maximum value of listen() that an application can use.
1
1 to 1,024
Yes
This parameter can be a solution for applications that use listen() to set the maximum number of pending TCP connections to a value too low. Increase the value to match the incoming connection request rate.
Unstable
Defines the maximum value of the TCP congestion window in bytes.
For more information on the TCP congestion window, refer to RFC 1122 and RFC 2581.
1,048,576
128 to 1,073,741,824
Yes
Even if an application uses setsockopt() to change the window size to a value higher than _cwnd_max, the actual window used can never grow beyond _cwnd_max. Thus, max_buf should be greater than _cwnd_max.
Unstable
Specifies the time-out value for the TCP-delayed acknowledgment (ACK) timer for stems that are not directly connected.
Refer to RFC 1122, 4.2.3.2.
100 milliseconds
1 millisecond to 60,000 milliseconds
Yes
Do not increase this value to more than 500 milliseconds.
Increase the value under the following circumstances:
Slow network links (less than 57.6 Kbps) with greater than 512 bytes maximum segment size (MSS)
The interval for receiving more than one TCP segment is short
Unstable
Specifies the maximum number of TCP segments received from remote destinations (not the same subnet) before an acknowledgment (ACK) is generated. TCP segments are measured in units of maximum segment size (MSS) for individual connections. If set to 0 or 1, no ACKs are delayed, assuming all segments are 1 MSS long. The actual number is dynamically calculated for each connection. The value is the default maximum.
2
0 to 16
Yes
This parameter should not be changed in normal circumstances.
Unstable
Controls the time to live (TTL) value in the IPv4 header for outbound TCP messages sent over IPv4. For more information, see the description for ttl (IPv4).
64 bytes
1 to 255
Yes
Do not change this value in a normal network environment.
Unstable
Sets the value of the hop limit in the IPv6 header for the outbound TCP messages sent over IPv6. For more information, see the description for hoplimit (IPv6).
60
1 to 255
Yes
Do not change this value in a normal network environment.
Unstable
Specifies the time-out value for TCP-delayed acknowledgment (ACK) timer for stems that are directly connected.
Refer to RFC 1122, 4.2.3.2.
50 milliseconds
10 milliseconds to 500 milliseconds
Yes
Do not increase this value to more than 500 milliseconds.
Increase the value under the following circumstances:
Slow network links (less than 57.6 Kbps) with greater than 512 bytes maximum segment size (MSS)
The interval for receiving more than one TCP segment is short
Unstable
Specifies the maximum number of TCP segments received from peers on the same subnet before an acknowledgment (ACK) is generated. TCP segments are measured in units of maximum segment size (MSS) for individual connections. If set to 0 or 1, it means no ACKs are delayed, assuming all segments are 1 MSS long. The actual number is dynamically calculated for each connection. The value is the default maximum.
8
0 to 16
Yes
Do not change the value. In some circumstances, when the network traffic becomes very bursty because of the delayed ACK effect, decrease the value. Do not decrease this value below 2.
Unstable
Defines the initial congestion window size in the maximum segment size (MSS) of a TCP connection between stems on the same subnet.
10
1 to 16,384
Yes
Consider increasing this parameter value if applications would benefit from a larger initial window.
Unstable
If set to 0, TCP does not reverse the IP source routing option for incoming connections for security reasons. If set to 1, TCP does the normal reverse source routing.
0 (disabled)
0 (disabled) or 1 (enabled)
Yes
If IP source routing is needed for diagnostic purposes, enable it.
Unstable
Sets the maximum number of RST segments that TCP can send out per second.
40
0 to 4,294,967,295
Yes
In a TCP environment, there might be a legitimate reason to generate more RSTs than the default value allows. In this case, increase the default value of this parameter.
Unstable
If this parameter is set to 1, the maximum rate of sending a RST segment is controlled by the _rst_sent_rate parameter. If this parameter is set to 0, no rate control when sending a RST segment is available.
1 (enabled)
0 (disabled) or 1 (enabled)
Yes
This tunable helps defend against denial of service attacks on TCP by limiting the rate by which a RST segment is sent out. The only time this rate control should be disabled is when strict conformance to RFC 793 is required.
Unstable
The congestion window size in the maximum segment size (MSS) of a TCP connection after it has been idled (no segment received) for a period of one retransmission timeout (RTO).
Refer to RFC 2414 on how the initial congestion window size is calculated.
4
1 to 16,384
Yes
For more information, see _slow_start_initial.
Unstable
Defines the maximum initial congestion window size in the maximum segment size (MSS) of a TCP connection.
Refer to RFC 2414 on how the initial congestion window size is calculated.
10
1 to 10
Yes
Do not change the value.
If the initial congestion window size causes network congestion under special circumstances, decrease the value.
Unstable
Specifies the time in milliseconds that a TCP connection stays in TIME-WAIT state.
For more information, refer to RFC 1122, 4.2.2.13.
60,000 (60 seconds)
1 second to 600,000 milliseconds
Yes
This parameter does not need to be changed in normal circumstances. If the normal usage of a system results in thousands and thousands of TCP connections waiting in TIME-WAIT state, the parameter value may be decreased. The value should not be lower than 10 seconds.
Unstable
If set to 1, TCP always sends a SYN segment with the timestamp option. If set to 2, timestamps are completely disabled, regardless of whether the TCP connection was opened actively or passively. Note that if TCP receives a SYN segment with the timestamp option, TCP responds with a SYN segment with the timestamp option even if the parameter is set to 0.
0 (disabled)
0 (disabled), 1 (enabled), or 2 (disabled regardless of how TCP connection was opened)
Yes
If getting an accurate measurement of round-trip time (RTT) and TCP sequence number wraparound is a problem, enable this parameter.
Refer to RFC 1323 for more reasons to enable this option.
Unstable
When this parameter is enabled, which is the default setting, TCP always sends a SYN segment with the window scale option, even if the window scale option value is 0. Note that if TCP receives a SYN segment with the window scale option, even if the parameter is disabled, TCP responds with a SYN segment with the window scale option. In addition, the option value is set according to the receive window size.
Refer to RFC 1323 for the window scale option.
1 (enabled)
0 (disabled) or 1 (enabled)
Yes
If there is an interoperability problem with an old TCP stack that does not support the window scale option, disable this parameter.
Unstable
Specifies the default congestion control algorithm used by the protocol when new connections are created. Applications can opt to choose a different algorithm through the TCP_CONGESTION option in the setsockopt() call. Only enabled algorithms can be set as default (see cong_enabled). See also the setsockopt(3SOCKET) man page.
newreno
newreno, cubic, highspeed, dctcp, vegas
Yes
This parameter does not need to be changed in normal circumstances.
Stable
Specifies the set of congestion control algorithms that are enabled on the system. The newreno algorithm can never be disabled. Disabled algorithms cannot be set as default (see cong_default) or be used by applications.
By default, all algorithms installed on the system are enabled.
newreno, cubic, highspeed, dctcp, vegas
Yes
This parameter does not need to be changed in normal circumstances.
Stable
Controls Explicit Congestion Notification (ECN) support.
If this parameter is set to never TCP does not negotiate with a peer that supports the ECN mechanism.
If this parameter is set to passivewhen initiating a connection, TCP does not tell a peer that it supports ECN mechanism.
However, TCP tells a peer that it supports ECN mechanism when accepting a new incoming connection request if the peer indicates that it supports ECN mechanism in the SYN segment.
If this parameter is set to active, in addition to negotiating with a peer on the ECN mechanism when accepting connections, TCP indicates in the outgoing SYN segment that it supports the ECN mechanism when TCP makes active outgoing connections.
Passive
never, passive, or active
Yes
ECN can help TCP better handle congestion control. However, there might be existing TCP implementations, firewalls, NATs, and other non-conforming network devices that are confused by this mechanism. These devices do not comply to the IETF standard. It is suggested that these devices be replaced. In situations where replacing non-conforming devices is not feasible, this parameter value can be set to passive or never.
Stable
This parameter controls the largest port number TCP can select as an ephemeral port. An application can use an ephemeral port when it creates a connection with a specified protocol but not a port number. Ephemeral ports are not associated with a specific application. When the connection is closed, the port number can be reused by a different application.
Port number
65,535
32,768 to 65,535
Yes
When a larger ephemeral port range is required.
Stable
Defines the maximum send and receive buffer size in bytes. This parameter controls how large the send and receive buffers are set to by an application that uses setsockopt().
1,048,576
128,000 to 1,073,741,824
Yes
If TCP connections are being made in a high-speed network environment, increase the value to match the network link speed. The _cwnd_max parameter should probably be increased at the same time.
Stable
Defines the default receive window size in bytes. Refer to Per-Route Metrics for a discussion of setting a different value on a per-route basis. See also max_buf and _recv_hiwat_minmss.
128,000
2,048 to the current value of max_buf
Yes
An application can use setsockopt (SO_RCVBUF) to change the individual connection's receive buffer. See the setsockopt(3XNET) man page for information.
Stable
If set to active, TCP always sends a SYN segment with the selective acknowledgment (SACK) permitted option. If TCP receives a SYN segment with a SACK-permitted option and this parameter is set to passive TCP responds with a SACK-permitted option. If the parameter is set to never TCP does not send a SACK-permitted option, regardless of whether the incoming segment contains the SACK permitted option.
Refer to RFC 2018 for information on the SACK option.
ative
never, passive, or active
Yes
SACK processing can improve TCP retransmission performance so it should be actively enabled. Sometimes, the other side can be confused with the SACK option actively enabled. If this confusion occurs, set the value to passive so that SACK processing is enabled only when incoming connections allow SACK processing.
Stable
Defines the default send window size in bytes. Refer to Per-Route Metrics for a discussion of setting a different value on a per-route basis. See also max_buf.
49,152
4,096 to the current value of max_buf
Yes
An application can use setsockopt (SO_SNDBUF) to change the individual connection's send buffer. See the setsockopt(3XNET) man page for information.
Stable
This parameter controls the smallest port number TCP can select as an ephemeral port. An application can use an ephemeral port when it creates a connection with a specified protocol but not a port number. Ephemeral ports are not associated with a specific application. When the connection is closed, the port number can be reused by a different application.
Port number
32,768
1,024 to 65,535
Yes
When a larger ephemeral port range is required.
Stable
One of three variables for the congestion window burst throttle, along side tcp_cwnd_infinite and tcp_cwnd_ss that together manage packet transfers in cases of congestion.
To prevent performance degradation from transfer congestion, change the parameter's value in a file in the /etc/system.d directory as follows:
# echo "set ip:tcp_cwnd_normal=0xFF" >> /etc/system.d/site:filename # reboot
where site:filename refers to the file that contains the new parameter setting (0xFF). The new setting will be read from /etc/system.d/file into the /etc/system file during the reboot. The naming convention site:filename enables you to identify the file and the change that you implemented on the parameter. For more information about using files in /etc/system.d, see /etc/system.d/files.
For more information about the congestion window, refer to RFC 2581 and RFC 3390.
16
1-65535
Yes
See Description
Unstable
Changing the following parameters is not recommended.
Specifies the default total retransmission timeout value for a TCP connection. For a given TCP connection, if TCP has been retransmitting for _ip_abort_interval period of time and it has not received any acknowledgment from the other endpoint during this period, TCP closes this connection.
For TCP retransmission timeout (RTO) calculation, refer to RFC 1122, 4.2.3. See also _rexmit_interval_max.
5 minutes
500 milliseconds to 1193 hours
Yes
Do not change this value. See _rexmit_interval_max for exceptions.
Unstable
This ipadm parameter sets a probe interval that is first sent out after a TCP connection is idle on a system-wide basis.
Oracle Solaris supports the TCP keep-alive mechanism as described in RFC 1122. This mechanism is enabled by setting the SO_KEEPALIVE socket option on a TCP socket.
If SO_KEEPALIVE is enabled for a socket, the first keep-alive probe is sent out after a TCP connection is idle for two hours, the default value of the tcp_keepalive_interval parameter. If the peer does not respond to the probe after eight minutes, the TCP connection is aborted. For more information, refer to _rexmit_interval_initial.
You can also use the TCP_KEEPALIVE_THRESHOLD socket option on individual applications to override the default interval so that each application can have its own interval on each socket. The option value is an unsigned integer in milliseconds. Also see the tcp(7P) man page.
2 hours
10 seconds to 10 days
Unsigned integer (milliseconds)
Yes
Do not change the value. Lowering it may cause unnecessary network traffic and might also increase the chance of premature termination of the connection because of a transient network problem.
Unstable
Controls the default minimum receive window size. The minimum is _recv_hiwat_minmss times the size of maximum segment size (MSS) of a connection.
8
1 to 65,536
Yes
Do not change the value. If changing it is necessary, do not change the value lower than 4.
Unstable
Specifies a constant added to the calculated retransmission time out value (RTO).
0 milliseconds
0 to 7,200,000 milliseconds
Yes
Do not change the value.
When the RTO calculation fails to obtain a good value for a connection, you can change this value to avoid unnecessary retransmissions.
Unstable
Specifies the default initial retransmission timeout (RTO) value for a TCP connection. Refer to Per-Route Metrics for a discussion of setting a different value on a per-route basis.
1,000 milliseconds
1 millisecond to 20,000 milliseconds
Yes
Do not change this value. Lowering the value can result in unnecessary retransmissions. The TCP_RTO_INITIAL socket option can be used to change the initial retransmission timeout on a per-socket basis.
Unstable
Defines the default maximum retransmission timeout value (RTO). The calculated RTO for all TCP connections cannot exceed this value. See also _ip_abort_interval.
60,000 milliseconds
1 millisecond to 7,200,000 milliseconds
Yes
Do not change the value in a normal network environment.
If, in some special circumstances, the round-trip time (RTT) for a connection is about 10 seconds, you can increase this value. If you change this value, you should also change the _ip_abort_interval parameter. Change the value of _ip_abort_interval to at least four times the value of _rexmit_interval_max. The TCP_RTO_MAX socket option can be used to change the initial retransmission timeout on a per-socket basis.
Unstable
Specifies the default minimum retransmission time out (RTO) value. The calculated RTO for all TCP connections cannot be lower than this value. See also _rexmit_interval_max.
200 milliseconds
1 millisecond to 7,200,000 milliseconds
Yes
Do not change the value in a normal network environment.
TCP's RTO calculation should cope with most RTT fluctuations. If, in some very special circumstances, the round-trip time (RTT) for a connection is about 10 seconds, increase this value. If you change this value, you should change the _rexmit_interval_max parameter. Change the value of _rexmit_interval_max to at least eight times the value of _rexmit_interval_min. The TCP_RTO_MIN socket option can be used to change the initial retransmission timeout on a per-socket basis.
Unstable
If this parameter is set to 1, and the window scale option is enabled for a connection, TCP also enables the timestamp option for that connection.
1 (enabled)
0 (disabled) or 1 (enabled)
Yes
Do not change this value. In general, when TCP is used in high-speed network, protection against sequence number wraparound is essential. Thus, you need the timestamp option.
Unstable