Controls the rate of IP in generating IPv4 or IPv6 ICMP error messages. IP generates only up to ip_icmp_err_burst IPv4 or IPv6 ICMP error messages in any ip_icmp_err_interval.
The ip_icmp_err_interval parameter protects IP from denial of service attacks. Setting this parameter to 0 disables rate limiting. It does not disable the generation of error messages.
100 milliseconds for ip_icmp_err_interval
10 error messages for ip_icmp_err_burst
0 – 99,999 milliseconds for ip_icmp_err_interval
1 – 99,999 error messages for ip_icmp_err_burst
Yes
If you need a higher error message generation rate for diagnostic purposes.
Unstable
Controls whether IPv4 or IPv6 responds to a broadcast ICMPv4 echo request or a multicast ICMPv6 echo request.
1 (enabled)
0 (disabled) or 1 (enabled)
Yes
If you do not want this behavior for security reasons, disable it.
Unstable
Controls whether IPv4 or IPv6 sends out ICMPv4 or ICMPv6 redirect messages.
1 (enabled)
0 (disabled) or 1 (enabled)
Yes
If you do not want this behavior for security reasons, disable it.
Unstable
Controls whether IPv4 or IPv6 forwards packets with source IPv4 routing options or IPv6 routing headers.
0 (disabled)
0 (disabled) or 1 (enabled)
Yes
Keep this parameter disabled to prevent denial of service attacks.
Unstable
For information, see ip_forward_src_routed and ip6_forward_src_routed (Solaris 10 Release).
Defines the maximum number of logical interfaces associated with a real interface.
256
1 to 8192
Yes
Do not change the value. If more logical interfaces are required, you might consider increasing the value. However, recognize that this change might have a negative impact on IP's performance.
Unstable
Determines whether a packet arriving on a non forwarding interface can be accepted for an IP address that is not explicitly configured on that interface. If ip_forwarding is enabled, or xxx:ip_forwarding for the appropriate interfaces is enabled, then this parameter is ignored, because the packet is actually forwarded.
Refer to RFC 1122, 3.3.4.2.
0 (loose multihoming)
0 = Off (loose multihoming)
1 = On (strict multihoming)
Yes
If a machine has interfaces that cross strict networking domains (for example, a firewall or a VPN node), set this parameter to 1.
Unstable
Enables the network stack to send more than one packet at one time to the network device driver during transmission.
Enabling this parameter reduces the per-packet processing costs by improving host CPU utilization, network throughput, or both.
This parameter now controls the use of multidata transmit (MDT) for transmitting IP fragments. For example, when sending out a UDP payload larger than the link MTU. When this tunable is enabled, IP fragments of a particular upper-level protocol, such as UDP, are delivered in batches to the network device driver. Disabling this feature results in both TCP and IP fragmentation logic in the network stack to revert back to sending one packet at a time to the driver.
The MDT feature is only effective for device drivers that support this feature.
See also tcp_mdt_max_pbufs.
1 (Enabled)
0 (disabled) or 1 (enabled)
Yes
If you do not want this parameter enabled for debugging purposes or for any other reasons, disable it.
Unstable
For information, see ip_multidata_outbound (Solaris 10 Release).
Determines the mode of associating TCP/IP connections with squeues
A value of 0 associates a new TCP/IP connection with the CPU that creates the connection. A value of 1 associates the connection with multiple squeues that belong to different CPUs. The number of squeues that are used to fanout the connection is based upon ip_soft_rings_cnt.
0
0 or 1
Yes
Consider setting this parameter to 1 to spread the load across all CPUs in certain situations. For example, when the number of CPUs exceed the number of NICs, and one CPU is not capable of handling the network load of a single NIC, change this parameter to 1.
This parameter can only be set in the global zone.
Unstable
For information, see ip_squeue_fanout (Solaris 10 11/06 Release).
Determines the number of squeues to be used to fanout the incoming TCP/IP connections.
The incoming traffic is placed on one of the rings. If the ring is overloaded, packets are dropped. For every packet that gets dropped, the kstat dls counter, dls_soft_ring_pkt_drop, is incremented.
2
0 - nCPUs, where nCPUs is the maximum number of CPUs in the system
No. The interface should be plumbed again when changing this parameter.
Consider setting this parameter to a value greater than 2 on systems that have 10 Gbps NICs and many CPUs.
This parameter can only be set in the global zone.
Obsolete
For information, see ip_soft_rings_cnt (Solaris 10 11/06 Release).
Changing the following parameters is not recommended.
Specifies the interval in milliseconds when IP flushes the path maximum transfer unit (PMTU) discovery information, and tries to rediscover PMTU.
Refer to RFC 1191 on PMTU discovery.
10 minutes
5 seconds to 277 hours
Yes
Do not change this value.
Unstable
When IPv4 or IPv6 sends an ICMPv4 or ICMPv6 error message, it includes the IP header of the packet that caused the error message. This parameter controls how many extra bytes of the packet beyond the IPv4 or IPv6 header are included in the ICMPv4 or ICMPv6 error message.
64 bytes
8 to 65,536 bytes
Yes
Do not change the value. Including more information in an ICMP error message might help in diagnosing network problems. If this feature is needed, increase the value.
Unstable