Sun Java logo     Previous      Contents      Index      Next     

Sun logo
Sun ONE Directory Server Resource Kit 5.2 Tools Reference 

Chapter 10
The idsktune Optimization Tool

The idsktune tool helps automate the process of optimizing server settings to initiate their best performance. This chapter provides instructions on how to use the idsktune tool. It contains the following sections:


The default operating system and network settings on many platforms are not suitable for most high performance directory services. Tuning is the process of modifying these settings for optimal performance of both directory clients and directory servers. The idsktune tool helps automate this task by checking for necessary patches and suggesting the optimal kernel and TCP/IP settings for running Sun™ ONE Directory Server.


This tool does not modify the system; it only provides suggested settings. The system administrator must make these changes manually.

idsktune is provided with Directory Server in the DirectoryServer_base/bin/slapd/server directory. However, the DSRK and its updates should include the latest version of the tool in the DSRK_base/bin/dsrk52 directory.


Run idsktune and apply its guidelines before installing Directory Server. Also, in order to get accurate measurements from performance tests, you should use idsktune to configure all machines involved in the tests.

System Tuning

The idsktune tool gathers information about the operating system, kernel, and TCP stack in order to make tuning recommendations. Because of system differences, most of the tuning parameters in the following sections are for Solaris and UNIX systems only. On the Microsoft Windows platforms, the idsktune tool verifies operating system compatibility and service patch level.

OS and Kernel Settings

The tool displays current operating system version numbers and patch information, along with any recommended patches. It also verifies disk and memory availability and warns of any deficiencies. Specifically, idsktune verifies and reports on the following:

TCP Settings

The idsktune tool reads the current settings of your system’s Transmission Control Protocol (TCP) module and makes recommendations for changes. The tool does not perform any of these modifications. Instead, it displays the command-line for the ndd tool, which the system administrator should use to set the parameter. The ndd tool is available on the Solaris platform. An equivalent tool should be used if you are tuning a different platform.


The system administrator should consider local network conditions and other application needs when modifying TCP settings. In general, however, the recommendations will optimize performance whether the machine is dedicated to the directory server or shared with other applications.

The idsktune tool verifies and makes recommendations on the following settings:

The idsktune tool verifies all of the settings for the Solaris 2.6 and Solaris 8 operating systems that are described in “Tuning System Settings” in Chapter 5 of the Sun ONE Directory Server Installation and Tuning Guide.

Further Information

Basic and advanced information about tuning your Solaris system is available through the following books and websites:

Command Usage

Although this command should be run as root to get a full report on all settings, most settings are verified when it is run as any user. However, you must be root if you wish to modify any of the operating system, kernel, or TCP settings based on the idsktune recommendations.


The syntax of the idsktune command takes the following form:

idsktune [-v | -D | -q | -c | -\?]


Table 10-1 details the command-line options for idsktune.

Table 10-1  Command-Line Options for idsktune 






Version: gives the build date identifying the version of the tool.



Debug mode: the output includes the commands it runs internally, preceded by the “DEBUG” heading.



Quiet mode: the output includes tuning recommendations, but OS version statements are omitted.



Client-specific tuning: the output includes tuning recommendations for running a directory client application, but server-specific recommendations are omitted.



Display the usage help text that briefly describes all options.

Sample Output

Code Example 10-1 is an example of running idsktune on an untuned Solaris 8 system. This is the default output displayed when no options are used.

Code Example 10-1  Sample Output of idsktune 

# /opt/iPlanet/bin/dsrk52/idsktune

iPlanet Directory Server system tuning analysis

version 11-JAN-2002.

Copyright 2001 Sun Microsystems, Inc.

NOTICE : System is usparc-sun-solaris5.8 (SUNW,Ultra-5_10)

(1 processor).

NOTICE : Patch 109137-01 is not installed.

NOTICE : Patch 109320-01 is not installed.

NOTICE : Patch 108974-02 is not installed.

NOTICE : Patch 108977-01 is not installed.

NOTICE : Patch 108968-02 is not installed.

NOTICE : Patch 108975-02 is not installed.

NOTICE : Patch 108528-01 is not installed.

NOTICE : Patch 108875-07 is not installed.

NOTICE : Patch 108652-13 is not installed.

NOTICE : Solaris patches can be obtained from or your Solaris support representative.

ERROR : Only 128MB of physical memory is available on the system.

1024MB is the recommended minimum.

ERROR : There is 128MB of physical memory but only 114MB of swap space.

WARNING: The tcp_close_wait_interval is set to 240000 milli-

seconds (240 seconds). This value should be reduced to allow for

more simultaneous connections to the server. A line similar to

the following should be added to the /etc/init.d/inetinit file:

ndd -set /dev/tcp tcp_time_wait_interval 30000

NOTICE : The tcp_conn_req_max_q value is currently 128, which will limit the

value of listen backlog which can be configured. It can be raised by adding

to /etc/init.d/inetinit, after any adb command, a line similar to:

ndd -set /dev/tcp tcp_conn_req_max_q 1024

NOTICE : The tcp_keepalive_interval is set to 7200000 milli-seconds (120

minutes). This may cause temporary server congestion from lost client


NOTICE : The tcp_keepalive_interval can be reduced by adding the

following line to /etc/init.d/inetinit:

ndd -set /dev/tcp tcp_keepalive_interval 600000

NOTICE : The NDD tcp_rexmit_interval_initial is currently set to

3000 milliseconds (3 seconds). This may cause packet loss for

clients on Solaris 2.5.1 due to a bug in that version of Solaris.

If clients are not using Solaris 2.5.1, no problems should occur.

NOTICE : If the directory is service is intended only for LAN or private

high-speed WAN environment, this interval can be reduced by adding to

/etc/init.d/inetinit: ndd -set /dev/tcp tcp_rexmit_interval_initial 500

NOTICE : The NDD tcp_smallest_anon_port is currently 32768. This allows a

maximum of 32768 simultaneous connections. More ports can be made available

by adding a line to /etc/init.d/inetinit:

ndd -set /dev/tcp tcp_smallest_anon_port 8192

WARNING: tcp_deferred_ack_interval is currently 100 milliseconds. This will

cause Solaris to insert artificial delays in the LDAP protocol. It should be

reduced during load testing. This line can be added to the

/etc/init.d/inetinit file:

ndd -set /dev/tcp tcp_deferred_ack_interval 5

WARNING: There are only 1024 file descriptors available, which limits the

number of simultaneous connections. Additional file descriptors, up to

65536, are available by adding to /etc/system a line such as:

set rlim_fd_max=4096

NOTICE : / partition has less space available, 213MB, than the

largest allowable core file size of 242MB. A daemon process which

dumps core could cause the root partition to be filled.

ERROR : The above errors MUST be corrected before proceeding.

Previous      Contents      Index      Next     

Copyright 2004 Sun Microsystems, Inc. All rights reserved.