This section describes some of the IP tunable parameters.
Control the rate of IP in generating IPv4 or IPv6 ICMP error messages. IP generates only up to ip_icmp_err_burst IPv4 or IPv6 ICMP error messages in any ip_icmp_err_interval. This parameter protects IP from denial of service attacks. Set ip_icmp_err_interval to 0 to disable IP to generate IPv4 or IPv6 ICMP error messages.
100 milliseconds for ip_icmp_err_interval
10 for ip_icmp_err_burst
0 - 99,999 milliseconds for ip_icmp_err_interval
1 - 99,999 for ip_icmp_err_burst
Yes
Change the parameter values if you need a higher error message generation rate for diagnostic purposes.
Unstable
Control whether IP does IPv4 or IPv6 forwarding between interfaces. See also xxx:ip_forwarding below.
0 (disabled)
0 (disabled), 1 (enabled)
Yes
If IP forwarding is needed, enable it.
Unstable
Enables IPv4 forwarding for a particular xxx interface. The exact name of the parameter is interface-name:ip_forwarding. For example, two interfaces are hme0 and hme1. Their corresponding parameter names are:
hme0:ip_forwarding and hme1:ip_forwarding
0 (disabled)
0 (disabled), 1 (enabled)
Yes
If you need IPv4 forwarding, use this parameter to enable forwarding on a per-interface basis.
Unstable
Control whether IPv4 or IPv6 responds to broadcast ICMPv4 echo request or multicast ICMPv6 echo request.
1 (enabled)
0 (disabled), 1 (enabled)
Yes
If you do not want this behavior for security reasons, disable it.
Unstable
Control whether IPv4 or IPv6 sends out ICMPv4 or ICMPv6 redirect messages. See also ip_forwarding and ip6_forwarding.
1 (enabled)
0 (disabled), 1 (enabled)
Yes
If you do not want this behavior for security reasons, disable it.
Unstable
Control whether IPv4 or IPv6 forwards packets with source IPv4 routing options or IPv6 routing headers. See also ip_forwarding and ip6_forwarding.
1 (enabled)
0 (disabled), 1 (enabled)
Yes
If you do not want this behavior for security reasons, disable it.
Unstable
The maximum number of logical interfaces associated with a real interface.
256
1 to 8192
Yes
Do not change the value. If more logical interfaces are required, increase the value, but recognize that this change might have a negative impact on IP's performance.
Unstable
Determine whether a packet arriving on a non-forwarding interface can be accepted for an IP address that is not explicitly configured on that interface. If ip_forwarding is enabled, or xxx:ip_forwarding for the appropriate interfaces is enabled, then this parameter is ignored, because the packet is actually forwarded.
Refer to RFC 1122 3.3.4.2.
0 (loose multihoming)
0 = Off (loose multihoming)
1 = On (strict multihoming)
Yes
If a machine has interfaces that cross strict networking domains (for example, a firewall or a VPN node), set this variable to 1.
Unstable
This parameter enables the network stack to send more than one packet at one time to the network device driver during transmission.
Enabling this parameter reduces the per-packet processing costs by improving the host CPU utilization and/or network throughput.
The multidata transmit (MDT) feature is only effective for device drivers that support this feature.
The following parameter must be enabled in the /etc/system file to use the MDT parameter:
set ip:ip_use_dl_cap = 0x1
Disabled
0 (disabled), 1 (enabled)
Yes
This feature can be enabled at any time to allow for improved system performance with the following cautions:
Enabling this feature might change the appearance of any packets between the IP layer and the DLPI provider. So, any third-party STREAMS module that is dynamically inserted between the IP layer and the DLPI provider by using ifconfig's modinsert feature, which doesn't understand the MDT STREAMS data type, might not work.
Modules that are inserted between the IP and the DLPI provider with the autopush(1m) mechanism might not work as well.
Keep this feature disabled when a STREAMS module is not MDT aware. For example, the public domain utilities such as ipfilter, Checkpoint Firewall-1, and so on, are not MDT aware.
Unstable
Changing the following parameters is not recommended unless there are extenuating circumstances that are described with each parameter.
The interval in milliseconds when IP flushes the path maximum transfer unit (PMTU) discovery information, and tries to rediscover PMTU.
Refer to RFC 1191 on PMTU discovery.
10 minutes
5 seconds to 277 hours
Yes
Do not change this value.
Unstable
When IPv4 or IPv6 sends an ICMPv4 or ICMPv6 error message, it includes the IP header of the packet that causes the error message. This parameter controls how many extra bytes of the packet beyond the IPv4 or IPv6 header to be included in the ICMPv4 or ICMPv6 error message.
64 bytes
8 to 65,536 bytes
Yes
Do not change the value. Including more information in an ICMP error message might help in diagnosing network problems. If this feature is needed, increase the value.
Unstable