Specific network settings depend on the platform. On some systems, you can enhance Directory Server performance by modifying TCP settings.
First deploy your directory service, then consider tuning these parameters, if necessary.
This section discusses the reasoning behind idsktune recommendations that concern TCP settings, and provides a method for tuning these settings on Solaris 10 systems.
Some systems allow you to configure the interval between transmission of keepalive packets. This setting can determine how long a TCP connection is maintained while inactive and potentially disconnected. When set too high, the keepalive interval can cause the system to use unnecessary resources to keep connections for clients that have become disconnected. For most deployments, set this parameter to a value of 600 seconds. This value, which is 600,000 milliseconds, or 10 minutes, allows more concurrent connections to Directory Server.
When set too low, however, the keepalive interval can cause the system to drop connections during transient network outages.
On Solaris systems, this time interval is configured through the tcp_keepalive_interval parameter.
Some systems allow you to configure how long a system waits for an outgoing connection to be established. When set too high, establishing outgoing connections to destination servers such as replicas not responding quickly can cause long delays. For Intranet deployments on fast, reliable networks, you can set this parameter to a value of 10 seconds to improve performance. Do not, however, use such a low value on networks with slow, unreliable, or WAN connections, however.
On Solaris systems, this time interval is configured through the tcp_ip_abort_cinterval parameter.
Some systems allow you to configure the initial time interval between retransmission of packets. This setting affects the wait before retransmission of an unacknowledged packet. When set too high, clients can be kept waiting on lost packets. For Intranet deployments on fast, reliable networks, you can set this parameter to a value of 500 milliseconds to improve performance. Do not, however, use such a low value on networks with round trip times of more than 250 milliseconds.
On Solaris systems, this time interval is configured through the tcp_rexmit_interval_initial parameter.
Some systems allow you to configure how the system handles initial sequence number generation. For extranet and Internet deployments, set this parameter so initial sequence number generation is based on RFC 1948 to prevent sequence number attacks. In such environments, other TCP tuning settings mentioned here are not useful.
On Solaris systems, this behavior is configured through the tcp_strong_iss parameter.
On Solaris 10 systems, the simplest way to tune TCP settings is to create a simple SMF service as follows:
Create an SMF profile for Directory Server tuning.
Edit the following xml file according to your environment and save the file as /var/svc/manifest/site/ndd-nettune.xml.
<?xml version="1.0"?> <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/ service_bundle.dtd.1"> <!-- ident "@(#)ndd-nettune.xml 1.0 04/09/21 SMI" --> <service_bundle type='manifest' name='SUNWcsr:ndd'> <service name='network/ndd-nettune' type='service' version='1'> <create_default_instance enabled='true' /> <single_instance /> <dependency name='fs-minimal' type='service' grouping='require_all' restart_on='none'> <service_fmri value='svc:/system/filesystem/minimal' /> </dependency> <dependency name='loopback-network' grouping='require_any' restart_on='none' type='service'> <service_fmri value='svc:/network/loopback' /> </dependency> <dependency name='physical-network' grouping='optional_all' restart_on='none' type='service'> <service_fmri value='svc:/network/physical' /> </dependency> <exec_method type='method' name='start' exec='/lib/svc/method/ndd-nettune' timeout_seconds='3' /> </exec_method> <exec_method type='method' name='stop' exec=':true' timeout_seconds='3' > </exec_method> <property_group name='startd' type='framework'> <propval name='duration' type='astring' value='transient' /> </property_group> <stability value='Unstable' /> <template> <common_name> <loctext xml:lang='C'> ndd network tuning </loctext> </common_name> <documentation> <manpage title='ndd' section='1M' manpath='/usr/share/man' /> </documentation> </template> </service> </service_bundle>
Before you import the ndd-nettune.xml configuration, verify that the syntax is correct. You can do this by running the following command:
$ svccfg validate /var/svc/manifest/site/ndd-nettune.xml |
Import the configuration by running the following command:
$ svccfg import /var/svc/manifest/site/ndd-nettune.xml |
For more information see the svccfg(1M) man page.
Copy the following shell script into /lib/svc/method/ndd-nettune.
#!/sbin/sh # # ident "@(#)ndd-nettune.xml 1.0 01/08/06 SMI" . /lib/svc/share/smf_include.sh . /lib/svc/share/net_include.sh # Make sure that the libraries essential to this stage of booting can be found. LD_LIBRARY_PATH=/lib; export LD_LIBRARY_PATH echo "Performing Directory Server Tuning..." >> /tmp/smf.out /usr/sbin/ndd -set /dev/tcp tcp_conn_req_max_q 1024 /usr/sbin/ndd -set /dev/tcp tcp_keepalive_interval 600000 /usr/sbin/ndd -set /dev/tcp tcp_ip_abort_cinterval 10000 /usr/sbin/ndd -set /dev/tcp tcp_ip_abort_interval 60000 # Reset the library path now that we are past the critical stage unset LD_LIBRARY_PATH
Run svcadm to enable nettune (for more information, see the svcadm(1M) man page).
Run svcs -x (for more information see the svcs(1) man page).