Below are several modifications to the stock FreeBSD configuration that we apply. Modifications (2)-(4) are also available as a single patch file.
We use the following kernel configuration file, derived from /usr/src/sys/i386/conf/GENERIC:
CACHEOFF2See (5) below for whether you need to enable the IF_ADDR_HASH option in this file.
Increase max file descriptors in /sys/conf/param.c
#define MAXFILES (16384)
Decrease MSL to 3 seconds in /usr/src/sys/netinet/tcp_timer.h
#define TCPTV_MSL ( 3*PR_SLOWHZ) /* max seg lifetime (hah!) */
Apply this patch to /usr/src/sys/kern/uipc_socket.c to avoid packet fragmentation at 100 byte boundary:
===================================================================
--- /usr/src.orig/sys/kern/uipc_socket.c Sun Aug 29 10:26:11 1999
+++ /usr/src/sys/kern/uipc_socket.c Mon Dec 6 14:45:11 1999
@@ -500,6 +500,7 @@
mlen = MCLBYTES;
len = min(min(mlen, resid), space);
} else {
+ atomic = 1;
nopages:
len = min(min(mlen, resid), space);
/*
If you are going to use more than 500 IP addresses, you should also apply our ip_addr_hash.patch. Without this patch, the FreeBSD TCP stack will not be able to handle large number of IP addresses efficiently. For example, see a simple experiment described elsewhere. The patch is very experimental and must not be used for general purpose machines.
After applying the patch, you must enable IF_ADDR_HASH kernel configuration option for the changes to have any effect. Our CACHEOFF2 configuration file mentioned above has that option commented out.
Run this sysctl commands from /etc/rc.local:
/sbin/sysctl -w kern.ipc.somaxconn=1024 /sbin/sysctl -w net.inet.tcp.delayed_ack=0 /sbin/sysctl -w net.inet.ip.portrange.last=30000
Disable unnecessary services in /etc/defaults/rc.conf.