Sysctl settings for improving network performance

Does anyone have some sysctl settings that can improve network performance/responsiveness? Router is x86/64, AMD Ryzen 7 5800U. Use case is home routing/firewall. Setup/services multiple interfaces with VLANs, wireguard, snort (IPS), samba4. Connection is symmetrical 1.0 Gbps. No complaints but if tweaking a queue size or a setting can make things better, like to know about it.

Here is what I have been using:
cat /etc/sysctl.d/100-mine.conf

# snort nfq
# https://forum.openwrt.org/t/ips-mode-of-snort3-is-not-dropping-traffic/161479/96
net.core.optmem_max=8388608
net.core.wmem_default=8388608
net.core.wmem_max=8388608
net.ipv4.tcp_rmem=1048576 4194304 16777216
net.ipv4.tcp_wmem=1048576 4194304 16777216

# general
net.core.netdev_max_backlog = 16384
vm.swappiness = 10

You have swap?

1 Like

Remove all your tweaks. Then gradually apply one a day to ADDRESS PROBLEMS.
Socket tunings do little about forwarding/mirroring.

For firewall:

(and enable software offload)

No, thought I read somewhere that still applies to memory usage. The machine as 16 G and rarely goes over 1.5 G used.

Follow the redhat guide for large scale system. Openwrt is squashed by default to utilize 64...128MB system at their best.
Also sysctl.d is not kept over sysupgrade, you have to use sysctl.conf

2 Likes

Thanks all, solid advice.

Could you share which settings were useful? Just to skip checklist for next passer by....

1 Like

None beyond what I have above.

  • I did not have any dropped packets by the ethtool -S eth0|grep drop output
  • I had a column of zeros from awk '{for (i=1; i<=NF; i++) printf strtonum("0x" $i) (i==NF?"\n":" ")}' /proc/net/softnet_stat | column -t
  • Zero dropped packets from tc -s qdisc show dev eth0 | grep drop
    egrep "CPU|eth0" /proc/interrupts
  • Column of zeros from awk '{for (i=1; i<=NF; i++) printf strtonum("0x" $i) (i==NF?"\n":" ")}' /proc/net/softnet_stat
  • Able to saturate line with iperf tests
1 Like

I’ve used this in my /etc/sysctl.conf since 2020 that is related to nlbwmon constantly erroring on:

daemon.err nlbwmon[1751]: Netlink receive failure: Out of memory
daemon.err nlbwmon[1751]: Unable to dump conntrack: No buffer space available
rp_filter = 2
net.core.rmem_default=1048576
net.core.wmem_default=1048576
net.core.rmem_max=1048576
net.core.wmem_max=1048576

Haven’t had a problem since.

1 Like

Helps drawing @jow -s attention to this :wink:

I believe he has been aware of this for a while. I just haven’t been able to find that post yet.

1 Like