This chapter describes various Internet Protocol suite parameters, such as TCP, IP, UDP, and SCTP.IP Tunable Parameters TCP Tunable Parameters UDP Tunable Parameters IPQoS Tunable Parameter SCTP Tunable Parameters Per-Route Metrics Tunable Parameter For Information Solaris kernel tunables Chapter 2, Solaris Kernel Tunable Parameters NFS tunable parameters Chapter 3, NFS Tunable Parameters Network Cache and Accelerator (NCA) tunable parameters Chapter 5, Network Cache and Accelerator Tunable Parameters For new information about IP forwarding, see New and Changed TCP/IP Parameters.You can set all of the tuning parameters described in this chapter by using the ndd command except for the following parameters:.ipcl_conn_hash_size ip_squeue_worker_wait These parameters can only be set in the /etc/system file.For example, use the following syntax to set TCP/IP parameters by using the ndd command:# ndd -set driver parameterFor more information, see ndd1M.Although the SMF framework provides a method for managing system services, ndd commands are still included in system startup scripts. For more information on creating a startup script, see Using Run Control Scripts in System Administration Guide: Basic Administration.All parameters described in this section are checked to verify that they fall in the parameter range. The parameter's range is provided with the description for each parameter. Internet protocol and standard specifications are described in RFC documents. You can get copies of RFCs from ftp://ftp.rfc-editor.org/in-notes. Browse RFC topics by viewing the rfc-index.txt file at this site. DescriptionControls the rate of IP in generating IPv4 or IPv6 ICMP error messages. IP generates only up to ip_icmp_err_burst IPv4 or IPv6 ICMP error messages in any ip_icmp_err_interval.The ip_icmp_err_interval parameter protects IP from denial of service attacks. Setting this parameter to 0 disables rate limiting. It does not disable the generation of error messages. Default100 milliseconds for ip_icmp_err_interval10 error messages for ip_icmp_err_burst Range0 – 99,999 milliseconds for ip_icmp_err_interval 1 – 99,999 error messages for ip_icmp_err_burst Dynamic?Yes When to ChangeIf you need a higher error message generation rate for diagnostic purposes. Commitment LevelUnstable DescriptionControls whether IPv4 or IPv6 responds to a broadcast ICMPv4 echo request or a multicast ICMPv6 echo request. Default1 (enabled) Range0 (disabled) or 1 (enabled) Dynamic?Yes When to ChangeIf you do not want this behavior for security reasons, disable it. Commitment LevelUnstable DescriptionControls whether IPv4 or IPv6 sends out ICMPv4 or ICMPv6 redirect messages. Default1 (enabled) Range0 (disabled) or 1 (enabled) Dynamic?Yes When to ChangeIf you do not want this behavior for security reasons, disable it. Commitment LevelUnstable DescriptionControls whether IPv4 or IPv6 forwards packets with source IPv4 routing options or IPv6 routing headers. Default0 (disabled) Range0 (disabled) or 1 (enabled) Dynamic?Yes When to ChangeKeep this parameter disabled to prevent denial of service attacks. Commitment LevelUnstable Change HistoryFor information, see ip_forward_src_routed and ip6_forward_src_routed (Solaris 10 Release). DescriptionDefines the maximum number of logical interfaces associated with a real interface. Default256 Range1 to 8192 Dynamic?Yes When to ChangeDo not change the value. If more logical interfaces are required, you might consider increasing the value. However, recognize that this change might have a negative impact on IP's performance. Commitment LevelUnstable DescriptionDetermines whether a packet arriving on a non forwarding interface can be accepted for an IP address that is not explicitly configured on that interface. If ip_forwarding is enabled, or xxx:ip_forwarding for the appropriate interfaces is enabled, then this parameter is ignored, because the packet is actually forwarded.Refer to RFC 1122, 3.3.4.2. Default0 (loose multihoming) Range0 = Off (loose multihoming)1 = On (strict multihoming) Dynamic?Yes When to ChangeIf a machine has interfaces that cross strict networking domains (for example, a firewall or a VPN node), set this parameter to 1. Commitment LevelUnstable DescriptionEnables the network stack to send more than one packet at one time to the network device driver during transmission.Enabling this parameter reduces the per-packet processing costs by improving host CPU utilization, network throughput, or both.This parameter now controls the use of multidata transmit (MDT) for transmitting IP fragments. For example, when sending out a UDP payload larger than the link MTU. When this tunable is enabled, IP fragments of a particular upper-level protocol, such as UDP, are delivered in batches to the network device driver. Disabling this feature results in both TCP and IP fragmentation logic in the network stack to revert back to sending one packet at a time to the driver. The MDT feature is only effective for device drivers that support this feature.See also tcp_mdt_max_pbufs. Default1 (Enabled) Range0 (disabled) or 1 (enabled) Dynamic?Yes When to ChangeIf you do not want this parameter enabled for debugging purposes or for any other reasons, disable it. Commitment LevelUnstable Change HistoryFor information, see ip_multidata_outbound (Solaris 10 Release). DescriptionDetermines the mode of associating TCP/IP connections with squeuesA value of 0 associates a new TCP/IP connection with the CPU that creates the connection. A value of 1 associates the connection with multiple squeues that belong to different CPUs. The number of squeues that are used to fanout the connection is based upon ip_soft_rings_cnt. Default0 Range0 or 1 Dynamic?Yes When to ChangeConsider setting this parameter to 1 to spread the load across all CPUs in certain situations. For example, when the number of CPUs exceed the number of NICs, and one CPU is not capable of handling the network load of a single NIC, change this parameter to 1. Zone ConfigurationThis parameter can only be set in the global zone. Commitment LevelUnstable Change HistoryFor information, see ip_squeue_fanout (Solaris 10 11/06 Release). DescriptionDetermines the number of squeues to be used to fanout the incoming TCP/IP connections.The incoming traffic is placed on one of the rings. If the ring is overloaded, packets are dropped. For every packet that gets dropped, the kstat dls counter, dls_soft_ring_pkt_drop, is incremented. Default2 Range0 - nCPUs, where nCPUs is the maximum number of CPUs in the system Dynamic?No. The interface should be plumbed again when changing this parameter. When to ChangeConsider setting this parameter to a value greater than 2 on systems that have 10 Gbps NICs and many CPUs. Zone ConfigurationThis parameter can only be set in the global zone. Commitment LevelObsolete Change HistoryFor information, see ip_soft_rings_cnt (Solaris 10 11/06 Release). Changing the following parameters is not recommended.DescriptionSpecifies the interval in milliseconds when IP flushes the path maximum transfer unit (PMTU) discovery information, and tries to rediscover PMTU.Refer to RFC 1191 on PMTU discovery. Default10 minutes Range5 seconds to 277 hours Dynamic?Yes When to ChangeDo not change this value. Commitment LevelUnstable DescriptionWhen IPv4 or IPv6 sends an ICMPv4 or ICMPv6 error message, it includes the IP header of the packet that caused the error message. This parameter controls how many extra bytes of the packet beyond the IPv4 or IPv6 header are included in the ICMPv4 or ICMPv6 error message. Default64 bytes Range8 to 65,536 bytes Dynamic?Yes When to ChangeDo not change the value. Including more information in an ICMP error message might help in diagnosing network problems. If this feature is needed, increase the value. Commitment LevelUnstable DescriptionSpecifies the time-out value for the TCP-delayed acknowledgment (ACK) timer for hosts that are not directly connected.Refer to RFC 1122, 4.2.3.2. Default100 milliseconds Range1 millisecond to 1 minute Dynamic?Yes When to ChangeDo not increase this value to more than 500 milliseconds.Increase the value under the following circumstances:Slow network links (less than 57.6 Kbps) with greater than 512 bytes maximum segment size (MSS) The interval for receiving more than one TCP segment is short Commitment LevelUnstable DescriptionSpecifies the time-out value for TCP-delayed acknowledgment (ACK) timer for hosts that are directly connected.Refer to RFC 1122, 4.2.3.2. Default50 milliseconds Range1 millisecond to 1 minute Dynamic?Yes When to ChangeDo not increase this value to more than 500 milliseconds.Increase the value under the following circumstances:Slow network links (less than 57.6 Kbps) with greater than 512 bytes maximum segment size (MSS) The interval for receiving more than one TCP segment is short Commitment LevelUnstable DescriptionSpecifies the maximum number of TCP segments received from remote destinations (not directly connected) before an acknowledgment (ACK) is generated. TCP segments are measured in units of maximum segment size (MSS) for individual connections. If set to 0 or 1, no ACKs are delayed, assuming all segments are 1 MSS long. The actual number is dynamically calculated for each connection. The value is the default maximum. Default2 Range0 to 16 Dynamic?Yes When to ChangeDo not change the value. In some circumstances, when the network traffic becomes very bursty because of the delayed ACK effect, decrease the value. Do not decrease this value below 2. Commitment LevelUnstable DescriptionSpecifies the maximum number of TCP segments received from directly connected destinations before an acknowledgment (ACK) is generated. TCP segments are measured in units of maximum segment size (MSS) for individual connections. If set to 0 or 1, it means no ACKs are delayed, assuming all segments are 1 MSS long. The actual number is dynamically calculated for each connection. The value is the default maximum. Default8 Range0 to 16 Dynamic?Yes When to ChangeDo not change the value. In some circumstances, when the network traffic becomes very bursty because of the delayed ACK effect, decrease the value. Do not decrease this value below 2. Commitment LevelUnstable DescriptionWhen this parameter is enabled, which is the default setting, TCP always sends a SYN segment with the window scale option, even if the window scale option value is 0. Note that if TCP receives a SYN segment with the window scale option, even if the parameter is disabled, TCP responds with a SYN segment with the window scale option. In addition, the option value is set according to the receive window size.Refer to RFC 1323 for the window scale option. Default1 (enabled) Range0 (disabled) or 1 (enabled) Dynamic?Yes When to ChangeIf there is an interoperability problem with an old TCP stack that does not support the window scale option, disable this parameter. Commitment LevelUnstable Change HistoryFor information, see tcp_wscale_always (Solaris 9 Releases). DescriptionIf set to 1, TCP always sends a SYN segment with the timestamp option. Note that if TCP receives a SYN segment with the timestamp option, TCP responds with a SYN segment with the timestamp option even if the parameter is set to 0. Default0 (disabled) Range0 (disabled) or 1 (enabled) Dynamic?Yes When to ChangeIf getting an accurate measurement of round-trip time (RTT) and TCP sequence number wraparound is a problem, enable this parameter.Refer to RFC 1323 for more reasons to enable this option. Commitment LevelUnstable DescriptionDefines the default send window size in bytes. Refer to Per-Route Metrics for a discussion of setting a different value on a per-route basis. See also tcp_max_buf. Default49,152 Range4096 to 1,073,741,824 Dynamic?Yes When to ChangeAn application can use setsockopt3XNET SO_SNDBUF to change the individual connection's send buffer. Commitment LevelUnstable DescriptionDefines the default receive window size in bytes. Refer to Per-Route Metrics for a discussion of setting a different value on a per-route basis. See also tcp_max_buf and tcp_recv_hiwat_minmss. Default49,152 Range2048 to 1,073,741,824 Dynamic?Yes When to ChangeAn application can use setsockopt3XNET SO_RCVBUF to change the individual connection's receive buffer. Commitment LevelUnstable DescriptionDefines the maximum buffer size in bytes. This parameter controls how large the send and receive buffers are set to by an application that uses setsockopt3XNET. Default1,048,576 Range8192 to 1,073,741,824 Dynamic?Yes When to ChangeIf TCP connections are being made in a high-speed network environment, increase the value to match the network link speed. Commitment LevelUnstable DescriptionDefines the maximum value of the TCP congestion window (cwnd) in bytes.For more information on the TCP congestion window, refer to RFC 1122 and RFC 2581. Default1,048,576 Range128 to 1,073,741,824 Dynamic?Yes When to ChangeEven if an application uses setsockopt3XNET to change the window size to a value higher than tcp_cwnd_max, the actual window used can never grow beyond tcp_cwnd_max. Thus, tcp_max_buf should be greater than tcp_cwnd_max. Commitment LevelUnstable DescriptionDefines the maximum initial congestion window (cwnd) size in the maximum segment size (MSS) of a TCP connection.Refer to RFC 2414 on how the initial congestion window size is calculated. Default4 Range1 to 4 Dynamic?Yes When to ChangeDo not change the value.If the initial cwnd size causes network congestion under special circumstances, decrease the value. Commitment LevelUnstable DescriptionThe congestion window size in the maximum segment size (MSS) of a TCP connection after it has been idled (no segment received) for a period of one retransmission timeout (RTO).Refer to RFC 2414 on how the initial congestion window size is calculated. Default4 Range1 to 16,384 Dynamic?Yes When to ChangeFor more information, see tcp_slow_start_initial. Commitment LevelUnstable DescriptionIf set to 2, TCP always sends a SYN segment with the selective acknowledgment (SACK) permitted option. If TCP receives a SYN segment with a SACK-permitted option and this parameter is set to 1, TCP responds with a SACK-permitted option. If the parameter is set to 0, TCP does not send a SACK-permitted option, regardless of whether the incoming segment contains the SACK permitted option. Refer to RFC 2018 for information on the SACK option. Default2 (active enabled) Range0 (disabled), 1 (passive enabled), or 2 (active enabled) Dynamic?Yes When to ChangeSACK processing can improve TCP retransmission performance so it should be actively enabled. Sometimes, the other side can be confused with the SACK option actively enabled. If this confusion occurs, set the value to 1 so that SACK processing is enabled only when incoming connections allow SACK processing. Commitment LevelUnstable DescriptionIf set to 0, TCP does not reverse the IP source routing option for incoming connections for security reasons. If set to 1, TCP does the normal reverse source routing. Default0 (disabled) Range0 (disabled) or 1 (enabled) Dynamic?Yes When to ChangeIf IP source routing is needed for diagnostic purposes, enable it. Commitment LevelUnstable DescriptionSpecifies the time in milliseconds that a TCP connection stays in TIME-WAIT state.For more information, refer to RFC 1122, 4.2.2.13. Default60,000 (60 seconds) Range1 second to 10 minutes Dynamic?Yes When to ChangeDo not set the value lower than 60 seconds.For information on changing this parameter, refer to RFC 1122, 4.2.2.13. Commitment LevelUnstable DescriptionControls Explicit Congestion Notification (ECN) support.If this parameter is set to 0, TCP does not negotiate with a peer that supports the ECN mechanism.If this parameter is set to 1 when initiating a connection, TCP does not tell a peer that it supports ECN mechanism.However, TCP tells a peer that it supports ECN mechanism when accepting a new incoming connection request if the peer indicates that it supports ECN mechanism in the SYN segment.If this parameter is set to 2, in addition to negotiating with a peer on the ECN mechanism when accepting connections, TCP indicates in the outgoing SYN segment that it supports the ECN mechanism when TCP makes active outgoing connections.Refer to RFC 3168 for information on ECN. Default1 (passive enabled) Range0 (disabled), 1 (passive enabled), or 2 (active enabled) Dynamic?Yes When to ChangeECN can help TCP better handle congestion control. However, there are existing TCP implementations, firewalls, NATs, and other network devices that are confused by this mechanism. These devices do not comply to the IETF standard.Because of these devices, the default value of this parameter is set to 1. In rare cases, passive enabling can still cause problems. Set the parameter to 0 only if absolutely necessary. Commitment LevelUnstable DescriptionSpecifies the default maximum number of pending TCP connections for a TCP listener waiting to be accepted by accept3SOCKET. See also tcp_conn_req_max_q0. Default128 Range1 to 4,294,967,296 Dynamic?Yes When to ChangeFor applications such as web servers that might receive several connection requests, the default value might be increased to match the incoming rate.Do not increase the parameter to a very large value. The pending TCP connections can consume excessive memory. Also, if an application cannot handle that many connection requests fast enough because the number of pending TCP connections is too large, new incoming requests might be denied. Note that increasing tcp_conn_req_max_q does not mean that applications can have that many pending TCP connections. Applications can use listen3SOCKET to change the maximum number of pending TCP connections for each socket. This parameter is the maximum an application can use listen() to set the number to. Thus, even if this parameter is set to a very large value, the actual maximum number for a socket might be much less than tcp_conn_req_max_q, depending on the value used in listen(). Commitment LevelUnstable Change HistoryFor information, see xxx:ip_forwarding (Solaris 9 Releases). DescriptionSpecifies the default maximum number of incomplete (three-way handshake not yet finished) pending TCP connections for a TCP listener.For more information on TCP three-way handshake, refer to RFC 793. See also tcp_conn_req_max_q. Default1024 Range0 to 4,294,967,296 Dynamic?Yes When to ChangeFor applications such as web servers that might receive excessive connection requests, you can increase the default value to match the incoming rate.The following explains the relationship between tcp_conn_req_max_q0 and the maximum number of pending connections for each socket. When a connection request is received, TCP first checks if the number of pending TCP connections (three-way handshake is done) waiting to be accepted exceeds the maximum (N) for the listener. If the connections are excessive, the request is denied. If the number of connections is allowable, then TCP checks if the number of incomplete pending TCP connections exceeds the sum of N and tcp_conn_req_max_q0. If it does not, the request is accepted. Otherwise, the oldest incomplete pending TCP request is dropped. Commitment LevelUnstable Change HistoryFor information, see xxx:ip_forwarding (Solaris 9 Releases). DescriptionSpecifies the default minimum value for the maximum number of pending TCP connection requests for a listener waiting to be accepted. This is the lowest maximum value of listen3SOCKET that an application can use. Default1 Range1 to 1024 Dynamic?Yes When to ChangeThis parameter can be a solution for applications that use listen3SOCKET to set the maximum number of pending TCP connections to a value too low. Increase the value to match the incoming connection request rate. Commitment LevelUnstable DescriptionIf this parameter is set to 1, the maximum rate of sending a RST segment is controlled by the ndd parameter, tcp_rst_sent_rate. If this parameter is set to 0, no rate control when sending a RST segment is available. Default1 (enabled) Range0 (disabled) or 1 (enabled) Dynamic?Yes When to ChangeThis tunable helps defend against denial of service attacks on TCP by limiting the rate by which a RST segment is sent out. The only time this rate control should be disabled is when strict conformance to RFC 793 is required. Commitment LevelUnstable DescriptionSets the maximum number of RST segments that TCP can send out per second. Default40 Range0 to 4,294,967,296 Dynamic?Yes When to ChangeIn a TCP environment, there might be a legitimate reason to generate more RSTs than the default value allows. In this case, increase the default value of this parameter. Commitment LevelUnstable DescriptionSpecifies the number of payload buffers that can be carried by a single M_MULTIDATA message that is generated by TCP. See also ip_multidata_outbound. Default16 Range1 to 16 Dynamic?Yes When to ChangeDecreasing this parameter might aid in debugging device driver development by limiting the amount of payload buffers per M_MULTIDATA message that is generated by TCP. Commitment LevelUnstable DescriptionThis ndd parameter sets a probe interval that is first sent out after a TCP connection is idle on a system-wide basis.Solaris supports the TCP keep-alive mechanism as described in RFC 1122. This mechanism is enabled by setting the SO_KEEPALIVE socket option on a TCP socket.If SO_KEEPALIVE is enabled for a socket, the first keep-alive probe is sent out after a TCP connection is idle for two hours, the default value of the tcp_keepalive_interval parameter. If the peer does not respond to the probe after eight minutes, the TCP connection is aborted. For more information, refer to tcp_keepalive_abort_interval.You can also use the TCP_KEEPALIVE_THRESHOLD socket option on individual applications to override the default interval so that each application can have its own interval on each socket. The option value is an unsigned integer in milliseconds. See also tcp7P. Default2 hours Range10 seconds to 10 days UnitsUnsigned integer (milliseconds) Dynamic?Yes When to ChangeDo not change the value. If under special circumstances, the first keepalive probe needs to be sent earlier than two hours, use the TCP_KEEPALIVE_THRESHOLD socket option to reduce the interval on an individual application. Commitment LevelUnstable DescriptionThis ndd parameter sets a default time threshold to abort a TCP connection after the keepalive probing mechanism has failed.This abort time threshold can also be changed on a per socket basis by using the TCP_KEEPALIVE_ABORT_THRESHOLD option on a TCP socket. The option value is an unsigned integer in milliseconds.If an application has the SO_KEEPALIVE socket option enabled, it can then use the TCP_KEEPALIVE_THRESHOLD socket option to change the initial probe interval and TCP_KEEPALIVE_ABORT_THRESHOLD socket option to change the abort interval.A value of zero means that TCP should never time out and abort the connection when probing.See also tcp_keepalive_interval. Default8 minutes Range0 to 8 minutes UnitsUnsigned integer (milliseconds) Dynamic?Yes When to ChangeDo not change the value. If under special circumstances, a TCP connection needs to be aborted earlier than the default eight minutes of the keepalive probing, use the TCP_KEEPALIVE_ABORT_THRESHOLD socket option to reduce the abort interval on an individual application. Commitment LevelUnstable The following parameters can be set only in the /etc/system file. After the file is modified, reboot the system.For example, the following entry sets the ipcl_conn_hash_size parameter:set ip:ipcl_conn_hash_sizes=valueDescriptionControls the size of the connection hash table used by IP. The default value of 0 means that the system automatically sizes an appropriate value for this parameter at boot time, depending on the available memory. Data TypeUnsigned integer Default0 Range0 to 82,500 Dynamic?No. The parameter can only be changed at boot time. When to ChangeIf the system consistently has tens of thousands of TCP connections, the value can be increased accordingly. Increasing the hash table size means that more memory is wired down, thereby reducing available memory to user applications. Commitment LevelUnstable DescriptionGoverns the maximum delay in waking up a worker thread to process TCP/IP packets that are enqueued on an squeue. An squeue is a serialization queue that is used by the TCP/IP kernel code to process TCP/IP packets. Default10 milliseconds Range0 – 50 milliseconds Dynamic?Yes When to ChangeConsider tuning this parameter if latency is an issue, and network traffic is light. For example, if the machine serves mostly interactive network traffic.The default value usually works best on a network file server, a web server, or any server that has substantial network traffic. Zone ConfigurationThis parameter can only be set in the global zone. Commitment LevelUnstable Change HistoryFor information, see ip_squeue_worker_wait (Solaris 10 11/06 Release). Changing the following parameters is not recommended.DescriptionSpecifies the default total retransmission timeout value for a TCP connection. For a given TCP connection, if TCP has been retransmitting for tcp_ip_abort_interval period of time and it has not received any acknowledgment from the other endpoint during this period, TCP closes this connection.For TCP retransmission timeout (RTO) calculation, refer to RFC 1122, 4.2.3. See also tcp_rexmit_interval_max. Default8 minutes Range500 milliseconds to 1193 hours Dynamic?Yes When to ChangeDo not change this value. See tcp_rexmit_interval_max for exceptions. Commitment LevelUnstable DescriptionSpecifies the default initial retransmission timeout (RTO) value for a TCP connection. Refer to Per-Route Metrics for a discussion of setting a different value on a per-route basis. Default3 seconds Range1 millisecond to 20 seconds Dynamic?Yes When to ChangeDo not change this value. Lowering the value can result in unnecessary retransmissions. Commitment LevelUnstable DescriptionDefines the default maximum retransmission timeout value (RTO). The calculated RTO for all TCP connections cannot exceed this value. See also tcp_ip_abort_interval. Default60 seconds Range1 millisecond to 2 hours Dynamic?Yes When to ChangeDo not change the value in a normal network environment.If, in some special circumstances, the round-trip time (RTT) for a connection is about 10 seconds, you can increase this value. If you change this value, you should also change the tcp_ip_abort_interval parameter. Change the value of tcp_ip_abort_interval to at least four times the value of tcp_rexmit_interval_max. Commitment LevelUnstable DescriptionSpecifies the default minimum retransmission time out (RTO) value. The calculated RTO for all TCP connections cannot be lower than this value. See also tcp_rexmit_interval_max. Default400 milliseconds Range1 millisecond to 20 seconds Dynamic?Yes When to ChangeDo not change the value in a normal network environment.TCP's RTO calculation should cope with most RTT fluctuations. If, in some very special circumstances, the round-trip time (RTT) for a connection is about 10 seconds, increase this value. If you change this value, you should change the tcp_rexmit_interval_max parameter. Change the value of tcp_rexmit_interval_max to at least eight times the value of tcp_rexmit_interval_min. Commitment LevelUnstable DescriptionSpecifies a constant added to the calculated retransmission time out value (RTO). Default0 milliseconds Range0 to 2 hours Dynamic?Yes When to ChangeDo not change the value.When the RTO calculation fails to obtain a good value for a connection, you can change this value to avoid unnecessary retransmissions. Commitment LevelUnstable DescriptionIf this parameter is set to 1, and the window scale option is enabled for a connection, TCP also enables the timestamp option for that connection. Default1 (enabled) Range0 (disabled) or 1 (enabled) Dynamic?Yes When to ChangeDo not change this value. In general, when TCP is used in high-speed network, protection against sequence number wraparound is essential. Thus, you need the timestamp option. Commitment LevelUnstable DescriptionControls the default minimum receive window size. The minimum is tcp_recv_hiwat_minmss times the size of maximum segment size (MSS) of a connection. Default4 Range1 to 65,536 Dynamic?Yes When to ChangeDo not change the value. If changing it is necessary, do not change the value lower than 4. Commitment LevelUnstable DescriptionDefines the default maximum UDP socket datagram size. For more information, see udp_max_buf. Default57,344 bytes Range1,024 to 1,073,741,824 bytes Dynamic?Yes When to ChangeNote that an application can use setsockopt3XNET SO_SNDBUF to change the size for an individual socket. In general, you do not need to change the default value. Commitment LevelUnstable Change HistoryFor information, see udp_xmit_hiwat (Solaris 9 Releases). DescriptionDefines the default maximum UDP socket receive buffer size. For more information, see udp_max_buf. Default57,344 bytes Range128 to 1,073,741,824 bytes Dynamic?Yes When to ChangeNote that an application can use setsockopt3XNET SO_RCVBUF to change the size for an individual socket. In general, you do not need to change the default value. Commitment LevelUnstable Change HistoryFor information, see udp_recv_hiwat (Solaris 9 Releases). Changing the following parameter is not recommended.DescriptionControls how large send and receive buffers can be for a UDP socket. Default2,097,152 bytes Range65,536 to 1,073,741,824 bytes Dynamic?Yes When to ChangeDo not change the value. If this parameter is set to a very large value, UDP socket applications can consume too much memory. Commitment LevelUnstable Change HistoryFor information, see udp_max_buf (Solaris 9 Releases). DescriptionEnables or disables IPQoS processing in any of the following callout positions: forward outbound, forward inbound, local outbound, and local inbound. This parameter is a bitmask as follows:Not Used Not Used Not Used Not Used Forward Outbound Forward Inbound Local Outbound Local Inbound X X X X 0 0 0 0 A 1 in any of the position masks or disables IPQoS processing in that particular callout position. For example, a value of 0x01 disables IPQoS processing for all the local inbound packets. DefaultThe default value is 0, meaning that IPQoS processing is enabled in all the callout positions. Range0 (0x00) to 15 (0x0F). A value of 15 indicates that IPQoS processing is disabled in all the callout positions. Dynamic?Yes When to ChangeIf you want to enable or disable IPQoS processing in any of the callout positions. Commitment LevelUnstable DescriptionControls the maximum number of attempts an SCTP endpoint should make at resending an INIT chunk. The SCTP endpoint can use the SCTP initiation structure to override this value. Default8 Range0 to 128 Dynamic?Yes When to ChangeThe number of INIT retransmissions depend on sctp_pa_max_retr. Ideally, sctp_max_init_retr should be less than or equal to sctp_pa_max_retr. Commitment LevelUnstable DescriptionControls the maximum number of retransmissions (over all paths) for an SCTP association. The SCTP association is aborted when this number is exceeded. Default10 Range1 to 128 Dynamic?Yes When to ChangeThe maximum number of retransmissions over all paths depend on the number of paths and the maximum number of retransmission over each path. Ideally, sctp_pa_max_retr should be set to the sum of sctp_pp_max_retr over all available paths. For example, if there are 3 paths to the destination and the maximum number of retransmissions over each of the 3 paths is 5, then sctp_pa_max_retr should be set to less than or equal to 15. (See the Note in Section 8.2, RFC 2960.) Commitment LevelUnstable DescriptionControls the maximum number of retransmissions over a specific path. When this number is exceeded for a path, the path (destination) is considered unreachable. Default5 Range1 to 128 Dynamic?Yes When to ChangeDo not change this value to less than 5. Commitment LevelUnstable DescriptionControls the maximum value of the congestion window for an SCTP association. Default1,048,576 Range128 to 1,073,741,824 Dynamic?Yes When to ChangeEven if an application uses setsockopt3XNET to change the window size to a value higher than sctp_cwnd_max, the actual window used can never grow beyond sctp_cwnd_max. Thus, sctp_max_buf should be greater than sctp_cwnd_max. Commitment LevelUnstable DescriptionControls the time to live (TTL) value in the IP version 4 header for the outbound IP version 4 packets on an SCTP association. Default64 Range1 to 255 Dynamic?Yes When to ChangeGenerally, you do not need to change this value. Consider increasing this parameter if the path to the destination is likely to span more than 64 hops. Commitment LevelUnstable DescriptionComputes the interval between HEARTBEAT chunks to an idle destination, that is allowed to heartbeat.An SCTP endpoint periodically sends an HEARTBEAT chunk to monitor the reachability of the idle destinations transport addresses of its peer. Default30 seconds Range0 to 86,400 seconds Dynamic?Yes When to ChangeRefer to RFC 2960, section 8.3. Commitment LevelUnstable DescriptionDetermines when a new secret needs to be generated. The generated secret is used to compute the MAC for a cookie. Default2 minutes Range0 to 1,440 minutes Dynamic?Yes When to ChangeRefer to RFC 2960, section 5.1.3. Commitment LevelUnstable DescriptionDetermines the initial maximum send size for an SCTP packet including the length of the IP header. Default1500 bytes Range68 to 65,535 Dynamic?Yes When to ChangeIncrease this parameter if the underlying link supports frame sizes that are greater than 1500 bytes. Commitment LevelUnstable DescriptionSets the time-out value for SCTP delayed acknowledgment (ACK) timer in milliseconds. Default100 milliseconds Range1 to 60,000 milliseconds Dynamic?Yes When to ChangeRefer to RFC 2960, section 6.2. Commitment LevelUnstable DescriptionEnables or disables path MTU discovery. Default0 (disabled) Range0 (disabled) or 1 (enabled) Dynamic?Yes When to ChangeEnable this parameter if you want to ignore MTU changes along the path. However, doing so might result in IP fragmentation if the path MTU decreases. Commitment LevelUnstable DescriptionSets the initial slow start threshold for a destination address of the peer. Default102,400 Range1024 to 4,294,967,295 Dynamic?Yes When to ChangeRefer to RFC 2960, section 7.2.1. Commitment LevelUnstable DescriptionSets the default send window size in bytes. See also sctp_max_buf. Default102,400 Range8,192 to 1,073,741,824 Dynamic?Yes When to ChangeAn application can use getsockopt3SOCKET SO_SNDBUF to change the individual association's send buffer. Commitment LevelUnstable DescriptionControls the lower limit on the send window size. Default8,192 Range8,192 to 1,073,741,824 Dynamic?Yes When to ChangeGenerally, you do not need to change this value. This parameter sets the minimum size required in the send buffer for the socket to be marked writable. If required, consider changing this parameter in accordance with sctp_xmit_hiwat. Commitment LevelUnstable DescriptionControls the default receive window size in bytes. See also sctp_max_buf. Default102,400 Range8,192 to 1,073,741,824 Dynamic?Yes When to ChangeAn application can use getsockopt3SOCKET SO_RCVBUF to change the individual association's receive buffer. Commitment LevelUnstable DescriptionControls the maximum buffer size in bytes. It controls how large the send and receive buffers are set to by an application that uses getsockopt3SOCKET. Default1,048,576 Range8,192 to 1,073,741,824 Dynamic?Yes When to ChangeIncrease the value of this parameter to match the network link speed if associations are being made in a high-speed network environment. Commitment LevelUnstable DescriptionSets the value of the hop limit in the IP version 6 header for the outbound IP version 6 packets on an SCTP association. Default60 Range0 to 255 Dynamic?Yes When to ChangeGenerally, you do not need to change this value. Consider increasing this parameter if the path to the destination is likely to span more than 60 hops. Commitment LevelUnstable DescriptionSets the lower bound for the retransmission timeout (RTO) in milliseconds for all the destination addresses of the peer. Default1,000 Range500 to 60,000 Dynamic?Yes When to ChangeRefer to RFC 2960, section 6.3.1. Commitment LevelUnstable DescriptionControls the upper bound for the retransmission timeout (RTO) in milliseconds for all the destination addresses of the peer. Default60,000 Range1,000 to 60,000,000 Dynamic?Yes When to ChangeRefer to RFC 2960, section 6.3.1. Commitment LevelUnstable DescriptionControls the initial retransmission timeout (RTO) in milliseconds for all the destination addresses of the peer. Default3,000 Range1,000 to 60,000,000 Dynamic?Yes When to ChangeRefer to RFC 2960, section 6.3.1. Commitment LevelUnstable DescriptionSets the lifespan of a cookie in milliseconds. Default60,000 Range10 to 60,000,000 Dynamic?Yes When to ChangeGenerally, you do not need to change this value. This parameter might be changed in accordance with sctp_rto_max. Commitment LevelUnstable DescriptionControls the maximum number of inbound streams permitted for an SCTP association. Default32 Range1 to 65,535 Dynamic?Yes When to ChangeRefer to RFC 2960, section 5.1.1. Commitment LevelUnstable DescriptionControls the maximum number of outbound streams permitted for an SCTP association. Default32 Range1 to 65,535 Dynamic?Yes When to ChangeRefer to RFC 2960, section 5.1.1. Commitment LevelUnstable DescriptionControls the maximum time, in milliseconds, to wait for a SHUTDOWN ACK after having sent a SHUTDOWN chunk. Default60,000 Range0 to 300,000 Dynamic?Yes When to ChangeGenerally, you do not need to change this value. This parameter might be changed in accordance with sctp_rto_max. Commitment LevelUnstable DescriptionSets the limit on the number of segments to be sent in a burst. Default4 Range2 to 8 Dynamic?Yes When to ChangeYou do not need to change this parameter. You might change it for testing purposes. Commitment LevelUnstable DescriptionEnables or disables SCTP dynamic address reconfiguration. Default0 (disabled) Range0 (disabled) or 1 (enabled) Dynamic?Yes When to ChangeThe parameter can be enabled if dynamic address reconfiguration is needed. Due to security implications, enable this parameter only for testing purposes. Commitment LevelUnstable DescriptionEnables or disables the partial reliability extension (RFC 3758) to SCTP. Default1 (enabled) Range0 (disabled) or 1 (enabled) Dynamic?Yes When to ChangeDisable this parameter if partial reliability is not supported in your SCTP environment. Commitment LevelUnstable Starting in the Solaris 8 release, you can use per-route metrics to associate some properties with IPv4 and IPv6 routing table entries.For example, a system has two different network interfaces, a fast Ethernet interface and a gigabit Ethernet interface. The system default tcp_recv_hiwat is 24,576 bytes. This default is sufficient for the fast Ethernet interface, but may not be sufficient for the gigabit Ethernet interface.Instead of increasing the system's default for tcp_recv_hiwat, you can associate a different default TCP receive window size to the gigabit Ethernet interface routing entry. By making this association, all TCP connections going through the route will have the increased receive window size.For example, the following is in the routing table (netstat -rn), assuming IPv4:192.123.123.0 192.123.123.4 U 1 4 hme0 192.123.124.0 192.123.124.4 U 1 4 ge0 default 192.123.123.1 UG 1 8In this example, do the following:# route change -net 192.123.124.0 -recvpipe xThen, all connections going to the 192.123.124.0 network, which is on the ge0 link, use the receive buffer size x, instead of the default 24567 receive window size.If the destination is in the a.b.c.d network, and no specific routing entry exists for that network, you can add a prefix route to that network and change the metric. For example:# route add -net a.b.c.d 192.123.123.1 -netmask w.x.y.z # route change -net a.b.c.d -recvpipe yNote that the prefix route's gateway is the default router. Then, all connections going to that network use the receive buffer size y. If you have more than one interface, use the ifp argument to specify which interface to use. This way, you can control which interface to use for specific destinations. To verify the metric, use the route1M get command.