Kernel limits for large networks

  • Hi all,
    I have installed and configured GestioIP 3.0 in my lan (which is rather big +16k IPs) and I have found that the actualization always failed to find a lot of active IPs. After some researches I have found that it needs some tuning of the kernel parameters in order to make it able to support the large number of processes (ping) and the huge network activity.

    So I have set the max_sinc_procs to 1024 and I looked at the kernel messages finding that on my debian host I needed to create a file named /etc/sysctl.d/gestioip.conf with the following content:

    # Added in order to alow massive outgoing ping packets.
    # It prevents gestioip to uncorrectly detect IPs as Down.
    # Force gc to clean-up quickly
    net.ipv4.neigh.default.gc_interval = 3600
    # Set ARP cache entry timeout
    net.ipv4.neigh.default.gc_stale_time = 3600
    # Setup DNS threshold for arp
    net.ipv4.neigh.default.gc_thresh3 = 8192
    net.ipv4.neigh.default.gc_thresh2 = 4096
    net.ipv4.neigh.default.gc_thresh1 = 2048

    Also I have added a file /etc/security/limits.d/gestioip.conf with the following content:

    # Increasing some limits to allow more processes and files opened
    * soft nofile unlimited
    * hard nofile 65535
    * soft nproc unlimited
    * hard nproc 8192

    Now I can correctly and quickly scan a /20 network running 1024 threads with no error messages. I guess that these tips can help in make gestioIP able to scan even bigger networks.

    I hope that this experience will be helpful for your project.

    Last edit: Marco Casavecchia M. 2013-09-27
  • Marc Uebel
    Marc Uebel

    Hi Marco
    Thanks a lot for sharing your observations!

    Last edit: Marc Uebel 2013-09-27