Kernel limits for large networks

2013-09-27
2013-09-27
  • Hi all,
    I have installed and configured GestioIP 3.0 in my lan (which is rather big +16k IPs) and I have found that the actualization always failed to find a lot of active IPs. After some researches I have found that it needs some tuning of the kernel parameters in order to make it able to support the large number of processes (ping) and the huge network activity.

    So I have set the max_sinc_procs to 1024 and I looked at the kernel messages finding that on my debian host I needed to create a file named /etc/sysctl.d/gestioip.conf with the following content:

    # Added in order to alow massive outgoing ping packets.
    # It prevents gestioip to uncorrectly detect IPs as Down.
    net.core.somaxconn=16384
    net.core.netdev_max_backlog=32768
    fs.file-max=65535
    net.core.optmem_max=327680
    
    # Force gc to clean-up quickly
    net.ipv4.neigh.default.gc_interval = 3600
    
    # Set ARP cache entry timeout
    net.ipv4.neigh.default.gc_stale_time = 3600
    
    # Setup DNS threshold for arp
    net.ipv4.neigh.default.gc_thresh3 = 8192
    net.ipv4.neigh.default.gc_thresh2 = 4096
    net.ipv4.neigh.default.gc_thresh1 = 2048
    


    Also I have added a file /etc/security/limits.d/gestioip.conf with the following content:

    # Increasing some limits to allow more processes and files opened
    * soft nofile unlimited
    * hard nofile 65535
    * soft nproc unlimited
    * hard nproc 8192
    


    Now I can correctly and quickly scan a /20 network running 1024 threads with no error messages. I guess that these tips can help in make gestioIP able to scan even bigger networks.

    I hope that this experience will be helpful for your project.

     
    Last edit: Marco Casavecchia M. 2013-09-27
  • Marc Uebel
    Marc Uebel
    2013-09-27

    Hi Marco
    Thanks a lot for sharing your observations!
    Regards
    Marc

     
    Last edit: Marc Uebel 2013-09-27