kernel optimization

Name: mael
Price: 9.00 USD
Rating: 4.8 (12 reviews)
Author: mael

blockchain node

# background disk writes when dirty pages > 5% of RAM
vm.dirty_background_ratio = 5

# dirty RAM % allowed before processes block until flush
vm.dirty_ratio = 40

# max number of memory-mapped areas a single process can use, useful for large blockchain databases (like Reth's MDBX)
vm.max_map_count = 262144

# max number of file descriptors the system can open (peers, RPC connections, db files)
fs.file-max = 1000000

network hardening

# enable SYN cookies to protect against TCP SYN flood attacks
net.ipv4.tcp_syncookies = 1

# max number of queued TCP SYN requests before dropping
net.ipv4.tcp_max_syn_backlog = 4096

# time to wait for FIN (connection close) before freeing the socket
net.ipv4.tcp_fin_timeout = 30

# enable reverse path filtering to drop packets with spoofed IPs
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

# ignore ICMP echo requests to broadcast addresses
net.ipv4.icmp_echo_ignore_broadcasts = 1

# ignore bogus ICMP error responses
net.ipv4.icmp_ignore_bogus_error_responses = 1

# reject packets that specify a source route
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

# do not accept ICMP redirect messages (untrusted network)
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.secure_redirects = 0

# log packets with impossible source addresses ("martians")
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.log_martians = 1

# ports used for outgoing connections
net.ipv4.ip_local_port_range = 10240 65535

# allow reuse of TIME_WAIT sockets for faster outgoing connections
net.ipv4.tcp_tw_reuse = 1

# do not recycle TIME_WAIT sockets (unsafe on NAT)
net.ipv4.tcp_tw_recycle = 0

# disable IPv6 if not needed (optional)
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

# maximum number of queued connections before accept() drops them
net.core.somaxconn = 65535

# maximum number of packets allowed to queue on the network interface
net.core.netdev_max_backlog = 16384

# maximum number of orphaned TCP sockets (e.g., after crashes)
net.ipv4.tcp_max_orphans = 32768

# TCP receive buffer: min, default, max (for high-throughput RPC)
net.ipv4.tcp_rmem = 4096 87380 6291456

# TCP send buffer: min, default, max (for high-throughput RPC)
net.ipv4.tcp_wmem = 4096 65536 6291456

# TCP congestion control algorithm
net.ipv4.tcp_congestion_control = cubic