Chapter 4

TCP/IP Tunable Parameters

This section describes the TCP/IP tunable parameters.

Where to Find Tunable Parameter Information

Tunable Parameter	For Information
Solaris Kernel Tunables	Chapter 2, Solaris Kernel Tunables
NFS Tunable Parameters	Chapter 3, NFS Tunable Parameters
Network Cache and Accelerator (NCA) Tunable Parameters	Chapter 5, Network Cache and Accelerator (NCA) Tunable Parameters

Overview of Tuning TCP/IP Parameters

You can set all of the tuning parameters described in this chapter with the ndd command, except for the following two parameters that can only be set in the /etc/system file:

Use the following syntax to set TCP/IP parameters with the ndd command.

# ndd -set driver parameter

For example, the following ndd command disables IP forwarding.

# ndd -set /dev/ip ip_forwarding 0

For more information, see ndd(1M).

To set a TCP/IP parameter across system reboots, include the appropriate ndd command in a system startup script. Use the following guidelines to create a system startup script to include ndd commands:

Create a script in the /etc/init.d directory and create links to it in the /etc/rc2.d, /etc/rc1.d, and /etc/rcS.d directories.
The script should run between the existing S69inet and S72inetsvc scripts.
Name the script with the S70 or S71 prefix. Scripts with the same prefix are run in some sequential way so it doesn't matter if there is more than one script with the same prefix.
For more information on naming run control scripts, see the README file in the /etc/init.d directory.

For more information on creating a startup script, see "Run Control Scripts" in System Administration Guide: Basic Administration.

TCP/IP Parameter Validation

All of the TCP/IP parameters described in this section are checked to verify they fall in the parameter range, which is provided in each tunable section, except for the two parameters that can be set only in the /etc/system file described above. For more information, see the validation section for "tcp_conn_hash_size" and "ipc_tcp_conn_hash_size".

Internet Request for Comments (RFCs)

Internet protocol and standard specifications are described in RFC documents. You can get copies of RFCs by using anonymous ftp to the sri-nic.arpa machine. Browse RFC topics by viewing the rfc-index.txt file at this site.

IP Tunable Parameters

This section describes some of the IP tunable parameters.

`ip_icmp_err_interval` and `ip_icmp_err_burst`

Description	Control the rate of IP in generating IPv4 or IPv6 ICMP error messages. IP generates only up to `ip_icmp_err_burst` IPv4 or IPv6 ICMP error messages in any `ip_icmp_err_interval`. This parameter protects IP from denial of service attacks. Set `ip_icmp_err_interval` to 0 to disable IP to generate IPv4 or IPv6 ICMP error messages.
Default	100 milliseconds for `ip_icmp_err_interval` 10 for `ip_icmp_err_burst`
Range	0 - 99,999 milliseconds for `ip_icmp_err_interval` 1 - 99,999 for `ip_icmp_err_burst`
Dynamic?	Yes
When to Change	Change the parameter values if you need a higher error message generation rate for diagnostic purposes.
Commitment Level	Unstable

`ip_forwarding` and `ip6_forwarding`

Description	Control whether IP does IPv4 or IPv6 forwarding between interfaces. See also xxx`:ip_forwarding` below.
Default	0 (disabled)
Range	0 (disabled), 1 (enabled)
Dynamic?	Yes
When to Change	If IP forwarding is needed, enable it.
Commitment Level	Unstable

xxx`:ip_forwarding`

Description	Enables IPv4 forwarding for a particular xxx interface. The exact name of the parameter is interface-name`:ip_forwarding`. For example, two interfaces are `hme0` and `hme1`. Their corresponding parameter names are: `hme0:ip_forwarding` and `hme1:ip_forwarding`
Default	0 (disabled)
Range	0 (disabled), 1 (enabled)
Dynamic?	Yes
When to Change	If you need IPv4 forwarding, use this parameter to enable forwarding on a per-interface basis.
Commitment Level	Unstable