Solved

Correct way & which parameter to disable tcp_timestamp in Solaris x86

Posted on 2014-11-15
14
467 Views
Last Modified: 2014-11-18
I'm on Solaris x86  10 & 11.

Q1:
What's the right way to disable tcp_timestamp?

http://www.cns.nyu.edu/~fan/sun-docs/sol10-01-13/html/E37386/chapter4-31.html
Above link does not have any parameters for tcp_timestamps (guess there is an 's' at
the back) & the closest is tcp_tstamp_always

Q2:
At some other URLs, it gave the same method as setting it in RHEL ie
   echo 0 > /proc/sys/net/ipv4/tcp_timestamps     &
add line below to etc/sysctl.conf (create the file if it does not already exist):
   net.ipv4.tcp_timestamps = 0

Q3:
if sysctl.conf does not exist, is that the only line to add in or we ought to
add a few other lines to make the parameters "balanced".  I recall I used
to tweak /etc/system & several parameters need to be inside this system file
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 4
14 Comments
 
LVL 23

Expert Comment

by:savone
ID: 40444519
I am not sure about Solaris, but in Linux you would edit the /etc/sysctl.conf file.  And edit or add the following line to make it look like this:

net.ipv4.tcp_timestamps = 0
0
 

Author Comment

by:sunhux
ID: 40444760
Thanks;  but I'll need it specifically for Solaris x86  Ver 10 & 11
0
 
LVL 23

Assisted Solution

by:savone
savone earned 315 total points
ID: 40444783
Just have to do some googling.... Looks to be the same for Solaris according to Oracle.

https://docs.oracle.com/cd/E26576_01/doc.312/e24936/tuning-os.htm

Quote:
Additionally, create an /etc/sysctl.conf file and append it with the following values:

<-- begin
 #Disables packet forwarding
net.ipv4.ip_forward = 0
#Enables source route verification
net.ipv4.conf.default.rp_filter = 1
#Disables the magic-sysrq key
kernel.sysrq = 0
fs.file-max=65536
vm.bdflush = 100 1200 128 512 15 5000 500 1884 2
net.ipv4.ip_local_port_range = 1024 65000
net.core.rmem_max= 262143
net.core.rmem_default = 262143
net.ipv4.tcp_rmem = 4096 131072 262143
net.ipv4.tcp_wmem = 4096 131072 262143
net.ipv4.tcp_sack = 0
net.ipv4.tcp_timestamps = 0
kernel.shmmax = 67108864
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 62

Accepted Solution

by:
gheist earned 185 total points
ID: 40444891
0
 

Author Comment

by:sunhux
ID: 40445161
I'm confused as understand from Savone's link the parameter is tcp_timestamps but Gheist's link  indicates  tcp_tstamp_always

So if the file sysctl.conf is not there, I'll need to create one & enter all
those lines indicated by Savone & not just one line?
0
 

Author Comment

by:sunhux
ID: 40445173
Instead of sysctl.conf, link below indicates /etc/system :
http://slaptijack.com/system-administration/solaris-tcp-performance-tuning/

I'm on Solaris x86  Ver 10 & 11  (running in VMs)
0
 

Author Comment

by:sunhux
ID: 40445175
I'm confused, which of the 3 variations below to choose (note that
I don't have the luxury to test it out) :

echo 0 > /proc/sys/net/ipv4/tcp_tstamp_always
     OR
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
     OR
sudo ndd -set /dev/tcp tcp_tstamp_if_wscale 0   ??
0
 

Author Comment

by:sunhux
ID: 40445181
Does Solaris x86  V10/11 comes preinstalled with iptables ?
0
 
LVL 23

Expert Comment

by:savone
ID: 40445188
The link I gave you is from Oracle directly.

"Additionally, create an /etc/sysctl.conf file and append it with the following values"

You have to CREATE the file.

You ONLY have to add the lines that pertain to what you are trying to do, not ALL of them.

In your case this line:
net.ipv4.tcp_timestamps = 0

Good luck!
0
 

Author Comment

by:sunhux
ID: 40445224
But the link Gheist gave is also from Oracle

If only I have the luxury of testing them out...
0
 
LVL 23

Assisted Solution

by:savone
savone earned 315 total points
ID: 40445231
The link Gheist gave you is from slaptijack.com, but it about Solaris.

Here is a thread on testing tcp timestamps for RedHat, perhaps it will work for you.

http://www.experts-exchange.com/Security/Operating_Systems_Security/Linux/Q_28461153.html
0
 

Author Comment

by:sunhux
ID: 40445854
The slaptijack link is from me.

What Gheist gave & it indicates another parameter tcp_tstamp_always :
https://docs.oracle.com/cd/E19455-01/816-0607/6m735r5ga/index.html
0
 

Author Comment

by:sunhux
ID: 40449330
Managed to get hold of a Solaris x86 to verify:

ndd -set /dev/tcp tcp_tstamp_if_wscale 1
& add the above line into /etc/system

(I wud rather add it as /etc/init.d/S99diststamp startup script
0
 

Author Comment

by:sunhux
ID: 40449331
No iptables in our Solaris x86
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Linux boot cd to do hardware report on PC? 3 97
AWS EC2 HTTP & HTTPS 2 113
WordPress: Debugging from my Windows 10 Desktop 6 91
Unix Help with:  mailx -s 17 65
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question