トップ 差分 一覧 ソース 検索 ヘルプ RSS ログイン

FB12-tips

install

total 40G ?
/         :4G
swap      :4G+
/usr/ports : 1G + 4G
/usr/src   :4G
----
/boot 200M
/    20G
/usr 24G
/var 23G
/home 100G+
SWAP 12G+
freebsd-update fetch
freebsd-update install

RC_CONF

#=================================
#  CHECK LRO/TSO option OFF!!
#  ifconfig_vtnet0="inet <IPaddress> netmask <netmask> -lro -tso"
#  ifconfig_bge0="inet <IPaddress> netmask <netmask> -lro -tso"
#=================================
# ifconfig_vtnet0="inet <IPaddress> netmask <netmask> -lro -tso"
# ifconfig_bge1="inet <IPaddress>  netmask <netmask> -lro -tso -rxcsum -txcsum"
#=================================
# sysctl net.inet.tcp.tso=0
#==========#=======================
ifconfig_bge0="inet 192.168.250.15 netmask 255.255.255.0 -lro -rxcsum -txcsum "
#==========#=======================

ports

pkg install rsync
pkg install subversion
pkg install portupgrade
pkg install python3
#
# env HTTP_PROXY="http://192.168.100.10:18080" pkg install squid
#
初回
portsnap fetch
portsnap extract

2回目移行
portsnap fetch
portsnap update
## env HTTP_PROXY="http://172.16.70.10:8080" portsnap fetch
## env HTTP_PROXY="http://172.16.70.10:8080" portsnap update
#
## rm /var/db/portsnap/tag           # アップデートがうまく行かないばあい
# env HTTP_PROXY="http://192.168.11.80:8080" portsnap fetch extract &
# env HTTP_PROXY="http://192.168.11.80:8080" portsnap fetch update &

pkg version -vL=
portupgrade -rR apache
# X 関連の build には 9Gbyte のHDDの空きが必要 ( /usr/ports で 11Gbyte 程度必要 )

src

svn svn : releng/12.0 
# cd /usr/src
# rm -rf *
# svn checkout svn://svn.FreeBSD.org/base/releng/10.1 /usr/src
# # mv /usr/src /usr/src.bak  1
# # svn checkout https://svn.freebsd.org/base/releng/10.3 /usr/src  
#
# cd /usr/src
# svn update /usr/src
cd /usr/src
make update SVN_UPDATE=yes

UPDATE

# freebsd-update fetch
# freebsd-update install
#  tool & lib のインストール
##### UPGRADE
# freebsd-update -r 12.1-RELEASE upgrade
# 質問には基本的に「y」
# freebsd-update -r 12.1-RELEASE install
#  ##  kernel インストール
再起動
# freebsd-update install
#  tool & lib のインストール
# ( Package のアップデート )
# pkg upgrade -y
#( 古い ファイルの削除 )
# freebsd-update install
#
============================
$ sudo freebsd-update upgrade -r 12.0-RELEASE
$ sudo freebsd-update install
$ sudo reboot
$ sudo freebsd-update install
$ sudo pkg upgrade -y
$ sudo freebsd-update install
## NTPなどがうまく動かないばあい
# pwd_mkdb /etc/master.passwd
# chown ntpd:ntpd /var/db/ntp/{ntpd.drift,ntpd.pid}

PROXY

 7  13:18   env HTTP_PROXY="http://192.168.11.80:8080" portsnap fetch

# env HTTP_PROXY="http://192.168.11.80:8080" portsnap fetch
# env HTTP_PROXY="http://192.168.11.80:8080" portsnap fetch extract
# env HTTP_PROXY="http://192.168.11.80:8080" portsnap fetch update

env HTTP_PROXY="http://192.168.11.80:8080" portsnap fetch update

env HTTP_PROXY="http://192.168.11.80:8080" pkg install squid

env HTTP_PROXY="http://192.168.11.80:8080" freebsd-update fetch
env HTTP_PROXY="http://192.168.11.80:8080" freebsd-update install 

~/.subversion/servers
[global]
http-proxy-host = 192.168.11.80
http-proxy-port = 8080

Release ISO の作成

FB-bootdvd

/proc

マニュアルで
mount -t procfs proc /proc
fstab に
proc    /proc                     procfs       rw        0       0
を追加

boot/locader.conf

#RELOAD is
# service sysctl restart
#
# amdtemp_load="YES"
coretemp_load="YES"
# Accept filters for data, http and DNS requests
# Useful when your software creates process/thread on each request (i.e. apache)
# Note: DNS accf available on 8.0+
# Note: In case of badly written software this can increase performance, 
# but I still would recommend against using accept filters in production because of
# their opacity - they really break abstractions. Also it's not trivial to debug/monitor
# their state.
#accf_data_load="YES" 
#accf_http_load="YES"
#accf_dns_load="YES"

# Async IO system calls
aio_load="YES"

#  Linux specific devices in /dev
# As for 8.1 it only /dev/full 
#lindev_load="YES"

# Adds NCQ support in FreeBSD
# WARNING! all ad[0-9]+ devices will be renamed to ada[0-9]+
# 8.0+ only
#ahci_load="YES"
#siis_load="YES"

# FreeBSD 9+
# New Congestion Control for FreeBSD
cc_htcp_load="YES"
#cc_cubic_load="YES"

# Increase kernel memory size to 3G. 
#
# Use ONLY if you have KVA_PAGES in kernel configuration, and you have more than 3G RAM 
# Otherwise panic will happen on next reboot!
#
# It's required for high buffer sizes: kern.ipc.nmbjumbop, kern.ipc.nmbclusters, etc
# Useful on highload stateful firewalls, proxies or ZFS fileservers
# (FreeBSD 7.2+ amd64 users: Check that current value is lower!)
#vm.kmem_size="3G"

# If you have really busy forking webserver (i.e. apache13) you may run out of processes
#kern.maxproc=10000

# If your server has lots of swap (>4Gb) you should increase following value
# according to http://lists.freebsd.org/pipermail/freebsd-hackers/2009- October/029616.html
# Otherwise you'll be getting errors
# "kernel: swap zone exhausted, increase kern.maxswzone"
#kern.maxswzone="256M" 

# Older versions of FreeBSD can't tune maxfiles on the fly
#kern.maxfiles="200000" 

# Useful for databases 
# Sets maximum data size to 1G
# (FreeBSD 7.2+ amd64 users: Check that current value is lower!)
#kern.maxdsiz="1G"

# Maximum buffer size(vfs.maxbufspace)
# You can check current one via vfs.bufspace
# Should be lowered/upped depending on server's load-type
# Usually decreased to preserve kmem
# (default is 10% of mem)
#kern.maxbcache="512M"

# Sendfile buffers
# Note: i386 only
#kern.ipc.nsfbufs=10240

# syncache tuning
net.inet.tcp.syncache.hashsize=32768
net.inet.tcp.syncache.bucketlimit=32
net.inet.tcp.syncache.cachelimit=1048576

# Send RST on listen queue overflow / memory shortage. 
# Hosts behind Load-Balancer should set it to 1 to fail fast.
# Hosts facing clients should set it to 0 for client to retry connection.
#net.inet.tcp.syncache.rst_on_sock_fail=0

# Increased hostcache
# Later host cache can be viewed via net.inet.tcp.hostcache.list hidden sysctl
# Very useful for it's RTT RTTVAR
# Must be power of two
net.inet.tcp.hostcache.hashsize=65536
# hashsize * bucketlimit (which is 30 by default)
# It allocates 255Mb (1966080*136) of RAM
net.inet.tcp.hostcache.cachelimit=1966080

# TCP control-block Hash table tuning
# See: http://serverfault.com/questions/372512/why-change-net-inet-tcp-tcbhashsize-in-freebsd 
net.inet.tcp.tcbhashsize=524288 

# Disable ipfw deny all
# Should be uncommented when there is a chance that
# kernel and ipfw binary may be out-of sync on next reboot
#net.inet.ip.fw.default_to_accept=1 

#
# SIFTR (Statistical Information For TCP Research) is a kernel module that
# logs a range of statistics on active TCP connections to a log file.
# See prerelease notes:
# 
# http://groups.google.com/group/mailing.freebsd.current/browse_thread/thread/b4c18be6 cdce76e4
# and man 4 sitfr
#siftr_load="YES"

# Enable superpages, for 7.2+ only
# See: http://lists.freebsd.org/pipermail/freebsd-hackers/2009-November/030094.html
vm.pmap.pg_ps_enabled=1

# Useful if you are using Intel-Gigabit NIC
#hw.em.rxd=4096
#hw.em.txd=4096
#hw.em.rx_process_limit="-1"
#  Also if you have A LOT interrupts on NIC - play with following parameters
# NOTE: You should set them for every NIC
#dev.em.0.rx_int_delay: 250
#dev.em.0.tx_int_delay: 250
#dev.em.0.rx_abs_int_delay: 250
#dev.em.0.tx_abs_int_delay: 250
# There is also multithreaded version of em/igb drivers that can be found here:
# http://people.yandex-team.ru/~wawa/
#
# for additional em monitoring and statistics use 
# sysctl dev.em.0.stats=1 ; dmesg
# sysctl dev.em.0.debug=1 ; dmesg
# Also after r209242 (-CURRENT) there is a separate sysctl for each stat  variable;   
# Same tunings for igb
#hw.igb.rxd=4096
#hw.igb.txd=4096
#hw.igb.rx_process_limit=100

# Some useful netisr tunables. See sysctl net.isr
#net.isr.maxthreads=4
#net.isr.defaultqlimit=10240
#net.isr.maxqlimit=10240
# Bind netisr threads to CPUs
#net.isr.bindthreads=1

#
# FreeBSD 9.x+
# Increase interface send queue length
# See commit message http://svn.freebsd.org/viewvc/base? 
view=revision&revision=207554
net.link.ifqmaxlen=1024

# IPC prametor
kern.ipc.msgmnb=8192
kern.ipc.msgssz=64
kern.ipc.msgtql=2048

# Nicer boot logo =)
loader_logo="beastie"

loader.conf

##########################
# smartpqi_load="YES"
##########################
coretemp_load="YES"

# aio_load="YES"

cc_htcp_load="YES"
##########################
machdep.hyperthreading_allowed="0"
# net.inet.tcp.soreceive_stream="1" 
##########################
net.inet.tcp.syncache.hashsize=32768
net.inet.tcp.syncache.bucketlimit=32
net.inet.tcp.syncache.cachelimit=1048576

net.inet.tcp.hostcache.hashsize=65536
# net.inet.tcp.hostcache.cachelimit=1966080
net.inet.tcp.hostcache.cachelimit="0"

net.inet.tcp.tcbhashsize=524288

vm.pmap.pg_ps_enabled=1

net.link.ifqmaxlen=1024

kern.ipc.msgmnb=8192
kern.ipc.msgssz=64
kern.ipc.msgtql=2048
##########################
net.graph.maxdata=65536
net.graph.maxalloc=65536
##########################

/ets/syscrl

# $FreeBSD: releng/10.1/etc/sysctl.conf 112200 2003-03-13 18:43:50Z mux $
#
# Ensure ZFS uses 4k block size
vfs.zfs.min_auto_ashift=12
kern.ipc.somaxconn=2048
# set to at least 16MB for 10GE hosts
kern.ipc.maxsockbuf=16777216
# socket buffers
net.inet.tcp.recvspace=4194304
net.inet.tcp.sendspace=2097152
net.inet.tcp.sendbuf_max=16777216
net.inet.tcp.recvbuf_max=16777216
net.inet.tcp.sendbuf_auto=1
net.inet.tcp.recvbuf_auto=1
net.inet.tcp.sendbuf_inc=16384
net.inet.tcp.recvbuf_inc=524288
# security
security.bsd.see_other_uids=0
security.bsd.see_other_gids=0
# drop UDP packets destined for closed sockets
net.inet.udp.blackhole=1
# drop TCP packets destined for closed sockets
net.inet.tcp.blackhole=2
# ipfw
net.inet.ip.fw.verbose_limit=3
# H-TCP congestion control algorithm
net.inet.tcp.cc.algorithm=htcp
# maximum incoming and outgoing IPv4 network queue sizes
net.inet.ip.intr_queue_maxlen=2048
net.route.netisr_maxqlen=2048

net.inet.ip.redirect=0
net.inet.raw.maxdgram=16384
net.inet.raw.recvspace=16384

# Ensure ZFS uses 4k block size
# vfs.zfs.min_auto_ashift=12
# kern.ipc.somaxconn=2048
kern.ipc.somaxconn=4096
kern.ipc.soacceptqueue=4096
# set to at least 16MB for 10GE hosts
kern.ipc.maxsockbuf=16777216
# socket buffers
net.inet.tcp.recvspace=4194304
net.inet.tcp.sendspace=2097152
net.inet.tcp.sendbuf_max=16777216
net.inet.tcp.recvbuf_max=16777216
net.inet.tcp.sendbuf_auto=1
net.inet.tcp.recvbuf_auto=1
net.inet.tcp.sendbuf_inc=16384
net.inet.tcp.recvbuf_inc=524288
#
net.local.stream.recvspace=131070
net.local.stream.sendspace=131070
# security
security.bsd.see_other_uids=0
security.bsd.see_other_gids=0
# drop UDP packets destined for closed sockets
net.inet.udp.blackhole=1
# drop TCP packets destined for closed sockets
net.inet.tcp.blackhole=2
# ipfw
net.inet.ip.fw.verbose_limit=3
# H-TCP congestion control algorithm
net.inet.tcp.cc.algorithm=htcp
# maximum incoming and outgoing IPv4 network queue sizes
net.inet.ip.intr_queue_maxlen=2048
net.route.netisr_maxqlen=2048
####
# net.ip.redirect=0
# net.inet.raw.maxdgram=16384
# net.inet.raw.recvspace=16384
###############################################################################
#kern.ipc.maxsockbuf=2097152    # (wscale  6 ; default) 1G
kern.ipc.maxsockbuf=4194304    # (wscale  7) 2G
#kern.ipc.maxsockbuf=16777216    # (wscale  9) 10G
#kern.ipc.maxsockbuf=157286400  # (wscale 12) 40G
#kern.ipc.maxsockbuf=614400000  # (wscale 14) 100G
#############################
# 
net.inet.tcp.recvbuf_inc=65536    # (default 16384)
net.inet.tcp.recvbuf_max=4194304  # (default 2097152)
net.inet.tcp.recvspace=65536      # (default 65536)
net.inet.tcp.sendbuf_inc=65536    # (default 8192)
net.inet.tcp.sendbuf_max=4194304  # (default 2097152)
net.inet.tcp.sendspace=65536      # (default 32768)
# 
net.inet.tcp.mssdflt=1460   # Option 1 (default 536)
#net.inet.tcp.mssdflt=1240  # Option 2 (default 536)
#############################
#
net.inet.tcp.minmss=536  # (default 216)
#
net.inet.tcp.abc_l_var=44   # (default 2) if net.inet.tcp.mssdflt = 1460
#net.inet.tcp.abc_l_var=52  # (default 2) if net.inet.tcp.mssdflt = 1240
#
net.inet.tcp.initcwnd_segments=44  # (default 10 for FreeBSD 11.2) if  net.inet.tcp.mssdflt = 1460
#net.inet.tcp.initcwnd_segments=52 # (default 10 for FreeBSD 11.2) if net.inet.tcp.mssdflt = 1240
#net.inet.tcp.experimental.initcwnd10=1      # (default  1 for FreeBSD 10.1)
net.inet.tcp.cc.htcp.adaptive_backoff=1  # (default 0 ; disabled)
net.inet.tcp.cc.htcp.rtt_scaling=1  # (default 0 ; disabled)
net.tcp.cc.abe=1 
net.inet.tcp.rfc6675_pipe=1  # (default 0)
net.inet.tcp.syncache.rexmtlimit=0  # (default 3)
#
net.inet.ip.maxfragpackets=0     # (default 63474)
net.inet.ip.maxfragsperpacket=0  # (default 16)
net.inet6.ip6.maxfragpackets=0   # (default 507715)
net.inet6.ip6.maxfrags=0         # (default 507715)
#
net.inet.tcp.syncookies=0  # (default 1)
#
net.inet.tcp.isn_reseed_interval=4500  # (default 0, disabled)
#
net.inet.tcp.tso=0  # (default 1)

kern.random.fortuna.minpoolsize=128  # (default 64)
kern.random.harvest.mask=351   # (default 511, FreeBSD 11 and 12 without Intel Secure Key RNG)
#kern.random.harvest.mask=65887  # (default 66047, FreeBSD 12 with Intel Secure Key RNG)
#
#
net.inet.ip.redirect=0     
kern.ipc.shm_use_phys=1            # lock shared memory into RAM and prevent it from being paged out to swap (default 0, disabled)
kern.msgbuf_show_timestamp=1       # display timestamp in msgbuf (default 0)
kern.randompid=1                   # calculate PIDs by the modulus of an integer, set to one(1) to auto random (default 0)
net.bpf.optimize_writers=1         # bpf is write-only unless program explicitly specifies the read filter (default 0)
net.inet.icmp.drop_redirect=1      # no redirected ICMP packets (default 0)
net.inet.ip.check_interface=1      # verify packet arrives on correct interface (default 0)
net.inet.ip.portrange.first=32768  # use ports 32768 to portrange.last for outgoing connections (default 10000)
net.inet.ip.portrange.randomcps=9999 # use random port allocation if less than this many ports per second are allocated (default 10)
net.inet.ip.portrange.randomtime=1 # seconds to use sequental port allocation before switching back to random (default 45 secs)
net.inet.ip.random_id=1            # assign a random IP id to each packet leaving the system (default 0)
net.inet.ip.redirect=0             # do not send IP redirects (default 1)
net.inet6.ip6.redirect=0           # do not send IPv6 redirects (default 1)
net.inet.sctp.blackhole=2          # drop stcp packets destined for closed ports (default 0)
net.inet.tcp.blackhole=2           # drop tcp packets destined for closed ports (default 0)
net.inet.tcp.drop_synfin=1         # SYN/FIN packets get dropped on initial connection (default 0)
net.inet.tcp.fast_finwait2_recycle=1 # recycle FIN/WAIT states quickly, helps against DoS, but may cause false RST (default 0)
net.inet.tcp.fastopen.client_enable=0 # disable TCP Fast Open client side, enforce three way TCP handshake (default 1, enabled)
net.inet.tcp.fastopen.server_enable=0 # disable TCP Fast Open server side, enforce three way TCP handshake (default 0)
net.inet.tcp.finwait2_timeout=1000 # TCP FIN_WAIT_2 timeout waiting for client FIN packet before state close (default 60000, 60 sec)
net.inet.tcp.icmp_may_rst=0        # icmp may not send RST to avoid spoofed icmp/udp floods (default 1)
net.inet.tcp.keepcnt=2             # amount of tcp keep alive probe failures before socket is forced closed (default 8)
net.inet.tcp.keepidle=62000        # time before starting tcp keep alive probes on an idle, TCP connection (default 7200000, 7200 secs)
net.inet.tcp.keepinit=5000         # tcp keep alive client reply timeout (default 75000, 75 secs)
# net.inet.tcp.msl=2500              # Maximum Segment Lifetime, time the connection spends in TIME_WAIT state (default 30000, 2*MSL = 60 sec)
net.inet.tcp.path_mtu_discovery=0  # disable for mtu=1500 as most paths drop ICMP type 3 packets, but keep enabled for mtu=9000 (default 1)
net.inet.udp.blackhole=1           # drop udp packets destined for closed sockets (default 0)
net.inet.udp.recvspace=1048576     # UDP receive space, HTTP/3 webserver, "netstat -sn -p udp" and increase if full socket buffers (default 42080)
security.bsd.hardlink_check_gid=1  # unprivileged processes may not create hard links to files owned by other groups, DISABLE for mailman (default 0)
# security.bsd.hardlink_check_uid=1  # unprivileged processes may not create hard links to files owned by other users,  DISABLE for mailman (default 0)
# security.bsd.see_other_gids=0      # groups only see their own processes. root can see all (default 1)
# security.bsd.see_other_uids=0      # users only see their own processes. root can see all (default 1)
# security.bsd.stack_guard_page=1    # insert a stack guard page ahead of growable segments, stack smashing protection (SSP) (default 0)
# security.bsd.unprivileged_proc_debug=0 # unprivileged processes may not use process debugging (default 1)
# security.bsd.unprivileged_read_msgbuf=0 # unprivileged processes may not read the kernel message buffer (default 1)

###############################################################################check : # sysctl net.inet.tcp.tso=0# # ifconfig vtnet0 -lro

###############################################################################

TAG vlan

http://wiki.tomocha.net/BSD_802.1QVLAN.html

SoftEther

https://gist.github.com/imksoo/4a768345443242e829d7b040047bd65f

tips

https://techracho.bpsinc.jp/ika/2016_12_17/30656

https://calomel.org/freebsd_network_tuning.html

https://calomel.org/freebsd_network_tuning.html