トップ 差分 一覧 ソース 検索 ヘルプ RSS ログイン

FB13-tips

FB-13-tips

install

total 50G ?
/         :4G
swap      :4G+
/usr/ports : 1G + 4G
/usr/src   :4G
----
/boot 200M
/    25G 
/usr 24G + 15G (buildworld) = 40G
/var 25G
/home 100G+
SWAP 12G+
freebsd-update fetch
freebsd-update install

dig -> drill

drill www.iij.ad.jp

passwd

 調べてみると、パスワードデータベースである /etc/pwd.db, /etc/spwd.db が更新される必要があり、その更新には
   # pwd_mkdb -p /etc/master.passwd 

RC_CONF

#=================================
#  CHECK LRO/TSO option OFF!!
# LRO (Large recieve offload) - セグメントの再構築をハードウェアで実施
# TSO (TCP segmentation offload) - TCPセグメンへの分割処理をハードウェアで実施
# TOE (Full TCP offload engine) - TCP/IPの処理をすべてハードウェアで実施
# RXCSUM,TXCSUM - 送受信のChecksumをハードウェアで
#  ifconfig_vtnet0="inet <IPaddress> netmask <netmask> -lro -tso"
#  ifconfig_bge0="inet <IPaddress> netmask <netmask> -lro -tso"
#=================================
# ifconfig_vtnet0="inet <IPaddress> netmask <netmask> -lro -tso"
# ifconfig_bge1="inet <IPaddress>  netmask <netmask> -lro -tso -rxcsum -txcsum"
#=================================
# sysctl net.inet.tcp.tso=0
#==========#=======================
ifconfig_bge0="inet 192.168.250.15 netmask 255.255.255.0 -lro -rxcsum -txcsum "
#==========#=======================
dumpdev="AUTO"          # Device to crashdump to (device name, AUTO, or NO).
dumpdir="/var/crash"    # Directory where crash dumps are to be stored
#==================================

ports

pkg install rsync
pkg install rcs
pkg install subversion
pkg install portupgrade
pkg install python3
# pkg install py36-pip
pkg install py37-pip
# pkg install softether
# pkg install haproxy
#
# env HTTP_PROXY="http://127.0.0.1:18080" pkg install squid
# env HTTP_PROXY="http://127.0.0.1:18080" pkg install net-snmpd
# env HTTP_PROXY="http://127.0.0.1:18080" pkg install bsnmp-ucd 
# env HTTP_PROXY="http://127.0.0.1:18080" pkg install apcupsd
# env HTTP_PROXY="http://127.0.0.1:18080" pkg install py37-sqlite3
#
pkg install smartmontools
pkg install mbmon 
#
pkg install munin-node munin-master

#
# env HTTP_PROXY="http://192.168.100.10:18080" pkg install squid
#
初回
portsnap fetch
portsnap extract

2回目移行
portsnap fetch
portsnap update
## env HTTP_PROXY="http://172.16.70.10:8080" portsnap fetch
## env HTTP_PROXY="http://172.16.70.10:8080" portsnap update
#
## rm /var/db/portsnap/tag           # アップデートがうまく行かないばあい
# env HTTP_PROXY="http://192.168.11.80:8080" portsnap fetch extract &
# env HTTP_PROXY="http://192.168.11.80:8080" portsnap fetch update &

pkg version -vL=
portupgrade -rR apache
# X 関連の build には 9Gbyte のHDDの空きが必要 ( /usr/ports で 11Gbyte 程度必要 )

Speedtest

https://www.speedtest.net/ja/apps/cli

https://github.com/sivel/speedtest-cli


src

## svn svn : releng/12.0 
## # cd /usr/src
## # rm -rf *
## # svn checkout svn://svn.FreeBSD.org/base/releng/10.1 /usr/src
## # # mv /usr/src /usr/src.bak  1
## # # svn checkout https://svn.freebsd.org/base/releng/10.3 /usr/src  
## #
## # # chflags -R noschg /usr/obj/*
## # # rm -rf /usr/obj
## # # make -j4 -DNOPROFILE=true buildworld  # 4process??
## # # make -j4 -DNOPROFILE=true TARGET_ARCH=amd64 TARGET=amd64 buildworld
## # # make buildkernel TARGET_ARCH=amd64 TARGET=amd64 KERNCONF=GREN1SMP
## # # make installkernel TARGET_ARCH=amd64 TARGET=amd64 KERNCONF=GREN1SMP
## # # make -DNOPROFILE=true TARGET_ARCH=amd64 TARGET=amd64 installworld
#
## make -j4 -DNOPROFILE=true TARGET_ARCH=amd64 TARGET=amd64 buildworld
## make -j4 -DNOPROFILE=true TARGET_ARCH=amd64 TARGET=amd64 buildkernel
## make     -DNOPROFILE=true TARGET_ARCH=amd64 TARGET=amd64 installkernel
## make     -DNOPROFILE=true TARGET_ARCH=amd64 TARGET=amd64 installworld

## # cd /usr/src
## # svn update /usr/src
## cd /usr/src
## make update SVN_UPDATE=yes

# svnlite update /usr/src  
check /usr/src/UPDATING  
## # svnlite info /usr/src
## 
# cd /usr/src          
# make -j4 buildworld  
# make -j4 kernel      
## shutdown -r now
## cd /usr/src
## make installworld
## mergemaster -Ui
## shutdown -r now

FB13 UPDATE

# freebsd-update fetch
# freebsd-update install
#  tool & lib のインストール
##### UPGRADE
### freebsd-update -r 13.1-RELEASE upgrade
# freebsd-update -r 13.0-RELEASE upgrade
# 質問には基本的に「y」
### freebsd-update -r 13.1-RELEASE install
# freebsd-update -r 13.0-RELEASE install
#  ##  kernel インストール
再起動
# freebsd-update install
#  tool & lib のインストール
# ( Package のアップデート )
# pkg upgrade -y
#( 古い ファイルの削除 )
# freebsd-update install
#
# pkgdb -F    ##: パッケージ・レジストリ・データベース (package registry database) の不整合修正 (fix)
# portsdb -uU ##: ポーツ・データベース・ファイル INDEX.db の生成/更新と,ポーツ・インデックス・ファイル INDEXの生成/更新 
============================
# 1017  16:15   ls -l //var/db/freebsd-update/files
# cd /var/db/freebsd-update/files
# ファイルの削除
============================
$ sudo freebsd-update upgrade -r 13.0-RELEASE
$ sudo freebsd-update install
$ sudo reboot
$ sudo freebsd-update install
$ sudo pkg upgrade -y
$ sudo freebsd-update install
## NTPなどがうまく動かないばあい
# pwd_mkdb /etc/master.passwd
# chown ntpd:ntpd /var/db/ntp/{ntpd.drift,ntpd.pid}

PROXY

 7  13:18   env HTTP_PROXY="http://192.168.11.80:8080" portsnap fetch

# env HTTP_PROXY="http://192.168.11.80:8080" portsnap fetch
# env HTTP_PROXY="http://192.168.11.80:8080" portsnap fetch extract
# env HTTP_PROXY="http://192.168.11.80:8080" portsnap fetch update

env HTTP_PROXY="http://192.168.11.80:8080" portsnap fetch update

env HTTP_PROXY="http://192.168.11.80:8080" pkg install squid

env HTTP_PROXY="http://192.168.11.80:8080" freebsd-update fetch
env HTTP_PROXY="http://192.168.11.80:8080" freebsd-update install 

FreeBSD-UPgrade PROXY use
# 
#### env HTTP_PROXY="http://127.0.0.1:18080" freebsd-update upgrade -r 13.1-RELEASE   
# env HTTP_PROXY="http://127.0.0.1:18080" freebsd-update upgrade -r 13.0-RELEASE   
# env HTTP_PROXY="http://127.0.0.1:18080" freebsd-update install
< Reboot>
# env HTTP_PROXY="http://127.0.0.1:18080" freebsd-update install 
# env HTTP_PROXY="http://127.0.0.1:18080" pkg bootstrap -f
# env HTTP_PROXY="http://127.0.0.1:18080" pkg upgrade -y
<  >
#  env HTTP_PROXY="http://127.0.0.1:18080" freebsd-update install
#  pwd_mkdb /etc/master.passwd
#  env HTTP_PROXY="http://127.0.0.1:18080" pkg upgrade -y
#  env HTTP_PROXY="http://127.0.0.1:18080" pkg install munin-node 
       /usr/local/sbin/munin-node-configure --shell | sh -x
       # env HTTP_PROXY="http://127.0.0.1:18080" pkg install perl5
    
# setenv HTTP_PROXY "http://proxy.ne.jp:8080"
# setenv HTTP_PROXY_AUTH "basic:*:userid:password"
# setenv HTTP_PROXY "http://userid:password@proxy.ne.jp:8080"
# setenv HTTP_TIMEOUT 1800

~/.subversion/servers
[global]
http-proxy-host = 192.168.11.80
http-proxy-port = 8080

Release ISO の作成

FB-bootdvd

/proc

マニュアルで
mount -t procfs proc /proc
fstab に
proc    /proc                     procfs       rw        0       0
を追加

https://wiki.freebsd.org/NetworkPerformanceTuning

hw.igb.max_interrupt_rate- :: 32000以上
net.inet.tcp.tcbhashsize-  :: 最大32K以上
net.inet.ip.output_flowtable_size :: 

kern.maxfiles- ::
kern.maxfilesperproc ;;

kern.ipc.nmbclusters-ローダーの調整可能および読み取り/書き込みsysctl、システム内のmbufクラスター数のグローバル制限。この値に達すると、パケットドロップが発生します。
kern.ipc.nmbjumbop-FreeBSD 7以降、TCPソケットは送信データに2Kサイズのmbufクラスターを使用せず、ページサイズのmbufクラスター(一般に4K)を使用します。これはローダーで調整可能であり、読み取り/書き込みsysctlで数を制限します。
kern.ipc.nmbjumbo9
kern.ipc.nmbjumbo16
net.inet.tcp.per_cpu_timers
net.inet.flowtable.nmbflows 

https://people.freebsd.org/~olivier/talks/2018_AsiaBSDCon_Tuning_FreeBSD_for_routing_and_firewalling-Paper.pdf

https://calomel.org/freebsd_network_tuning.html


boot/locader.conf

#RELOAD is
# service sysctl restart
#
# amdtemp_load="YES"
coretemp_load="YES"
# Accept filters for data, http and DNS requests
# Useful when your software creates process/thread on each request (i.e. apache)
# Note: DNS accf available on 8.0+
# Note: In case of badly written software this can increase performance, 
# but I still would recommend against using accept filters in production because of
# their opacity - they really break abstractions. Also it's not trivial to debug/monitor
# their state.
#accf_data_load="YES" 
#accf_http_load="YES"
#accf_dns_load="YES"

# Async IO system calls
aio_load="YES"

#  Linux specific devices in /dev
# As for 8.1 it only /dev/full 
#lindev_load="YES"

# Adds NCQ support in FreeBSD
# WARNING! all ad[0-9]+ devices will be renamed to ada[0-9]+
# 8.0+ only
#ahci_load="YES"
#siis_load="YES"

# FreeBSD 9+
# New Congestion Control for FreeBSD
cc_htcp_load="YES"
#cc_cubic_load="YES"

# Increase kernel memory size to 3G. 
#
# Use ONLY if you have KVA_PAGES in kernel configuration, and you have more than 3G RAM 
# Otherwise panic will happen on next reboot!
#
# It's required for high buffer sizes: kern.ipc.nmbjumbop, kern.ipc.nmbclusters, etc
# Useful on highload stateful firewalls, proxies or ZFS fileservers
# (FreeBSD 7.2+ amd64 users: Check that current value is lower!)
#vm.kmem_size="3G"

# If you have really busy forking webserver (i.e. apache13) you may run out of processes
#kern.maxproc=10000

# If your server has lots of swap (>4Gb) you should increase following value
# according to http://lists.freebsd.org/pipermail/freebsd-hackers/2009- October/029616.html
# Otherwise you'll be getting errors
# "kernel: swap zone exhausted, increase kern.maxswzone"
#kern.maxswzone="256M" 

# Older versions of FreeBSD can't tune maxfiles on the fly
#kern.maxfiles="200000" 

# Useful for databases 
# Sets maximum data size to 1G
# (FreeBSD 7.2+ amd64 users: Check that current value is lower!)
#kern.maxdsiz="1G"

# Maximum buffer size(vfs.maxbufspace)
# You can check current one via vfs.bufspace
# Should be lowered/upped depending on server's load-type
# Usually decreased to preserve kmem
# (default is 10% of mem)
#kern.maxbcache="512M"

# Sendfile buffers
# Note: i386 only
#kern.ipc.nsfbufs=10240

# syncache tuning
net.inet.tcp.syncache.hashsize=32768
net.inet.tcp.syncache.bucketlimit=32
net.inet.tcp.syncache.cachelimit=1048576

# Send RST on listen queue overflow / memory shortage. 
# Hosts behind Load-Balancer should set it to 1 to fail fast.
# Hosts facing clients should set it to 0 for client to retry connection.
#net.inet.tcp.syncache.rst_on_sock_fail=0

# Increased hostcache
# Later host cache can be viewed via net.inet.tcp.hostcache.list hidden sysctl
# Very useful for it's RTT RTTVAR
# Must be power of two
net.inet.tcp.hostcache.hashsize=65536
# hashsize * bucketlimit (which is 30 by default)
# It allocates 255Mb (1966080*136) of RAM
net.inet.tcp.hostcache.cachelimit=1966080

# TCP control-block Hash table tuning
# See: http://serverfault.com/questions/372512/why-change-net-inet-tcp-tcbhashsize-in-freebsd 
net.inet.tcp.tcbhashsize=524288 

# Disable ipfw deny all
# Should be uncommented when there is a chance that
# kernel and ipfw binary may be out-of sync on next reboot
#net.inet.ip.fw.default_to_accept=1 

#
# SIFTR (Statistical Information For TCP Research) is a kernel module that
# logs a range of statistics on active TCP connections to a log file.
# See prerelease notes:
# 
# http://groups.google.com/group/mailing.freebsd.current/browse_thread/thread/b4c18be6 cdce76e4
# and man 4 sitfr
#siftr_load="YES"

# Enable superpages, for 7.2+ only
# See: http://lists.freebsd.org/pipermail/freebsd-hackers/2009-November/030094.html
vm.pmap.pg_ps_enabled=1

# Useful if you are using Intel-Gigabit NIC
#hw.em.rxd=4096
#hw.em.txd=4096
#hw.em.rx_process_limit="-1"
#  Also if you have A LOT interrupts on NIC - play with following parameters
# NOTE: You should set them for every NIC
#dev.em.0.rx_int_delay: 250
#dev.em.0.tx_int_delay: 250
#dev.em.0.rx_abs_int_delay: 250
#dev.em.0.tx_abs_int_delay: 250
# There is also multithreaded version of em/igb drivers that can be found here:
# http://people.yandex-team.ru/~wawa/
#
# for additional em monitoring and statistics use 
# sysctl dev.em.0.stats=1 ; dmesg
# sysctl dev.em.0.debug=1 ; dmesg
# Also after r209242 (-CURRENT) there is a separate sysctl for each stat  variable;   
# Same tunings for igb
#hw.igb.rxd=4096
#hw.igb.txd=4096
#hw.igb.rx_process_limit=100

# Some useful netisr tunables. See sysctl net.isr
#net.isr.maxthreads=4
#net.isr.defaultqlimit=10240
#net.isr.maxqlimit=10240
# Bind netisr threads to CPUs
#net.isr.bindthreads=1

#
# FreeBSD 9.x+
# Increase interface send queue length
# See commit message http://svn.freebsd.org/viewvc/base? 
view=revision&revision=207554
net.link.ifqmaxlen=1024

# IPC prametor
kern.ipc.msgmnb=8192
kern.ipc.msgssz=64
kern.ipc.msgtql=2048

# Nicer boot logo =)
loader_logo="beastie"

loader.conf

##########################
# smartpqi_load="YES"
##########################
coretemp_load="YES"

# aio_load="YES"

cc_htcp_load="YES"
##########################
machdep.hyperthreading_allowed="0"
# net.inet.tcp.soreceive_stream="1" 
##########################
net.inet.tcp.syncache.hashsize=32768
net.inet.tcp.syncache.bucketlimit=32
net.inet.tcp.syncache.cachelimit=1048576

net.inet.tcp.hostcache.hashsize=65536
# net.inet.tcp.hostcache.cachelimit=1966080
net.inet.tcp.hostcache.cachelimit="0"

net.inet.tcp.tcbhashsize=524288

vm.pmap.pg_ps_enabled=1

net.link.ifqmaxlen=1024

kern.ipc.msgmnb=8192
kern.ipc.msgssz=64
kern.ipc.msgtql=2048
##########################
net.graph.maxdata=65536
net.graph.maxalloc=65536
##########################

/ets/syscrl

# $FreeBSD: releng/10.1/etc/sysctl.conf 112200 2003-03-13 18:43:50Z mux $
#
# How many routing_table
net.fibs=1
# Ensure ZFS uses 4k block size
vfs.zfs.min_auto_ashift=12
kern.ipc.somaxconn=2048
# set to at least 16MB for 10GE hosts
kern.ipc.maxsockbuf=16777216
# socket buffers
net.inet.tcp.recvspace=4194304
net.inet.tcp.sendspace=2097152
net.inet.tcp.sendbuf_max=16777216
net.inet.tcp.recvbuf_max=16777216
net.inet.tcp.sendbuf_auto=1
net.inet.tcp.recvbuf_auto=1
net.inet.tcp.sendbuf_inc=16384
net.inet.tcp.recvbuf_inc=524288
# security
security.bsd.see_other_uids=0
security.bsd.see_other_gids=0
# drop UDP packets destined for closed sockets
net.inet.udp.blackhole=1
# drop TCP packets destined for closed sockets
net.inet.tcp.blackhole=2
# ipfw
net.inet.ip.fw.verbose_limit=3
# H-TCP congestion control algorithm
net.inet.tcp.cc.algorithm=htcp
# maximum incoming and outgoing IPv4 network queue sizes
net.inet.ip.intr_queue_maxlen=2048
net.route.netisr_maxqlen=2048

net.inet.ip.redirect=0
net.inet.raw.maxdgram=16384
net.inet.raw.recvspace=16384

# Ensure ZFS uses 4k block size
# vfs.zfs.min_auto_ashift=12
# kern.ipc.somaxconn=2048
kern.ipc.somaxconn=4096
kern.ipc.soacceptqueue=4096
# set to at least 16MB for 10GE hosts
kern.ipc.maxsockbuf=16777216
# socket buffers
net.inet.tcp.recvspace=4194304
net.inet.tcp.sendspace=2097152
net.inet.tcp.sendbuf_max=16777216
net.inet.tcp.recvbuf_max=16777216
net.inet.tcp.sendbuf_auto=1
net.inet.tcp.recvbuf_auto=1
net.inet.tcp.sendbuf_inc=16384
net.inet.tcp.recvbuf_inc=524288
#
net.local.stream.recvspace=131070
net.local.stream.sendspace=131070
# security
security.bsd.see_other_uids=0
security.bsd.see_other_gids=0
# drop UDP packets destined for closed sockets
net.inet.udp.blackhole=1
# drop TCP packets destined for closed sockets
net.inet.tcp.blackhole=2
# ipfw
net.inet.ip.fw.verbose_limit=3
# H-TCP congestion control algorithm
net.inet.tcp.cc.algorithm=htcp
# maximum incoming and outgoing IPv4 network queue sizes
net.inet.ip.intr_queue_maxlen=2048
net.route.netisr_maxqlen=2048
####
# net.ip.redirect=0
# net.inet.raw.maxdgram=16384
# net.inet.raw.recvspace=16384
###############################################################################
#kern.ipc.maxsockbuf=2097152    # (wscale  6 ; default) 1G
kern.ipc.maxsockbuf=4194304    # (wscale  7) 2G
#kern.ipc.maxsockbuf=16777216    # (wscale  9) 10G
#kern.ipc.maxsockbuf=157286400  # (wscale 12) 40G
#kern.ipc.maxsockbuf=614400000  # (wscale 14) 100G
#############################
# 
net.inet.tcp.recvbuf_inc=65536    # (default 16384)
net.inet.tcp.recvbuf_max=4194304  # (default 2097152)
net.inet.tcp.recvspace=65536      # (default 65536)
net.inet.tcp.sendbuf_inc=65536    # (default 8192)
net.inet.tcp.sendbuf_max=4194304  # (default 2097152)
net.inet.tcp.sendspace=65536      # (default 32768)
# 
net.inet.tcp.mssdflt=1460   # Option 1 (default 536)
#net.inet.tcp.mssdflt=1240  # Option 2 (default 536)
#############################
#
net.inet.tcp.minmss=536  # (default 216)
#
net.inet.tcp.abc_l_var=44   # (default 2) if net.inet.tcp.mssdflt = 1460
#net.inet.tcp.abc_l_var=52  # (default 2) if net.inet.tcp.mssdflt = 1240
#
net.inet.tcp.initcwnd_segments=44  # (default 10 for FreeBSD 11.2) if  net.inet.tcp.mssdflt = 1460
#net.inet.tcp.initcwnd_segments=52 # (default 10 for FreeBSD 11.2) if net.inet.tcp.mssdflt = 1240
#net.inet.tcp.experimental.initcwnd10=1      # (default  1 for FreeBSD 10.1)
net.inet.tcp.cc.htcp.adaptive_backoff=1  # (default 0 ; disabled)
net.inet.tcp.cc.htcp.rtt_scaling=1  # (default 0 ; disabled)
net.tcp.cc.abe=1 
net.inet.tcp.rfc6675_pipe=1  # (default 0)
net.inet.tcp.syncache.rexmtlimit=0  # (default 3)
#
net.inet.ip.maxfragpackets=0     # (default 63474)
net.inet.ip.maxfragsperpacket=0  # (default 16)
net.inet6.ip6.maxfragpackets=0   # (default 507715)
net.inet6.ip6.maxfrags=0         # (default 507715)
#
net.inet.tcp.syncookies=0  # (default 1)
#
net.inet.tcp.isn_reseed_interval=4500  # (default 0, disabled)
#
net.inet.tcp.tso=0  # (default 1)

kern.random.fortuna.minpoolsize=128  # (default 64)
kern.random.harvest.mask=351   # (default 511, FreeBSD 11 and 12 without Intel Secure Key RNG)
#kern.random.harvest.mask=65887  # (default 66047, FreeBSD 12 with Intel Secure Key RNG)
#
#
net.inet.ip.redirect=0     
kern.ipc.shm_use_phys=1            # lock shared memory into RAM and prevent it from being paged out to swap (default 0, disabled)
kern.msgbuf_show_timestamp=1       # display timestamp in msgbuf (default 0)
kern.randompid=1                   # calculate PIDs by the modulus of an integer, set to one(1) to auto random (default 0)
net.bpf.optimize_writers=1         # bpf is write-only unless program explicitly specifies the read filter (default 0)
net.inet.icmp.drop_redirect=1      # no redirected ICMP packets (default 0)
net.inet.ip.check_interface=1      # verify packet arrives on correct interface (default 0)
net.inet.ip.portrange.first=32768  # use ports 32768 to portrange.last for outgoing connections (default 10000)
net.inet.ip.portrange.randomcps=9999 # use random port allocation if less than this many ports per second are allocated (default 10)
net.inet.ip.portrange.randomtime=1 # seconds to use sequental port allocation before switching back to random (default 45 secs)
net.inet.ip.random_id=1            # assign a random IP id to each packet leaving the system (default 0)
net.inet.ip.redirect=0             # do not send IP redirects (default 1)
net.inet6.ip6.redirect=0           # do not send IPv6 redirects (default 1)
net.inet.sctp.blackhole=2          # drop stcp packets destined for closed ports (default 0)
net.inet.tcp.blackhole=2           # drop tcp packets destined for closed ports (default 0)
net.inet.tcp.drop_synfin=1         # SYN/FIN packets get dropped on initial connection (default 0)
net.inet.tcp.fast_finwait2_recycle=1 # recycle FIN/WAIT states quickly, helps against DoS, but may cause false RST (default 0)
net.inet.tcp.fastopen.client_enable=0 # disable TCP Fast Open client side, enforce three way TCP handshake (default 1, enabled)
net.inet.tcp.fastopen.server_enable=0 # disable TCP Fast Open server side, enforce three way TCP handshake (default 0)
net.inet.tcp.finwait2_timeout=1000 # TCP FIN_WAIT_2 timeout waiting for client FIN packet before state close (default 60000, 60 sec)
net.inet.tcp.icmp_may_rst=0        # icmp may not send RST to avoid spoofed icmp/udp floods (default 1)
net.inet.tcp.keepcnt=2             # amount of tcp keep alive probe failures before socket is forced closed (default 8)
net.inet.tcp.keepidle=62000        # time before starting tcp keep alive probes on an idle, TCP connection (default 7200000, 7200 secs)
net.inet.tcp.keepinit=5000         # tcp keep alive client reply timeout (default 75000, 75 secs)
# net.inet.tcp.msl=2500              # Maximum Segment Lifetime, time the connection spends in TIME_WAIT state (default 30000, 2*MSL = 60 sec)
net.inet.tcp.path_mtu_discovery=0  # disable for mtu=1500 as most paths drop ICMP type 3 packets, but keep enabled for mtu=9000 (default 1)
net.inet.udp.blackhole=1           # drop udp packets destined for closed sockets (default 0)
net.inet.udp.recvspace=1048576     # UDP receive space, HTTP/3 webserver, "netstat -sn -p udp" and increase if full socket buffers (default 42080)
security.bsd.hardlink_check_gid=1  # unprivileged processes may not create hard links to files owned by other groups, DISABLE for mailman (default 0)
# security.bsd.hardlink_check_uid=1  # unprivileged processes may not create hard links to files owned by other users,  DISABLE for mailman (default 0)
# security.bsd.see_other_gids=0      # groups only see their own processes. root can see all (default 1)
# security.bsd.see_other_uids=0      # users only see their own processes. root can see all (default 1)
# security.bsd.stack_guard_page=1    # insert a stack guard page ahead of growable segments, stack smashing protection (SSP) (default 0)
# security.bsd.unprivileged_proc_debug=0 # unprivileged processes may not use process debugging (default 1)
# security.bsd.unprivileged_read_msgbuf=0 # unprivileged processes may not read the kernel message buffer (default 1)

###############################################################################check :

# sysctl net.inet.tcp.tso=0
# 
# ifconfig vtnet0 -lro

###############################################################################

TAG vlan

http://wiki.tomocha.net/BSD_802.1QVLAN.html

fib

FB-setfib

リンクアグリゲーション

FB-interface

command::
ifconfig lagg0 laggproto lacp laggport em0 laggport em1
ifconfig lagg0
rc.conf :: 
ifconfig_em0="up"
ifconfig_em1="up"
ifconfig_lagg0="laggproto lacp laggport em0 laggport em1"

https://qiita.com/shiest/items/c2d559a60b8e0b561f51

https://qastack.jp/server/619574/freebsd-link-aggregation-no-faster-than-single-link

SoftEther

https://gist.github.com/imksoo/4a768345443242e829d7b040047bd65f

IP を複数

> ifconfig bgeo alias 192.168.16.130/28

tips

https://calomel.org/freebsd_network_tuning.html

https://techracho.bpsinc.jp/ika/2016_12_17/30656

https://calomel.org/freebsd_network_tuning.html

https://calomel.org/freebsd_network_tuning.html

https://calomel.org/freebsd_network_tuning.html