Need to change Network parameters

Hi All,
Sap Application team performing TPO analysis and have some recommendations for OS parameters. Can you please review the below mentioned parameters and let us know

Current Settings
net.core.somaxconn = 128
net.ipv4.tcp_max_syn_backlog = 2048
net.core.rmem_max = 229376
net.core.wmem_max = 229376
They are asking us to change the above parameters as per below
Expecting changes as per below
net.core.somaxconn = 4096
net.ipv4.tcp_max_syn_backlog = 8192
net.core.rmem_max = 6291456
net.core.wmem_max = 4194304

If these can be implemented are not/
Any impact that you see with current settings.
Other depending factors if we modify these parameters.
Process to get them updated in environment and if it requires downtime.

Hi
The sysctl tool is your friend along with your own conf file in /etc/sysctl.d/
For example, to ensure values are set at boot time, create a /etc/sysctl.d/99-sap.conf containing;

net.core.somaxconn = 4096
net.ipv4.tcp_max_syn_backlog = 8192
net.core.rmem_max = 6291456
net.core.wmem_max = 4194304

Use the -a option to see, the -w option to write on the fly;
For example;

sysctl -n net.ipv4.tcp_max_syn_backlog
2048

sysctl -w net.ipv4.tcp_max_syn_backlog=8192
net.ipv4.tcp_max_syn_backlog = 8192

sysctl -n net.ipv4.tcp_max_syn_backlog
8192

Thanks for the update.
Kindly let us know if change parameters is there any impact
Other depending factors if we modify these parameters.
Process to get them updated in environment and if it requires downtime.

Hi
They should adapt on the fly if you write them with the sysctl tool, with the config file in place the parameters will be set if/when you reboot.

If they are recommended by your Team, then you should be fine…

Hi ,
Need Clarification on below
Can we go head and update below parameters in /etc/sysctl.conf file are else as specified in above discussion we need to create a separate file /etc/sysctl.d/99-sap.conf and then need to update below parameters in to these file

net.core.somaxconn = 4096
net.ipv4.tcp_max_syn_backlog = 8192
net.core.rmem_max = 6291456
net.core.wmem_max = 4194304

@Vadapalli I would suggest the contents are in /etc/sysctl.d/ directory, as an update may overwrite the /etc/sysctl.conf file. Either will work, so if the contents do exist in /etc/sysctl.conf, then update there, if not use /etc/sysctl.d/ for your settings.

See the comment in the beginning of /etc/sysctl.conf about overriding that file.

Hi Malcolmlewis
After changing parameters by using command sysctl -w net.ipv4.tcp_max_syn_backlog=8192 you have suggested to create a file /etc/sysctl.d/99-sap.conf what permission and ownership we should assign to that file and any specific syntax is there to make entries to that file.

Please let us know.

Hi
The defaults, permissions should be 0644 and owned by root:root and as I quoted before;

net.core.somaxconn = 4096
net.ipv4.tcp_max_syn_backlog = 8192
net.core.rmem_max = 6291456
net.core.wmem_max = 4194304

Thanks for the update.
No reboot required right after changing the parameters.

Hi
No, they should apply fine.

Thanks a lot Malcomlewis.

Hi Malcomlewis,
Need your help in modifying the below parameters for password configuration on SuSe linux server
Password MinimumLength = 8
Min Upper case chars=1
Min lower case char=1
Min digit chars=1
Min special Chars=1
Lifetime(The maximum period of time, (in days) a user’s password may be in effect before the user is forced to change it.) = 90 days
History(The number of unique new passwords that must be associated with a user account before an old password can be reused) = 24
Minimum password age(The period (in days) that a password must be used before the user can change it)= 2 days
Account Lockout duration(The amount of time a locked-out account remains locked out before automatically becoming unlocked.)=15
Account Lockout threshold(The number of failed sign-in attempts that will cause a user account to be locked.)=6

Kindly help us to set above parameters in our Suse Linux server below is the suse linux version
Linux 4.12.14-197.37-default #1 SMP
cat /etc/SUSE-brand
SLE
VERSION = 15

Hi
With a new topic, please start a new thread as it will get more attention from other Forum users :wink:

I will close this thread for now.