cloudstack/systemvm/patches/debian/config/etc/sysctl.conf

# Kernel sysctl configuration file 
#
# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
# sysctl.conf(5) for more details.
# @VERSION@

# Controls IP packet forwarding
net.ipv4.ip_forward = 1

# Controls source route verification
net.ipv4.conf.default.rp_filter = 0

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0

# Respect local interface in ARP interactions
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 2
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 2

# IPSec NETKEY -- avoid bogus redirects
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0

# For smooth transition of the vip address in case of a keepalived failover
net.ipv4.ip_nonlocal_bind = 1

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1

# A better way for the instance to die
kernel.panic = 10
kernel.panic_on_oops = 1
vm.panic_on_oom = 1

# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1

# disable tcp time stamps
net.ipv4.tcp_timestamps = 0

net.ipv4.netfilter.ip_conntrack_max = 1000000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_tw_buckets = 1000000
net.core.somaxconn = 1000000
net.nf_conntrack_max = 1000000
net.netfilter.nf_conntrack_max = 1000000

# Disable IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.all.forwarding = 0
net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.all.autoconf = 0