Community Tips
Blockshard
I'm usually tuning networking, memory, and file descriptors. This is a
sysctl.conffile I'm using to tune and harden a blockchain node, collected and fine-tuned over the years.- Marc Bonenberger, Founder of Blockshard
Edit the /etc/sysctl.conf file.
sudo nano /etc/sysctl.conf
Add the following contents to the bottom of the file. Note: Delete any uncommented lines that were previously added.
# =======================================
# FILE DESCRIPTORS
# =======================================
fs.file-max = 500000 # Max number of open files system-wide (also set ulimit for processes)
# =======================================
# NETWORK PERFORMANCE TUNING (TCP/IP)
# =======================================
# Congestion control and queuing discipline
net.ipv4.tcp_congestion_control = bbr # Use BBR for better congestion handling
net.core.default_qdisc = fq # Fair Queuing (fq) pairs well with BBR
# TCP buffer sizes (min, default, max in bytes)
net.ipv4.tcp_rmem = 4096 1048576 2097152 # Receive buffer
net.ipv4.tcp_wmem = 4096 65536 16777216 # Send buffer
# Default buffer limits for all sockets
net.core.rmem_default = 1048576
net.core.wmem_default = 1048576
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.optmem_max = 65536
# TCP settings for better throughput and resilience
net.ipv4.tcp_window_scaling = 1 # Allow larger TCP window sizes
net.ipv4.tcp_sack = 1 # Selective acknowledgements
net.ipv4.tcp_timestamps = 1 # Timestamps for round-trip time measurement
net.ipv4.tcp_syncookies = 1 # Protect against SYN flood attacks
net.ipv4.tcp_slow_start_after_idle = 0 # Don't restart slow start after idle
net.ipv4.tcp_no_metrics_save = 1 # Don't retain metrics from past connections
net.ipv4.tcp_low_latency = 1 # Prioritize latency
# Increase the connection backlog
net.core.somaxconn = 8192 # Max incoming connection queue length
# =======================================
# SECURITY HARDENING
# =======================================
net.ipv4.icmp_echo_ignore_broadcasts = 1 # Ignore ICMP broadcasts (smurf protection)
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.accept_redirects = 0 # Don't accept ICMP redirects
net.ipv4.conf.all.log_martians = 0 # Disable logging of packets with impossible addresses
# =======================================
# SHARED MEMORY
# =======================================
kernel.shmmax = 1073741824 # Max size of a shared memory segment (1GB)
# =======================================
# VIRTUAL MEMORY TUNING
# =======================================
vm.swappiness = 10 # Prefer RAM over swap. Set value to 1 for even better performance if you have 32GB RAM or more
vm.vfs_cache_pressure = 50 # Retain inode/dentry cache longer (useful for I/O-heavy apps)
info
Set vm.swappiness = 1 instead if you have 32GB RAM or more for even better performance.
CTRL+O, ENTER, CTRL+X to save and exit.
Then load the new values and verify that the new settings are applied
sudo sysctl -p # load new values
sudo sysctl --system # verify settings are applied