# /etc/sysctl.d/99-network-performance.conf
# Kernel-level network performance tuning for maximum throughput

# === Core Network Buffer Sizes ===
net.core.rmem_max = 134217728          # 128MB receive buffer
net.core.wmem_max = 134217728          # 128MB send buffer
net.core.rmem_default = 16777216       # 16MB default receive
net.core.wmem_default = 16777216       # 16MB default send
net.core.optmem_max = 40960            # Ancillary buffer size

# === TCP Buffer Tuning ===
net.ipv4.tcp_rmem = 4096 87380 134217728    # TCP receive buffer (min/default/max)
net.ipv4.tcp_wmem = 4096 65536 134217728    # TCP send buffer (min/default/max)
net.ipv4.tcp_mem = 16777216 16777216 16777216  # TCP memory pages

# === Queue and Backlog Sizes ===
net.core.netdev_max_backlog = 250000   # Packets queued on INPUT side
net.core.netdev_budget = 600           # Packets per NAPI poll
net.core.netdev_budget_usecs = 8000    # Time limit per NAPI poll (microseconds)
net.core.somaxconn = 65535             # Max listen() backlog
net.ipv4.tcp_max_syn_backlog = 8192    # SYN backlog

# === TCP Performance Optimizations ===
net.ipv4.tcp_congestion_control = bbr  # Use BBR congestion control
net.core.default_qdisc = fq            # Fair queue scheduler (optimal for BBR)
net.ipv4.tcp_window_scaling = 1        # Enable window scaling
net.ipv4.tcp_timestamps = 1            # Enable timestamps
net.ipv4.tcp_sack = 1                  # Selective acknowledgment
net.ipv4.tcp_fack = 1                  # Forward acknowledgment
net.ipv4.tcp_low_latency = 1           # Optimize for latency
net.ipv4.tcp_slow_start_after_idle = 0 # Don't reduce cwnd after idle
net.ipv4.tcp_tw_reuse = 1              # Reuse TIME_WAIT sockets
net.ipv4.tcp_fin_timeout = 15          # Faster FIN timeout
net.ipv4.tcp_keepalive_time = 300      # Keepalive probe frequency (seconds)
net.ipv4.tcp_keepalive_probes = 5      # Keepalive probe count
net.ipv4.tcp_keepalive_intvl = 15      # Keepalive probe interval (seconds)
net.ipv4.tcp_max_tw_buckets = 2000000  # Max TIME_WAIT sockets
net.ipv4.tcp_fastopen = 3              # Enable TCP Fast Open (client+server)
net.ipv4.tcp_mtu_probing = 1           # Enable MTU probing
net.ipv4.tcp_no_metrics_save = 1       # Don't cache connection metrics
net.ipv4.tcp_moderate_rcvbuf = 1       # Auto-tune receive buffer

# === UDP Buffer Tuning ===
net.ipv4.udp_rmem_min = 8192
net.ipv4.udp_wmem_min = 8192

# === Connection Tracking ===
net.netfilter.nf_conntrack_max = 2000000
net.nf_conntrack_max = 2000000
net.netfilter.nf_conntrack_tcp_timeout_established = 1200

# === IPv4 General ===
net.ipv4.ip_forward = 0                # Disable if not routing
net.ipv4.ip_local_port_range = 1024 65535  # Expanded port range

# === Security ===
net.ipv4.tcp_syncookies = 1            # SYN flood protection
net.ipv4.conf.all.rp_filter = 1        # Reverse path filtering
net.ipv4.conf.default.rp_filter = 1

# === Core System Limits ===
fs.file-max = 2097152                  # Max file descriptors
fs.inotify.max_user_watches = 524288
fs.inotify.max_user_instances = 524288

# === Virtual Memory ===
vm.swappiness = 10                     # Reduce swap usage
vm.dirty_ratio = 15                    # Start background writeback at 15%
vm.dirty_background_ratio = 5          # Background writeback at 5%
vm.vfs_cache_pressure = 50             # Retain more inode/dentry cache
vm.max_map_count=262144

# === RPS/RFS ===
net.core.rps_sock_flow_entries = 32768