no Command

Purpose

Manages the tuning parameters of the network.

Syntax

no [ -p | -r [-K]] { -o Tunable[=NewValue] }

no [ -p | -r [-K]] {-d Tunable }

no [ -p | -r [-K]] { -D }

no [ -p | -r [-K]] [-F] -a

no -h [Tunable]

no [-F] -L [Tunable]

no [-F] -x [Tunable]

Note: Multiple flags -o, -d, -x, and -L are allowed.

Description

Use the no command to configure parameters that used to tune the network. The no command sets or displays current or next system boot values for network tuning parameters. This command can also make permanent changes or defer changes until the next system reboot. Whether the command sets or displays a parameter, is determined by the accompanying flag. The -o flag does both these actions. It can either display the value of a parameter or set a new value for a parameter. When the no command is used to modify a network option, it logs a message to the syslog by using the LOG_KERN facility.
Note: Be careful when you use this command. If used incorrectly, the no command can cause your system to become inoperable.

Before you modify any tunable parameter, you must read about all its characteristics in the Tunable Parameters section, and follow the Refer To pointer instructions to understand the purpose. Ensure that the Diagnosis and Tuning sections for this parameter apply to the situation, and changing the value of this parameter helps to improve the performance of your system.

If the Diagnosis and Tuning sections both contain N/A, you must not change this parameter unless directed by AIX® development.

Flags

Item Description
-a Displays current, reboot (when used with -r), Live Update value (when used with the -K option), or permanent (when used with -p) value for all tunable parameters, one per line in pairs Tunable = Value. For the permanent options, a value displays for a parameter if its reboot and current values are equal. Otherwise NONE displays as the value.
-d Tunable Resets Tunable to its default value. If Tunable must be changed when, it is set to one of the following values:
  • The tunable is not set to its default value and it is of type Bosboot or Reboot.
  • The tunable is of type Incremental and must be changed from its default value.
  • The tunable parameter is of type Reboot and is supported throughout the Live Update operation.
and -r is not used in combination. The tunable parameter is not changed but a warning message is displayed.
-D Resets all tunable parameters to their default value. If a tunable parameter that must be changed, is of one of the following types:
  • Bosboot or Reboot type
  • Incremental type and is changed from its default value
  • Reboot type and is supported throughout the Live Update operation.
and if either -p nor -r flag are used in combination, the parameter is not changed but a warning message is displayed.
-F Forces restricted tunable parameters to be displayed when the options -a, -L or -x are specified on the command line. If you do not specify the -F flag, restricted tunables are not included, unless they are named in association with a display option.
-h [Tunable] Displays help about Tunable parameter if one is specified. Otherwise, displays the no command usage statement.
start of change-Kend of change start of changeSets the reboot value to its default value in both /etc/tunables/nextboot and /etc/tunables/nextliveupdate files. The -K flag can be used only with the -r flag.

When you specify the -K flag with the -r and -d (or -D) flags, the reboot value is set to its default value only in the /etc/tunables/nextboot file. The /etc/tunables/nextliveupdate file is updated with the default reboot value only if a non-default value was set for the tunable parameter for the next Live Update operation.

end of change
-L [Tunable] Lists the characteristics of one or all Tunables, one per line, by using the following format:

NAME              CUR    DEF    BOOT   LVUP   MIN    MAX    UNIT       TYPE
 DEPENDENCIES 
---------------------------------------------------------------------
General Network 
Parameters 
---------------------------------------------------------------------
sockthresh        85     85     85     0      100    %_of_thewall  D
---------------------------------------------------------------------
fasttimo          200    200    200    50     200    millisecond   D
---------------------------------------------------------------------
inet_stack_size   16     16     16     1             kbyte         R
---------------------------------------------------------------------
... 
where: 
    CUR = current value 
    DEF = default value 
    BOOT = reboot value 
    LVUP = Live Update value
    MIN = minimal value 
    MAX = maximum value 
    UNIT = tunable unit of measure 
    TYPE = parameter type: D (for Dynamic), 
           S (for Static), R (for Reboot),B (for Bosboot), M (for Mount),
           I (for Incremental), C (for Connect), and d (for Deprecated) 
    DEPENDENCIES = list of dependent tunable parameters, one per line
-o Tunable [=NewValue ] Displays the value or sets the Tunable to NewValue. If a tunable must be changed, that is the specified value is different from current value, and is one of the following types:
  • Bosboot or Reboot
  • Incremental and its current value is more than the specified value
  • Reboot and is supported throughout the Live Update operation
If the -r flag is not used in combination with the -o flag, the tunable parameter is not changed but a warning message is displayed.

When -r is used in combination with this flag without a new value, the nextboot value for Tunable is displayed. start of changeWhen you specify the -K flag with the -o flag without specifying a new value, the next Live Update value for the tunable parameter is displayed.end of change When -p is used in combination without a new value, a value displays only if the current and next boot values for tunable are the same. Otherwise, the value is displayed as NONE.

-p Changes are applied to both current and reboot values when used in combination with -o, -d or -D, that is turns on updating of the /etc/tunables/nextboot file in addition to updating of the current value. These combinations cannot be used on Reboot and Bosboot type parameters because their current value cannot be changed.

When used with -a or -o without specifying a new value, the values are displayed when the current and next boot values for a parameter are the same. Otherwise, the value is displayed as NONE.

-r Changes are applied to reboot values when used in combination with -o, -d, or -D flags, that is it turns on updating the /etc/tunables/nextboot file. If any parameter of type Bosboot is changed, the user is prompted to run bosboot. When used with -a or -o without specifying a new value, next boot values for tunables display instead of the current values. start of changeWhen used with the -K flag, changes apply to both the /etc/tunables/nextboot and /etc/tunables/nextliveupdate files.end of change
-x [Tunable] Lists characteristics of one or all tunables, one per line, by using the following (spreadsheet) format:
tunable,current,default,reboot,liveupdate,min,max,unit,type,{dtunable } 

where: 
    current = current value 
    default = default value 
    reboot = reboot value 
    liveupdate = Live Update value
    min = minimal value 
    max = maximum value 
    unit = tunable unit of measure 
    TYPE = parameter type: D (for Dynamic), 
           S (for Static), R (for Reboot),B (for Bosboot), M (for Mount),
           I (for Incremental), C (for Connect), and d (for Deprecated) 
        dtunable = space separated list of dependent tunable parameters 

If you change by using the -o, -d or -D flag to a restricted tunable parameter, it results in a warning message that a tunable parameter of the restricted-use type is modified. If you also specify the -r or -p options on the command line, you are prompted for confirmation of the change. During system reboot, the presence of restricted tunables in the /etc/tunables/nextboot file that were modified to a value different from their default value by using a command line and by specifying the -r or -p options, results in an error log entry that identifies the list of these modified tunables.

If you change by using the -o, -d, or -D flag to a parameter of type Mount, it results in a warning message that the change is effective for future mountings.

If you change to a parameter of type Connect by using the -o, -d or -D flag, it results in starting the inetd and displays a warning message that the change is effective for future socket connections.

If you change to a parameter of type Bosboot or Reboot by using the -o, -d, or -D flag and without using the -r flag, it results in an error message.

If you change the current value of a parameter of type Incremental with a new value that is smaller than the current value by using the -o, -d, or -D flag and without using the -r flag, it results in an error message.

Tunable Parameters Type
All the tunable parameters that are manipulated by the tuning commands such as no, nfso, vmo, ioo, schedo, and raso commands are classified into the following categories:
Item Description
Dynamic If the parameter can be changed at any time
Static If the parameter can never be changed
Reboot If the parameter can be changed during reboot
Bosboot If the parameter can be changed by running bosboot and rebooting the machine
Mount If changes to the parameter are only effective for future file systems or directory mounts
Incremental If the parameter can be incremented, except at boot time
Connect If changes to the parameter are only effective for future socket connections
Deprecated If this parameter cannot be changed and is no longer supported by the current release of AIX.
For parameters of type Bosboot, whenever there is a change, the tuning commands automatically prompt the user to ask if they want to run the bosboot command. For parameters of type Connect, the tuning commands automatically restart the inetd daemon if pre520tune is disabled.
Note: The current set of parameters that are managed by the no command includes Reboot, Static, Dynamic, Incremental, and Connect types.
Tunable Parameters
For default values and range of values for tunables, refer the no command help (-h <tunable_parameter_name>).
Item Description
arpqsize
Purpose:
Specifies the maximum number of packets to queue while waiting for Address Resolution Protocol (ARP) responses.
Tuning:
This attribute is supported by Ethernet, 802.3, Token Ring and FDDI interfaces.
arpt_killc
Purpose:
Specifies the time in minutes before a complete ARP entry will be deleted.
Tuning:
To reduce ARP activity in a stable network, you can increase arpt_killc.
arptab_bsiz
Purpose:
Specifies Address Resolution Protocol (ARP) table bucket size.
Tuning:
netstat -p arp will show the number of ARP packets sent and the number of ARP entries purged from the ARP table. If large number of entries are being purged, the ARP table size should be increased. Use arp -a to show the ARP table hashing distribution.
arptab_nb
Purpose:
Specifies the number of ARP table buckets.
Tuning:
netstat -p arp will show the number of ARP packets sent and the number of ARP entries purged from the ARP table. If large number of entries are being purged, the ARP table size should be increased. Use arp -a to show the ARP table hashing distribution. Increase this value for systems that have a large number of clients or servers. The default provides for 149 x 7 = 1043 ARP entries, but assumes an even hash distribution.
bcastping
Purpose:
Allows response to ICMP echo packets to the broadcast address.
Tuning:
A value of 0 disables it; while a value on 1 enables it. The default is to not respond to echo packets to a broadcast address. This prevents so called 'broadcast storms' on the network that can result when multiple machines respond to a broadcast address.
clean_partial_conns
Purpose:
Specifies whether or not we are avoiding SYN attacks. If non-zero, clean_partial_conns specifies how many partial connections to be removed randomly to make room for new non-attack connections.
Tuning:
A value of 0 disables this option. This option should be turned on for servers that need to protect against network attacks.
start of changetcp_cubicend of change start of change
Purpose:
Enables CUBIC, as specified in RFC 8312, by modifying the congestion control mechanism for TCP connections between networks that have large bandwidth to improve the average throughput.
Tuning:
A value of 1 enables the CUBIC TCP enhancements for all systems in the network. A value of 0 disables it. The default value is 0.
end of change
delayack
Purpose:
Delays ACKs for certain TCP packets and attempts to piggyback them with the next packet sent instead.
Tuning:
This action will only be performed for connections whose destination port is specified in the list of the delayackports attribute. This can be used to increase the performance when communicating with an HTTP server by reducing the total number of packets sent. The parameter can have one of following four values:
0
No delays, normal operation
1
Delays the ACK for the server's SYN
2
Delays the ACK for the server's FIN
3
Delay both the ACKs for the SYN and FIN
delayackports
Purpose:
Specifies the list of destination ports for which the operation defined by the delayack port option is performed.
Tuning:
The attribute takes a maximum of 10 ports, which are separated by commas and enclosed in curly braces. For example:
no -o delayackports={80,30080}.
To clear the list, set the option to {}.
dgd_flush_cached_route
Purpose:
Flushes the cached routes of sockets when Dead Gateway Detection detects a previous dead gateway back online. The connections are forced to reacquire the route before the data is sent.
Tuning:
A value of 1 enables the DGD to flush the cached routes. A value of 0 disables it.
dgd_packets_lost
Purpose:
Specifies how many consecutive packets must be lost before Dead Gateway Detection decides that a gateway is down.
dgd_ping_time
Purpose:
Specifies the seconds that must pass between pings of a gateway by Active Dead Gateway Detection.
dgd_retry_time
Purpose:
Specifies the minutes a route's cost must remain raised when it is raised by Passive Dead Gateway Detection. After this many minutes pass, the route's cost is restored to its user-configured value. The unit specified is in numeric.
directed_broadcast
Purpose:
Specifies whether a directed broadcast to a gateway must be allowed or not.
Tuning:
The value of 1 allows packets to be directed to a gateway that must be broadcast on a network on the other side of the gateway.
fasttimo
Purpose:
Allows to set the millisecond delay for the TCP fast timeout timer. This timeout controls how often the system scans the TCP control blocks to send delayed acknowledgments.
Tuning:
Reducing this timer value can improve performance with some non-IBM systems. However, this parameter can result in slightly increased system utilization.
hstcp
Purpose:
Enables the HighSpeed TCP as specified in RFC 3649. This parameter modifies the congestion control mechanism for use with TCP connections with large congestion windows to improve the average throughput.
Tuning:
A value of 1 enables the HighSpeed TCP enhancements on a system-wide scale. A value of 0 disables it.
icmp6_errmsg_rate
Purpose:
Specifies the upper limit for the number of ICMP v6 error messages that can be sent per second. This parameter prevents excessive bandwidth from being used by ICMP v6 error messages.
icmpaddressmask
Purpose:
Specifies whether the system responds to an ICMP address mask request.
Tuning:
If the value 0 is set, the network silently ignores any ICMP address mask request that it receives.
icmptimestamp
Purpose:
Specifies whether the system responds to an ICMP timestamp request.
Tuning:
If the value of 0 is set, the network ignores any ICMP timestamp request that it receives.
ie5_old_multicast_mapping
Purpose:
Specifies IP multicasts on token ring that must be mapped to the broadcast address rather than a functional address when value 1 is used.
ifstat32
Purpose:
Enables or disables the 32-bit statistics. By default ifstats32 is disabled, when enabled it updates 32-bit statistics. Where some applications may use 32-bit interface counters.
Tuning:
A value of 0 disables it; while a value of 1 enables it.
ifsize
Purpose:
Specifies the maximum number of network interface structures per interface of a single type. This limit does not apply to ethernet interface structures for which the infrastructure expands dynamically to handle any number of ethernet interface structures.
Tuning:
The ifsize parameter must be large on systems that supports hotplug adapters and on DLPAR configurations because adapters can be added as required. The static interface tables must be large enough to accept the large number of adapters that is added for this system or partition. If the system detects at the start, that more adapters of a type are present than that is allowed by the current value of ifsize, it automatically increases the value to support the number of adapters present.
ip6_defttl
Purpose:
Specifies the default hop count that is used for IP version 6 packets if no other hop count is specified.
ip6_prune
Purpose:
Specifies how often to check the IP version 6 routing table for expired routes, in seconds.
ip6forwarding
Purpose:
Specifies whether the kernel must forward the IP version 6 packets.
Tuning:
The default value of 0 prevents forwarding of ipv6 packets when they are not for the local systems. A value of 1 enables forwarding.
ip6srcrouteforward
Purpose:
Specifies whether the system forwards source-routed IP version 6 packets.
Tuning:
A value of 1 allows the forwarding of source-routed packets. A value of 0 causes all source-routed packets that are not at their destinations to be discarded.
ip_ifdelete_notify
Purpose:
Specifies when an interface address is deleted. All the existing TCP connections that were bound locally to the interface address and were deleted must be notified with error ENETDOWN.
Tuning:
Existing FTP/Telnet connections are disconnected when the ENETDOWN error is returned.
ip_ifdelete_no_retrans
Purpose:
Specifies that when an interface address is deleted, the existing TCP connections that were bound locally to the interface address must not retransmit data.
Tuning
No further retransmission of data occurs over the existing SSH connections.
ip_nfrag
Purpose:
Specifies the maximum number of fragments of an IP packet that can be kept on IP reassembly queue at a time.
ipforwarding
Purpose:
Specifies whether the kernel must forward packets.
Tuning:
Set this parameter to 1, if the system is acting as an IP router.
ipfragttl
Purpose:
Specifies the time to live for IP fragments in half-seconds.
Tuning:
Check for fragments that dropped after timeout (netstat -p ip). If the value of IP, that is the fragments dropped after timeout is nonzero, increases the ipfragttl parameter, it can reduce retransmissions.
ipignoreredirects
Purpose:
Specifies whether to process redirects that are received.
Tuning:
A value of 0 processes redirects as usual. A value of 1 ignores redirects.
ipqmaxlen
Purpose:
Specifies the number of received packets that can be queued on the IP protocol input queue.
Tuning:
Examine if ipintrq overflows (netstat -s) or use crash to access IP input queue overflow counter. Increase size if system is using many loopback sessions. Most operating system network drivers call IP directly and do not use the IP queue. Increasing the ipqmaxlen parameter on these devices has no effect.
ipoutqueues
Purpose
Specifies whether to queue User Datagram Protocol (UDP) packets that are sent over IPv4. These UDP packets are handled by a separate kernel thread.
Tunning
The default value is 0 and it specifies the UDP to transmit the packet immediately without queuing. A non-zero value specifies the number of queues to be created and used. For example, to create a single queue that is used by the UDP, enter the following command:
no -o ipoutqueues=1
ipsendredirects
Purpose:
Specifies whether the kernel must send redirect signals.
Tuning:
This parameter is a configuration decision with performance consequences.
ipsrcrouteforward
Purpose:
Specifies whether the system forwards source routed packets.
Tuning:
The default value of 1 allows the forwarding of source-routed packets. A value of 0 causes all source-routed packets that are not at their destinations to be discarded.
ipsrcrouterecv
Purpose:
Specifies whether the system accepts source routed packets.
Tuning:
The default value of 0 causes all source-routed packets that are destined for this system to be discarded. A value of 1 allows source-routed packets to be received.
ipsrcroutesend
Purpose:
Specifies whether applications can send source routed packets.
Tuning:
The default value of 1 allows source-routed packets to be sent. A value of 0 causes setsockopt() to return an error if an application attempts to set the source routing option, and removes any source routing options from the outgoing packets.
limited_ss
Purpose:
Enables the Limited SlowStart as specified in RFC 3742. This limits the number of segments by which the congestion window is increased for one window during slow-start. This enhancement improves the performance for TCP connections with large congestion windows.
Tuning:
A value from 1 to 100 enables the Limited SlowStart enhancements on a system-wide scale and sets it as the number of segments to the value of the maximum SlowStart threshold. A value of 0 disables it. The default value is 0.
llsleep_timeout
Purpose:
Specifies timeout value in seconds for link local timeouts (used when multi_homed=1).
lo_perf
Purpose:
Specifies whether you want to utilize a separate queue per CPU to improve loopback performance.
Tuning:
A value of 1 enables a separate queue per CPU. A value of 0 disables this option.
lowthresh
Purpose:
Specifies the maximum number of bytes that can be allocated by using the allocb call for the BPRI_LO priority.
Tuning:
When the total amount of memory that is allocated by the net_malloc call reaches this threshold, then the allocb request for the BPRI_LO priority returns 0. The lowthresh attribute represents a percentage of the thewall attribute and you can set its value from 0 to 100.
main_if6
Purpose:
Specifies the interface to use for link local addresses.
main_site6
Purpose:
Specifies the interface to use for site local address routing.
maxnip6q
Purpose:
Specifies the maximum number of IP version 6 packet reassembly queues.
maxttl
Purpose:
Specifies the time to live (in seconds) for RIP packets.
medthresh
Purpose:
Specifies the maximum number of bytes that can be allocated by using the allocb call for the BPRI_MED priority.
Tuning:
When the total amount of memory that is allocated by the net_malloc call reaches this threshold, then the allocb request for the BPRI_MED priority returns 0. The medthresh attribute represents a percentage of the thewall attribute. A typical setting of 95 represents 95% of thewall attribute.
mpr_policy
Purpose:
Specifies the policy to be used for Multipath Routing.
Tuning:
The following are the available routing policies:
Weighted Round-Robin (1)
Based on user-configured weights that are assigned to the multiple routes (through the route command) round-robin is applied. If no weights are configured then, it behaves identical to plain round-robin.
Random (2)
Chooses a route at random.
Weighted Random (3)
Chooses a route that is based on user-configured weights and a randomization routine. The policy adds up the weights of all the routes and picks a random number between 0 and total weight. Each of the individual weights is removed from the total weight until this number is zero. This picks a route in the range of the total number of routes available.
Lowest Utilization (4)
Chooses a route with the minimum number of current connections going through it.
Hash-based (5)
Hash-based algorithm chooses a route by hashing based on the destination IP address.
multi_homed
Purpose:
Specifies the level of multi-homed IP version 6 host support.
Tuning:
Tuning is performed for connections whose destination port is specified in the list of the delayackports parameter. This parameter can be used to increase performance when communicating with an HTTP server. The parameter can have one of four values:
0
Indicates the original functionality in AIX 4.3.
1
Indicates that link local addresses is resolved by querying each interface for the link local address.
2
Indicates that link local addresses is examined for the interface that is defined by main_if6.
3
Indicates that link local addresses is examined for the interface that is defined by main_if6 and site local addresses are routed to the main_site6 interface.
nbc_limit
Purpose:
Specifies the total maximum amount of memory that can be used for the Network Buffer Cache.
Tuning:
This attribute is in number of Kilobytes. When the cache grows to this limit, the rarely used cache objects are flushed out of the cache to make room for the new ones.
nbc_max_cache
Purpose:
Specifies the maximum size of the cache object that is allowed in the Network Buffer Cache without using the private segments.
Tuning:
This parameter is in number of bytes. A data object bigger than this size is either cached in a private segment or is not cached at all.
nbc_min_cache
Purpose:
Specifies the minimum size of the cache object that is allowed in the Network Buffer Cache.
Tuning:
This attribute is in number of bytes. A data object smaller than this size is not put into the NBC. This attribute applies for send_file() API and some web servers that use the get engine in the kernel.
nbc_ofile_hashsz
Purpose:
Specifies the size of the hash table that is used for hashing cache objects in the Network Buffer Cache.
Tuning:
This hash table size applies to only opened file entries that is, entries that cache files from the file system. Since this attribute resizes the hash table size and affects the hashing of all existing entries, this attribute can be modified when the Network Buffer Cache is empty.
nbc_pseg
Purpose:
Specifies the maximum number of private segments that can be created for the Network Buffer Cache.
Tuning:
When this option is set at nonzero0, a data object between the size that is specified in nbc_max_cache and the segment size (256MB) is cached in a private segment. A data object bigger than the segment size is not cached. When the maximum number of private segments exist, cache data in private segments can be flushed for new cache data so that the number of private segments do not exceed the limit. When nbc_pseg is set to 0, all cache in private segments is flushed.
nbc_pseg_limit
Purpose:
Specifies the maximum amount of cached data size allowed in private segments in the Network Buffer Cache.
Tuning:
This value is expressed in Kilobytes. Since data cached in private segments are pinned by the Network Buffer Cache, nbc_pseg_limit controls the amount of pinned memory that is used for the Network Buffer Cache in addition to the network buffers in global segments. When the amount of cached data reaches this limit, cache data in private segments can be flushed for new cache data so that the total pinned memory size does not exceed the limit. When nbc_pseg_limit is set to 0, all cache in private segments is flushed.
ndd_event_name
Purpose:
Specifies the list of interface names for ns_alloc and ns_free events to be captured, when the trace of ns_alloc/ns_free events is enabled by setting the ndd_event_tracing option.
ndd_event_tracing
Purpose:
Specifies the size of the ns_alloc/ns_free trace buffer.
Tuning:
If the value of this option is non-zero all ns_alloc/ns_free events are traced in a kernel buffer. A value of zero disables this event tracing. If the values of ndd_event_tracing are larger than 1024 it allocates as many items in the kernel buffer for tracing.
ndp_mmaxtries
Purpose:
Specifies the maximum number of Multicast NDP Neighbor Discovery Protocol (NDP) packets to send.
ndp_umaxtries
Purpose:
Specifies the maximum number of Unicast Neighbor Discovery Protocol (NDP) packets to send.
ndpqsize
Purpose:
Specifies the number of packets to hold waiting on completion of a Neighbor Discovery Protocol (NDP) entry that is used by IP version 6.
ndpt_down
Purpose:
Specifies the time, in half seconds, to hold down an NDP entry.
ndpt_keep
Purpose:
Specifies the time, in half seconds, to keep a Neighbor Discovery Protocol (NDP) entry.
ndpt_probe
Purpose:
Specifies the time in half seconds, to delay before the first Neighbor Discovery Protocol (NDP) probe is sent .
ndpt_reachable
Purpose:
Specifies the time, in half seconds, to test if a Neighbor Discovery Protocol (NDP) entry is still valid.
ndpt_retrans
Purpose:
Specifies the time, in half seconds, to wait before an NDP request is retransmitted.
net_buf_size
Purpose:
Specifies a list of buffer sizes for net_malloc/net_free events to be captured.
Tuning:
The net_buf_size strings represent a list of sizes. If this attribute is not of value all, only net_malloc/net_free events of those sizes are captured. A value of all means that the events of any size are captured.
net_buf_type
Purpose:
Specifies a list of buffer types for net_malloc/net_free events to be captured.
Tuning:
The net_buf_type string represents a list of types. If the string is not empty and different from all, only net_malloc/net_free events of that type is captured.
net_malloc_frag_mask
Purpose:
It is used as boolean attribute for mask with each bucket that requests similar fragments to be promoted to full pages.
Tuning:
Allows promotion of allocations smaller than 1 page to full pages for better detection of memory overwrite problems. It is a mask for each bucket size that requests such fragments to be promoted to full pages. Enabling this option for memory fragments results in lower performance.
netm_page_promote
Purpose:
Specifies whether to allow promotion of a fragment to page size.
Tuning:
This option allows promotion of fragment sizes that are specified in net_malloc_frag_mask to page size. Setting this option to 0, disables the page promotion irrespective of the sizes that are set in net_malloc_frag_mask.
nonlocsrcroute
Purpose:
Tells the Internet Protocol that strictly source-routed packets can be addressed to hosts outside the local network.
Tuning:
A value of 0 disallows addressing to outside hosts. A value of 1 allows packets to be addressed to outside hosts. Loosely source routed packets are not affected by this attribute.
nstrpush
Purpose:
Specifies the maximum number of modules that you can push onto a single stream. The minimum value is 8.
Tuning:
This parameter is read-only. This attribute can be set when loading the operating system in the /etc/pse_tune.conf file.
passive_dgd
Purpose:
Specifies whether Passive Dead Gateway Detection is enabled.
Tuning:
A value of 0 disables passive_dgd, and a value of 1 enables it for all gateways in use.
pmtu_default_age
Purpose:
This option is now unused because UDP applications are now required to always set IP_DONTFRAG socket option to be able to detect decreases in Path MTU.
Tuning:
A value of zero allows no aging. The default value is 10 minutes. The pmtu_default_age value can be overridden by UDP applications. pmtu_default_age is a runtime attribute.
pmtu_expire
Purpose:
Specifies the default amount of time (in minutes) before which the path MTU entries with reference count of zero are deleted.
Tuning:
A value of 0 suggests that the pmtu entries does not expire.
pmtu_rediscover_interval
Purpose:
Specifies the default amount of time (in minutes) before the path MTU value for UDP and TCP paths are checked for a higher value.
Tuning:
A value of 0 allows no path MTU rediscovery.
psebufcalls
Purpose:
Specifies the maximum number of bufcalls to allocate by Streams.
Tuning:
The Stream subsystem allocates certain number of bufcall structures at initialization, so that when the allocb call fails, the user can register their requests for the bufcall. You are not allowed to lower this value until the system is restarted. During restart, the parameter returns to its default value.
psecache
Purpose:
Controls the number of stream buffers.
psetimers
Purpose:
Specifies the maximum number of timers to allocate by Streams.
Tuning:
The Stream subsystem allocates certain a number of timer structures at initialization so that the streams driver or module can register their timeout calls. You are not allowed to lower this value until the system is restarted. During restart, the parameter returns to its default value.
rfc1122addrchk
Purpose:
Performs address validation as specified by RFC1122, Requirements for Internet Hosts-Communication Layers.
Tuning:
A value of 0 does not perform address validation. A value of 1 performs address validation.
rfc1323
Purpose:
Enables TCP enhancements as specified by RFC 1323, TCP Extensions for High Performance.
Tuning:
A value of 0 disables the RFC enhancements on a system-wide scale. A value of 1 specifies that all TCP connections attempts to negotiate the RFC enhancements. The SOCKETS application can override the default behavior on individual TCP connections, by using the setsockopt subroutine. The rfc1323 network option can also be set on a per interface basis through the ifconfig command.
rfc2414
Purpose:
Enables the increasing of TCP's initial window as described in RFC 2414.
Tuning:
When it is on, the initial window depends on setting the tcp_init_window tunable.
route_expire
Purpose:
Specifies whether the route expires.
Tuning:
A value of 0 allows no route expiration. Negative values are not allowed for this option.
routerevalidate
Purpose:
Specifies that each cached route of a connection must be validated when a new route is added to the routing table.
Tuning:
This option ensures that applications that keep the same connection open for long periods of time (for example NFS) uses the correct route after routing table changes occur. A value of 0 does not revalidate the cached routes. Turning on this option can cause some performance degradation.
rto_high
Purpose:
Specifies the TCP Retransmit Time out high value that is used in calculating factors, and the allowable maximum retransmits that is used in TCP data segment retransmits.
Tuning:
rto_high is the high factor.
rto_length
Purpose:
Specifies the TCP Retransmit Time Out length value that is used in calculating factors, and the allowable maximum retransmits that is used in TCP data segment retransmits.
Tuning:
rto_length is the total number of time segments.
rto_limit
Purpose:
Specifies the TCP Retransmit Time out limit value that is used in calculating factors, and the allowable maximum retransmits that is used in TCP data segment retransmits.
Tuning:
rto_limit is the number of time segments from rto_low to rto_high.
rto_low
Purpose:
Specifies the TCP Retransmit Time Out low value that is used in calculating factors, and the allowable maximum retransmits that is used in TCP data segment retransmits.
Tuning:
rto_low is the low factor.
sack
Purpose:
Enables TCP Selective Acknowledgment as described in RFC 2018.
Tuning:
A value of 1 makes all TCP connections negotiate sack. Default is zero, which disables the negotiation. sack feature needs support from the peer TCP. The negotiation phase during connection initiation determines that. When out of order segments are received , Selective Acknowledgments from the receiver informs the sender of the data that is received so that the sender can retransmit only the missing segments. This results in less unnecessary retransmitted segments. Sack is useful for recovering fast from multiple packet drops in a window of data.
sb_max
Purpose:
Specifies the maximum buffer size that is allowed for a TCP and UDP socket. Limits setsockopt, udp_sendspace, udp_recvspace, tcp_sendspace, and tcp_recvspace.
Tuning:
Increase size, preferably to multiple of 4096. Must be approximately two to four times the largest socket buffer limit.
send_file_duration
Purpose:
Specifies the cache validation duration for all the file objects that system call send_file accessed in the network buffer cache.
Tuning:
This attribute is in number of seconds. A value of 0 means that the cache is validated for every access.
site6_index
Purpose:
Specifies the maximum interface number for site local routing.
sockthresh
Purpose:
Specifies the maximum amount of network memory that can be allocated for sockets. Used to prevent new sockets or TCP connections from exhausting all MBUF memory and reserve the remaining memory for the existing sockets or TCP connections.
Tuning:
When the total amount of memory that is allocated by the net_malloc subroutine reaches the sockthresh threshold, the socket and socketpair system calls fail with an error of ENOBUFS. Incoming connection requests are silently discarded. Existing sockets can continue to use more memory. The sockthresh attribute represents a percentage of the thewall attribute.
sodebug
Purpose:
Specifies whether the newly created sockets has SO_DEBUG flag on.
sodebug_env
Purpose:
Specifies whether SODEBUG process environment variable is checked for the newly created sockets; if so, these sockets has the SO_DEBUG flag on.
somaxconn
Purpose:
Specifies the maximum listen backlog.
Tuning:
Increase this parameter on busy web servers to handle peak connection rates.
soreuseport_lb
Purpose:
Specifies whether the SO_REUSEPORT socket option is enabled or disabled for load balancing.
Tuning:
This tunable parameter can have the following values:
  • 1 - Enables the SO_REUSEPORT socket option.
  • 0 - Disables the SO_REUSEPORT socket option.
strctlsz
Purpose:
Specifies the maximum number of bytes of information that a single system call can pass to a Stream to place into the control part of a message (in an M_PROTO or M_PCPROTO block).
Tuning:
The putmsg call with a control part that exceeds this size fails with ERANGE.
strmsgsz
Purpose:
Specifies the maximum number of bytes of information that a single system call can pass to a Stream to place into the data part of a message (in M_DATA blocks).
Tuning:
Any write call that exceeds this size is broken into multiple messages. The putmsg call with a data part that exceeds this size fails with ERANGE.
strthresh
Purpose:
Specifies the maximum number of bytes Streams are normally allowed to allocate.
Tuning:
When the threshold is passed, strthresh does not allow users without the appropriate privilege to open Streams, push modules, or write to Stream devices, and returns ENOSR. The threshold applies to the output and does not affect the data coming into the system (for example, console continues to work properly). A value of zero means that there is no threshold. The strthresh attribute represents a percentage of the thewall attribute. The thewall attribute indicates the maximum number of bytes that can be allocated by Streams and Sockets by using the net_malloc call.
strturncnt
Purpose:
Specifies the maximum number of requests that are handled by the current running thread for Module or Elsewhere level Streams synchronization.
Tuning:
The Module level synchronization works in a way that only one thread can run in the module at any time and all other threads, which try to acquire the same module enqueues their requests and leave. After the current running thread completes its work, it dequeues all the previously enqueued requests one by one and runs them. If there are many requests that are enqueued in the list, then the current running thread has to serve everyone and will always be busy serving others and starves itself. To avoid this situation, the current running thread serves only the strturncnt number of threads after that a separate kernel thread activates and runs all the pending requests.
subnetsarelocal
Purpose:
Specifies whether all subnets that match the subnet mask are to be considered local for purposes of establishing, for example, the TCP maximum segment size.
Tuning:
This parameter is used by the in_localaddress subroutine. The default value, 1 specifies that addresses that match the local network mask are local. If the value is 0, addresses that match the local subnetwork are local. This is a configuration decision with performance consequences. If all the subnets do not have the same MTU, fragmentation at bridges can degrade performance. If the subnets do have the same MTU, and subnetsarelocal is 0, TCP sessions can use a small MSS.
tcp_bad_port_limit
Purpose:
Specifies the number of TCP segments to a port, which does not have a socket connection, within the time duration of half a second. TCP stops sending TCP reset segments in response after this time.
Tuning:
If the value is set to 0, TCP indicates a bad port number error by sending TCP reset segments. A value greater than 0 indicates the number of TCP segments received by a port, which does not have a socket connection, within the time duration of half a second before TCP stops sending TCP reset segments.
tcp_cwnd_modified
Purpose:
Allows the TCP IP applications with specific socket options to adjust the network congestion window. This parameter might be used only in a specific wide area network (WAN) environment.
Tuning:
Default value is 0, which disables the tuning parameter. Tuning it to a value of 1 allows to adjust the network congestion window.
tcp_ecn
Purpose:
Enables TCP level support for Explicit Congestion Notification as described in RFC 2481.
Tuning:
Default is off (0). Turning it on (1) makes all connections negotiate ECN capability with the peer. For this feature to work, you need support from the peer TCP and also IP level ECN support from the routers in the path.
tcp_ephemeral_high
Purpose:
Specifies the largest port number to allocate for TCP ephemeral ports.
Tuning:
The number of ephemeral sockets is determined by tcp_ephemeral_high minus tcp_ephemeral_low. For maximum number of ephemeral sockets, set tcp_ephemeral_high to 65535 and tcp_ephemeral_low to 1024.
tcp_ephemeral_low
Purpose:
Specifies the smallest port number to allocate for TCP ephemeral ports.
Tuning:
The number of ephemeral sockets is determined by tcp_ephemeral_high minus tcp_ephemeral_low. For maximum number of ephemeral sockets, set tcp_ephemeral_high to 65535 and tcp_ephemeral_low to 1024.
tcp_fastlo
Purpose:
Allows the TCP loopback traffic to cutoff the entire TCP/IP stack protocol and interface to achieve better performance.
Tuning:
A value of 1 enables the TCP loopback traffic to cutoff the entire TCP/IP stack. A value of 0 disables this option.
tcp_finwait2
Purpose:
Specifies the length of time to wait in the FIN_WAIT2 state before closing the connection, measured in half seconds.
tcp_icmpsecure
Purpose:
Specifies whether or not ICMP (Internet Control Message Protocol) attacks on TCP are avoided.
Tuning:
This option should be turned on to protect TCP connections against ICMP attacks. The ICMP attacks may be of the form of ICMP source quench attacks and PMTUD (Path MTU Discovery) attacks. If this network option is turned on, the system does not react to ICMP source quench messages. This will protect against ICMP source quench attacks. Also, if this network option is enabled, the payload of the ICMP message is tested to determine if the sequence number of the TCP header portion of the payload is within the range of acceptable sequence numbers. This will mitigate PMTUD attacks to a large extent.
tcp_init_window
Purpose:
This value is used only when rfc2414 is turned on (ignored otherwise).
Tuning:
If rfc2414 is on and this value is zero, then the initial window computation is done according to rfc2414. If this value is non-zero, the initial (congestion) window is initialized a number of maximum sized segments equal to tcp_init_window. Changing ftcp_init_window allows you to tune the TCP slow start to control the number of TCP segments (packets) outstanding before an ACK is received. For example, setting this value to 6 would allow 6 packets to be sent initially, instead of the normal 2 or 3 packets, thus speeding up the initial packet rate.
tcp_inpcb_hashtab_siz
Purpose:
Specifies the size of the inpcb hash table for TCP connections.
Tuning:
This table holds the inpcbs required for connection management and is implemented as a table of hash chains. A larger table means that the linked hash chains will be smaller and lower traversal time on the average but the memory footprint will be larger. This value should be a prime number. This option impacts performance and should be used with extreme caution. Please consult a performance analyst in case it is felt that the value needs to be changed. The execution environment could have an influence on the value. It is strongly encouraged to maintain the system defined defaults as they tend to execute optimally in most environments.
tcp_keepcnt
Purpose:
tcp_keepcnt represents the number of keepalive probes that could be sent before terminating the connection.
tcp_keepidle
Purpose:
Specifies the length of time to keep the connection active, measured in half seconds.
tcp_keepinit
Purpose:
Sets the initial timeout value for a TCP connection, which is measured in half seconds.
tcp_keepintvl
Purpose:
Specifies the interval, which is measured in half seconds, between packets that are sent to validate the connection.
Tuning:
For example, 150 half seconds results in 75 seconds between validation probes. This allows TCP to know that a connection is still valid and keep the connection open when it is otherwise idle. This is a configuration decision with minimal performance consequences. No change is recommended. If the interval were shortened significantly, processing and bandwidth costs might become significant.
tcp_limited_transmit
Purpose:
Enables the feature that enhances TCP's loss recovery as described in the RFC 3042.
Tuning:
A value of 1 enables this option and zero disables the option.
tcp_low_rto
Purpose:
Specifies the TCP retransmit timeout (RTO) in milliseconds for connections that are experiencing packet drops.
Tuning:
A tick is 10 ms (one 100th of a second). The option timer_wheel_tick must be set to non-zero value before setting the tcp_low_rto option. Also, tcp_low_rto can be equal to zero or a multiple of ten times the timer_wheel_tick value. This tunable allows TCP to use smaller timeout values for packet timeout and retransmit on high speed networks. Normal TCP retransmit timeout is 1.5 seconds.
tcp_maxburst
Purpose:
Specifies the number of back-to-back packets that TCP can send before pausing to allow those packets to be forwarded to their destination.
Tuning:
This can be useful if routers are unable to handle large bursts of TCP packets and are dropping some of them. A value of 0 means no limitation for back-to-back packets before pausing.
tcp_maxqueuelen
Purpose:
Specifies the maximum number of TCP segments that can be processed in the reassembly queue.
Tuning:
Values for this tunable parameter are in the range 0 - 32767. A value of 0 means unlimited queue length. The default value is 1000.
tcp_mssdflt
Purpose:
Default maximum segment size that is used in communicating with remote networks.
Tuning:
tcp_mssdflt is only used if path MTU discovery is not enabled or path MTU discovery fails to discovery a path MTU. The tcp_mssdflt network option can also be set on a per interface basis (see the documentation for ISNO options). Limiting data to (MTU - 40) bytes ensures that, where possible, only full packets are sent.
tcp_nagle_limit
Purpose:
This is the Nagle algorithm threshold in bytes, which can be used to disable Nagle.
Tuning:
The default is Nagle turned on. To disable Nagle, set this value to 0 or 1. TCP disables Nagle for data segments larger than or equal to this threshold value.
tcp_nagleoverride
Purpose:
Setting the option tcp_nagle_limit turns off the Nagle algorithm system wide and setting tcp_nodelay option for a socket turns off the Nagle algorithm for that specific connection whereas setting tcp_ nagleoverride disables the Nagle algorithm only for certain situations during the connection.
Tuning:
The value of 1 disables Nagle algorithm only for certain TCP packets in a connection.
tcp_ndebug
Purpose:
Specifies the number of tcp_debug structures.
tcp_newreno
Purpose:
Enables the modification to TCP's Fast Recovery algorithm as described in RFC 2582.
Tuning:
This fixes the limitation of TCP's Fast Retransmit algorithm to recover fast from dropped packets when multiple packets in a window are dropped. sack also achieves the same thing but sack needs support from both ends of the TCP connection; the NewReno modification is only on the sender side.
tcp_nodelayack
Purpose:
Turning this parameter on causes TCP to send immediate acknowledgement (Ack) packets to the sender. When tcp_nodelayack is disabled, TCP delays sending Ack packets by up to 200ms. This allows the Ack to be piggy-backed onto a response and minimizes system overhead.
Tuning:
This option can be used to overcome bugs in other implementations of the TCP nagle algorithm. Setting this option to 1 will cause slightly more system overhead, but can result in much higher performance for network transfers if the sender is waiting on the receiver's acknowledgement.
tcp_pmtu_discover
Purpose:
Enables or disables path MTU discovery for TCP applications.
Tuning:
A value of 0 disables path MTU discovery for TCP applications, while a value of 1 enables it.
tcp_recvspace
Purpose:
Specifies the system default socket buffer size for receiving data. This affects the window size used by TCP.
Tuning:
The optimum buffer size is the product of the media bandwidth and the average round-trip time of a packet. The tcp_recvspace network option can also be set on a per interface basis (reference documentation on Interface Specific Network Options (ISNO) ). Most interfaces now have this tunable set in the ISNO defaults. The tcp_recvspace attribute must specify a socket buffer size less than or equal to the setting of the sb_max attribute.
tcp_sendspace
Purpose:
Specifies the system default socket buffer size for sending data.
Tuning:
The optimum buffer size is the product of the media bandwidth and the average round-trip time of a packet: optimum_window=bandwidth * average_round_trip_time. The tcp_sendspace network option can also be set on a per interface basis (reference documentation on Interface Specific Network Options (ISNO) ). Most interfaces now have this tunable set in the ISNO defaults. The tcp_sendspace attribute must specify a socket buffer size less than or equal to the setting of the sb_max attribute.
tcp_syn_rto
Purpose:
Specifies the TCP retransmission timeout (RTO) value, in interval of half-seconds, for a connection experiencing packet drops before the connection is established.
Tuning:
The value of the tcp_syn_rto tunable parameter will be set as the initial retransmission timeout value for retransmissions that occur before the connection is established. The values are in the range 0 - 32767. The default value is 0.
tcp_tcpsecure
Purpose:
Specifies whether connection reset attacks and data corruption attacks on TCP are avoided.
Tuning:
This option is used to protect TCP connections from one or more of the following three vulnerabilities. The first vulnerability involves sending of a fake SYN to an established connection to abort the connection. A tcp_tcpsecure value of 1 provides protection from this vulnerability. The second vulnerability involves the sending of a fake RST to an established connection to abort the connection. A tcp_tcpsecure value of 2 provides protection from this vulnerability. The third vulnerability involves injecting fake data in an established TCP connection. A tcp_tcpsecure value of 4 provides protection from this vulnerability. Values for tcp_tcpsecure can range from a minimum of 0 (this is the default value and provides no protection from these vulnerabilities) to a maximum value of 7. Values of 3, 5, 6, or 7 protects the connection from combinations of these three vulnerabilities.
tcp_timewait
Purpose:
The tcp_timewait option is used to configure how long connections are kept in the timewait state.
Tuning:
It is given in 15 second intervals. Increasing this value degrades performance of web servers or applications that open and close many TCP connections.
tcp_ttl
Purpose:
Specifies the time to live for TCP packets, expressed in ticks.
Tuning:
A tick is 0.6 seconds (there are 100 ticks per minutes).
tcprexmtthresh
Purpose:
Specifies the number of consecutive duplicate acknowledgements, which cause TCP to goto fast retransmit phase.
Tuning:
Increase this parameter if TCP performance is low due to an increased number of duplicate acknowledgements but the network is not congested. Be aware that setting a high value for this option can cause TCP to time out and retransmit.
tcptr_enable
Purpose:
Enables TCP traffic regulation that is defined by policies that created by using the tcptr command. A value of 0 means disabled. Any non-zero value means traffic regulation is enabled.
Tuning:
A value of 0 disables this option. This option must be turned on for servers that must protect against network attacks.
thewall
Purpose:
Specifies the maximum amount of memory, in kilobytes, that is allocated to the memory pool.
Tuning:
Cannot be set anymore.
timer_wheel_tick
Purpose:
Specifies the slot interval of the timer wheel, in ticks, where a tick=1000/HZ=10ms.
Tuning:
This attribute is used with tcp_low_rto attribute to reduce the TCP timeout values to smaller units.
tn_filter
Purpose:
The option is valid for Trusted AIX environment only. If the option is disabled in this environment, the MAC checks are bypassed at the IP layer.
udp_bad_port_limit
Purpose:
Specifies the number of UDP packets to a port with no socket that can be received in a 500-millisecond period before UDP stops sending ICMP errors in response to such packets.
Tuning:
If set to 0, ICMP errors will always be sent when UDP packets are received for a bad port number. If greater than 0, it specifies the number of packets to be received before UDP stops sending ICMP errors.
udp_ephemeral_high
Purpose:
Specifies the largest port number to allocate for UDP ephemeral ports.
udp_ephemeral_low
Purpose:
Specifies the smallest port number to allocate for UDP ephemeral ports.
udp_inpcb_hashtab_siz
Purpose:
Specifies the size of the inpcb hash table for UDP connections. This table holds the inpcbs that is required for connection management and is implemented as a table of hash chains. A larger table means that the linked hash chains is smaller and lower traversal time on the average but the memory footprint is larger.
Tuning:
This value must be a prime number. This option impacts performance and must be used with extreme caution. Consult a performance analyst in case it is felt that the value must be changed. The execution environment can have an influence on the value. It is encouraged to maintain the system defined defaults as they tend to run optimally in most environments.
udp_pmtu_discover
Purpose:
Enables or disables path MTU discovery for UDP applications.
Tuning:
UDP applications must be written to use path MTU discovery. A value of 0 disables the feature, while a value of 1 enables it.
udp_recvspace
Purpose:
Specifies the system default socket buffer size for receiving UDP data.
Tuning:
Change when nonzero n in netstat -s report of udp: n socket buffer overflows. The udp_recvspace parameter must specify a socket buffer size less than or equal to the setting of the sb_max parameter. Increase size, preferably to multiple of 4096.
udp_send_perf
Purpose
Improves the UDP Transmit performance by caching address information and Memory Buffers (mbufs) that are used to transmit packets over a network.
Tunning
The default value is 0 and it disables caching. To enable caching, specify a value of 1. For example, to enable caching, enter the following command:
no -o udp_send_perf=1
udp_sendspace
Purpose:
Specifies the system default socket buffer size (in bytes) for sending UDP data.
Tuning:
The udp_sendspace attribute must specify a socket buffer size less than or equal to the setting of the sb_max attribute. udp_sendspace must be at least as large as the largest datagram size that the application sends. Increase size, preferably to multiple of 4096.
udp_ttl
Purpose:
Specifies the time to live (in seconds) for UDP packets.
udpcksum
Purpose:
Allows UDP checksum to be turned on/off.
Tuning:
A value of 0 turns it off; while a value of 1 turns it on.
use_sndbufpool
Purpose:
Enables caching of mbuf clusters to improve performance.
Tuning:
If this value is disabled, then to allocate a mbuf cluster, AIX allocates a cluster buffer and also a mbuf buffer to point to it, thus requiring two buffer allocation operations. Likewise, to free the cluster, two buffer free operations are required. With this option enabled, AIX maintains a cache of clusters for each cluster size that is being used. This improves performance by reducing overhead to allocate and free mbuf clusters. The default value of 1 enables this option on a system-wide scale. The mbuf cluster cache can be displayed by using the netstat -M command.

Compatibility Mode

When running in pre 5.2 compatibility mode that is controlled by the pre520tune attribute of sys0, see AIX 5.2 compatibility mode. The reboot values for parameters, except those of type Bosboot, are not applicable because in the pre 5.2 compatibility mode they are not applied during boot.

In pre 5.2 compatibility mode, setting reboot values to tuning parameters continues to be achieved by embedding calls to tuning commands in scripts that are called during the boot sequence. Parameters of type Reboot can therefore be set without the -r flag, so that existing scripts continue to work.

This mode is automatically turned ON when a machine is MIGRATED to AIX 5L Version 5.2. For complete installations, it is turned OFF and the reboot values for parameters are set by applying the content of the /etc/tunables/nextboot file during the reboot sequence. Only in that mode are the -r and -p flags fully functional. See Kernel Tuning in the Performance Tools Guide and Reference for details.

Security

Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.

Examples

  1. To display the maximum size of the mbuf pool, type:
    no -o thewall
  2. To reset the time to live for UDP packets its default size, type:
    no -d udp_ttl
  3. To change the default socket buffer sizes on your system, type:
    no -r -o tcp_sendspace=32768
    no -r -o udp_recvspace=32768
  4. To use a system as an internet work router over Internet Protocol networks, type:
     no -o ipforwarding=1
  5. To list the current and reboot value, range, unit, type and dependencies of all tunable parameters that are managed by the no command, type:
    no -L
  6. To display the help information about the udp_ephemeral_high option, type:
    no -h udp_ephemeral_high
  7. To permanently turn off the ip6srcrouteforward option, type:
    no -p -o ip6srcrouteforward=0
  8. To list the reboot values for all Network tuning parameters, type:
    no -r -a
  9. To list (spreadsheet format) the current and reboot value, range, unit, type and dependencies of all tunable parameters that are managed by the no command, type:
    no -x
  10. To log all allocations and frees of type mbuf or socket that are size 256 or 4096, type:
    no -o net_buf_type={mbuf:socket} -o net_buf_size={256:4096} -o net_malloc_police=1
  11. To log all allocations and frees of type mbuf, type:
    no -o net_buf_type={mbuf} -o net_buf_size={all} -o net_malloc_police=1
  12. To log all ns_allocs and ns_frees for en0 or en3 by using a 2000 events buffer size, type:
    no -o ndd_event_name={en0:en3} -o ndd_event_tracing=2000
  13. To log all ns_allocs and ns_frees for all en adapters by using a 2000 events buffer size, type:
    no -o ndd_event_name={en} -o ndd_event_tracing=2000
  14. To log all ns_allocs and ns_frees for all adapters, type:
    no -o ndd_event_name={all} -o ndd_event_tracing=1