Red Hat DIRECTORY SERVER 8.0 Installation Manual page 30

Chapter 2. System Requirements
2.2.4.2.2. TCP Tuning
Edit the Solaris TCP configuration Directory Server can access local system ports better. If tuned
properly, this may enhance network connection speeds. The maximum achievable throughput for a
single TCP connection is determined by several factors, including the maximum bandwidth on the
slowest link on the path, bit errors that limit connections, and the total round-trip time.
The configuration that must be edited is in the /dev/tcp directory. Reset the following parameters:
• tcp_time_wait_interval determines the time (in milliseconds) that a TCP connection remains
in a kernel's table after being closed. If its value is above 30000 (or 30 seconds) and the directory is
being used in a LAN, MAN, or other network connection, reduce the value by modifying the /etc/
init.d/inetinit file:
ndd -set /dev/tcp tcp_time_wait_interval 30000
• The tcp_conn_req_max_q0 and tcp_conn_req_max_q parameters control the connection's
maximum backlog that gets accepted by the kernel. If a directory is used by a large number of client
hosts simultaneously, increase these values by at least 1024. Edit the /etc/init.d/inetinit
file:
ndd -set /dev/tcp tcp_conn_req_max_q0 1024
ndd -set /dev/tcp tcp_conn_req_max_q 1024
• The tcp_keepalive_interval setting determines the duration (in seconds) between the
keepalive packets sent for each open TCP connection. Edit this setting to remove client
connections that disconnect from the network.
• Check the tcp_rexmit_interval_initial parameter value for server maintenance testing on
a high speed LAN, MAN, or other network connection. For wide area networks, you do not have to
change the tcp_rexmit_interval_initial value.
• The tcp_smallest_anon_port setting determines the number of simultaneous server
connections. If you increase the rlim_fd_max value to over 4096, you must decrease the
tcp_smallest_anon_port value in the /etc/init.d/inetinit file.
ndd -set /dev/tcp tcp_smallest_anon_port 8192
• Reboot the Solaris machine to apply these changes.
2.2.4.2.3. DNS and NIS Requirements
It is very important that DNS and reverse DNS be working correctly on the host machine, especially if
you are using TLS/SSL or Kerberos with Directory Server.
Configure the DNS resolver and the NIS domain name by the modifying the /etc/resolv.conf, /
etc/nsswitch.conf, and /etc/netconfig files, and set the DNS resolver for name resolution.
Edit the /etc/defaultdomain file to include the NIS domain name. This ensures that the fully-
qualified host and domain names used for the Directory Server resolve to a valid IP address and that
that IP address resolves back to the correct hostname.
22