ISO8859-1Pf -   }  v@BE )!"$h%%&'())*x+2,6Q-4 .!/3"0#1U$1%u2|&2'4(Z6)S8*t9Z+O:,=-?.@c/@0A1BH2B3C4D559D6.F7bHG8I9Jn:K9;L<M=ZN>O2?P@RAS_BT`CVDWEX\FZ2G[.H \HI]iJl^[K `L(aMhbNceOmenPeQTfaRgSi:Tl8UJoVTqW9rfXsYt+ZUt[v \v]w^x_yf`za{b7}'c~_d~epf%g<hpXijklmnlo p"q'r}(stPuTvT>wxy,z {|}~l9"U\Z<p/+0}1w'E wua7OƇZ\wv͆ҹӻqwZ>YRڡOKDIې>+C ? - 1 } fnwrIdOEy?TWG d!I"#$%8&/'b5()T*+:,4-B./50B1=2T3A4K?5\6%7;8@J9=:;<s<=?N>?V~@AlBHC9PDE?FG?HI9JVKm\LM6NO\P-QwRJSTT)UcV^Wj3XYaZ[[ \ _]{ e^ _X ` @ar Fb cj d *eR 0f gu h( iI (j rkuilmgngo=dpPqr7st-GuAuv"w'xydzm{?e|}m~#k*\X{LI]%pZy"k(F1 C  !?!-!${$%*n%?&&\&b]'RH((&(M)&)tM*)*w+P+)+.$.1V13q4Y55^G6?6H7M7G8\(8l:;:V;@;O;;c;:>~? I?E@ SASA.BGBvTB|%BCD=F^FXnFG&BHI!bKKt@L8LV\LLMMGNNHNO=OO]QO P?9QMQ)Q;Q7QR+@S3St?UW8uXY3HY9YbZyZ[\9\\P]^=P__V`_`R7`Xj`9cHd5~f~=fbg;glk!kkl:^l@XlnVo sp py Uqd }q as8s'u VvHvw2Aw8wz?xG6xx}yhFyz-z3Q|y}"~>8 Hw!"cR#X$?%}O&'=s()tr*+,-=./=0-1)2B/3r45">6Xa78s9k6:;=<==>B?8@IA=-B-kCDBE4F:GRHb@IJ+K=L MND*OoPQR-SMT^SU+VWCXNYX)Specifies the maximum number of packets to queue while waiting for ARP responses. Default value is 1. This attribute is supported by Ethernet, 802.3, Token Ring and FDDI interfaces. The arpqsize value is increased to a minimum value of 5 when path MTU discovery is enabled. The value will not automatically decrease if path MTU discovery is subsequently disabled. The maximum is SHRT_MAX. arpqsize is a Dynamic attribute. Specifies the time in minutes before a complete ARP entry will be deleted. The default value is 20 minutes. Ranges from 20 to SHRT_MAX. arpt_killc is a Dynamic attribute. Specifies Address Resolution Protocol(ARP) table bucket size. The default value is 7. Ranges from 1 to SHRT_MAX. arptab_bsiz is a Reboot attribute. Specifies the number of ARP table buckets. The default value is 25. Ranges from 1 to SHRT_MAX arptab_nb is a Reboot attribute. Allows response to ICMP echo packets to the broadcast address. A value of 0 turn it off; while a value on 1 turns it on. Default is 0. bcastping is a Dynamic attribute. Specifies whether or not we are avoiding SYN attacks. If non-zero, clean_partial_conns specifies how many partial connections to randomly remove to make room for new non-attack connections. This is a Dynamic attribute. Ranges from 0 to SHRT_MAX. The default is 0, off. Delays ACKs for certain TCP packets and attempts to piggyback them with the next packet sent instead. This will only be performed for connections whose destination port is specified in the list of the delayackports attribute. This can be used to increase performance when communicating with an HTTP server. 0-No delays, normal operation; 1-Delay the ACK for the server's SYN; 2-Delay the ACK for the server's FIN; 3-Delay both the ACKs for the SYN and FIN. Specifies the list of destination ports for which the operation defined by the delayack port option will be performed. The attribute takes a list of up to ten ports, separated by commas and enclosed in curly braces. For example: no -o delayackports={80,30080}. To clear the list set the option to {}. Specifies how many consecutive packets must be lost before Dead Gateway Detection decides that a gateway is down. The default value is 3. Ranges from 1 to SHRT_MAX. dgd_packets_lost is a Dynamic attribute. Specifies how many seconds should pass between pings of a gateway by Active Dead Gateway Detection. The default value is 5. Ranges from 1 to LONG_MAX. Specifies how many minutes a route's cost should remain raised when it has been raised by Passive Dead Gateway Detection. After this many minutes pass, the route's cost is restored to its user-configured value. The default value is 5. Ranges from 1 to SHRT_MAX. Specifies whether or not to allow a directed broadcast to a gateway. The value of 1 allows packets to be directed to a gateway to be broadcast on a network on the other side of the gateway. directed_broadcast is a Dynamic boolean attribute. Enables more extensive statistics for network memory services. The default for this attribute is 1. However, because these extra statistics cause a reduction in system performance, extendednetstats is set to 0, for off, in /etc/rc.net. If these statistics are desired, it is recommended that the code in /etc/rc.net that sets extendednetstats to 0 be commented out. This is a Reboot attribute. Allows you to set the millisecond delay for the TCP fast timeout timer. Its range is 50 to 200 milliseconds. Reducing this timer value may improve performance with some non-IBM systems. However, this may also result in slightly increased system utilization. Default is 200 milliseconds. fasttimo is a Dynamic attribute. Specifies the upper limit for the number of ICMP v6 error messages that can be sent per second. This prevents excessive bandwidth being used by ICMP v6 error messages. The default is 10 msg/sec. Ranges from 1 to 255. icmp6_errmsg_rate is a Dynamic attribute Specifies whether the system responds to an ICMP address mask request. If the default value 0 is set, the network silently ignores any ICMP address mask request that it receives. icmpaddressmask is a Dynamic boolean attribute. Specifies IP multicasts on token ring should be mapped to the broadcast address rather than a functional address when value 1 is used. The default value is 0. ie5_old_multicast_mapping is a Dynamic boolean attribute. Specifies the maximum number of network interface structures per interface. The default value is 256. If the system detects at boot time that more adapters of a type are present than would be allowed by the current value of ifsize, it will automatically increase the value to support the number of adapters present, so there is no reason to change it in runtime. ifsize is a Reboot attribute. ifsize ranges from 8 to 1024. Lets you configure the inet interrupt stack table size. This is needed if you were running with unoptimized debug kernel and/or netinet. It is a load time attribute, and must be set in rc.net; changing it in running time has no effect. This is different from the pin more stack code because this is on interrupt. The pin more stack code is not configurable. inet_stack_size is specified in KB, the default is 16 KB. Ranges from 1 to SHRT_MAX. Specifies the default hop count that is used for IPv6 packets if no other hop count is specified. Default 64, ranges from 1 to 255. ip6_defttl is a Dynamic attribute. Specifies how often to check the IPv6 routing table for expired routes. The default is 2 seconds. Ranges from 1 to LONG_MAX. It is a Dynamic attribute. Specifies whether the kernel should forward ipv6 packets. The default value of 0 prevents forwarding of ipv6 packets when they are not for the local systems. A value of 1 enables forwarding. This is a Dynamic boolean attribute. Specifies whether the system forwards source-routed IPv6 packets. The default value of 1 allows the forwarding of source-routed packets. A value of 0 causes all source-routed packets that are not at their destinations to be discarded. It is a Dynamic boolean attribute. Specifies whether the kernel should forward packets. The default value of 0 prevents forwarding of IP packets when they are not for the local system. A value of 1 enables forwarding. ipforwarding is a Dynamic boolean attribute. Specifies the time to live for IP fragments. The default value is 60 half-seconds. Ranges from 60 to 255. ipfragttl is a Dynamic attribute. Specifies whether or not to process redirects that are received. The default value of 0 processes redirects as usual. A value of 1 ignores redirects. ipignoreredirects is a Dynamic attribute. Specifies the number of received packets that can be queued on the IP protocol input queue. Ranges from 100 to LONG_MAX, default 100. ipqmaxlen is a Reboot attribute. Specifies whether the kernel should send redirect signals. The default value of 1 sends redirects. A value of 0 does not send redirects. ipsendredirects is a Dynamic boolean attribute. Specifies whether the system forwards source routed packets. The default value of 1 allows the forwarding of source routed packets. A value of 0 causes all source routed packets that are not at their destinations to be discarded. This is a Dynamic attribute. Specifies whether the system accepts source routed packets. The default value of 0 causes all source routed packets destined for this system to be discarded. A value of 1 allows source routed packets to be received. This is a Dynamic boolean attribute. Specifies whether applications can send source routed packets. The default value of 1 allows source routed packets to be sent. A value of 0 causes setsockopt to return an error if an application attempts to set the source routing option, and removes any source routing options from outgoing packets. This is a Dynamic boolean attribute. Specifies timeout value in seconds for link local timeouts (used when multi_homed=1). Ranges from from default value 3 to LONG_MAX. llsleep_timeout is a Dynamic attribute. Specifies the maximum number of bytes that can be allocated using the allocb call for the BPRI_LO priority. When the total amount of memory allocated by the net_malloc call reaches this threshold, then the allocb request for the BPRI_LO priority returns 0. The lowthresh attribute represents a percentage of the thewall attribute and you can set its value from 0 to 100. Default is 90. Specifies the interface to use for link local addresses. This is only used by autoconf6 to setup initial routes.Default is 0. It is a Dynamic boolean option. Specifies the interface to use for site local address routing. This is only used if multi_homed is set to 3. The default of this Dynamic boolean attribute is 0. Specifies the maximum number of ipv6 packet reassembly queues. The default is 20. This Dynamic attribute ranges from 1 to SHRT_MAX. Specifies the time to live for RIP packets. The default is 255 seconds. This Dynamic attribute ranges from 1 to 255. Specifies the maximum number of bytes that can be allocated using the allocb call for the BPRI_MED priority. When the total amount of memory allocated by the net_malloc call reaches this threshold, then the allocb request for the BPRI_MED priority returns 0. The medthresh attribute represents a percentage of the thewall attribute and you can set its value from 0 to 100. This is a Dynamic attribute and the default value is 95 (95%% of thewall attribute). Specifies the level of multi-homed ipv6 host support. 0: Indicates the original functionality in AIX 4.3; 1: Indicates that link local addresses will be a resolved by querying each interface for the link local address; 2: Indicates that link local addresses will only be examined for the interface defined by main_if6; 3: Indicates that link local addresses will only be examined for the interface defined by main_if6 and site local addresses will only be routed for the main_site6 interface. Specifies the total maximum amount of memory that can be used for the Network Buffer Cache. This attribute is in number of KBytes. The default value is derived from thewall. When the cache grows to this limit, the least-used cache objects are flushed out of cache to make room for the new ones. This Dynamic attribute ranges from 0 to USHRT_MAX. Specifies the maximum size of the cache object allowed in the Network Buffer Cache without using the private segments. This parameter is in number of bytes, the default being 131,072 (128K) bytes. A data object bigger than this size is either cached in a private segment or is not cached at all. This attribute, ranges from 0 to LONG_MAX. Specifies the minimum size of the cache object allowed in the Network Buffer Cache. This attribute is in number of bytes, the default being 1 byte. A data object smaller than this size is not put into the NBC. This attribute only applies to AIX 4.3.2 or later for send_file() API and some Web servers that use the get engine in the kernel, ranges from 1 to nbc_max_cache. Specifies the maximum number of private segments that can be created for the Network Buffer Cache. The default value is 0. When this option is set at non-0, a data object between the size specified in nbc_max_cache and the segment size (256MB) is cached in a private segment. A data object bigger than the segment size is not cached at all. When the maximum number of private segments exist, cache data in private segments may be flushed for new cache data so that the number of private segments do not exceed the limit. When nbc_pseg is set to 0, all cache in private segments are flushed. Specifies the maximum amount of cached data size allowed in private segments in the Network Buffer Cache. This value is expressed in KBytes. The default value is half of the total real memory size on the running system. Since data cached in private segments are pinned by the Network Buffer Cache, nbc_pseg_limit controls the amount of pinned memory used for the Network Buffer Cache in addition to the network buffers in global segments. When the amount of cached data reaches this limit, cache data in private segments may be flushed for new cache data so that the total pinned memory size doesn't exceed the limit. When nbc_pseg_limit is set to 0, all cache in private segments is flushed. Specifies the maximum number of Multicast NDP packets to send. The default is value is 3. This Dynamic attribute ranges from 0 to LONG_MAX. Specifies the maximum number of Unicast NDP packets to send. The default is value is 3. This Dynamic attribute ranges from 0 to LONG_MAX. Specifies the number of packets to hold waiting on completion of a Neighbor Discovery Protocol (NDP) entry. The default is 50 packets. This Dynamic attribute ranges from 1 to SHRT_MAX. Specifies the time, in half seconds, to hold down a NDP entry. The default value is 3 units, or 1.5 seconds. This Dynamic attribute ranges from 1 to LONG_MAX. Specifies the time, in half seconds, to keep a NDP entry. The default value is 120 or 60 seconds. This Dynamic attribute ranges from 1 to LONG_MAX. Specifies the time, in half seconds, to delay before sending their first NDP probe. The default value is 5 units, or a 2.5 seconds. This Dynamic attribute ranges from 1 to LONG_MAX. Specifies the time, in half seconds, to test if a NDP entry is still valid. The default is 30, or 15 seconds. This Dynamic attribute ranges from 1 to LONG_MAX. Specifies the time, in half seconds, to wait before retransmitting a NDP request. The default is 1, or a half second. This Dynamic attribute ranges from 1 to LONG_MAX. It is used as boolean attribute for mask with each bucket requesting that such fragments be promoted to full pages. Settable via the no command, or via bosdebug and bosboot. These variables are zapped by bosboot if the bosdebug -n command was run to specify net memory sizes to be promoted. Default value is 0. Specifies the size of the net_malloc/net_free trace buffer. If the value of this variable is non-zero all net_malloc and net_free's will be traced in a kernel buffer and by system trace hook HKWD_NET_MALLOC. Additional error checking will also be enabled. This includes checks for freeing a free buffer, alignment, and buffer overwrite. The default value is zero (policing off). Values of net_malloc_police larger than 1024 will allocate that many items in the kernel buffer for tracing. net_malloc_police is a Dynamic attribute ranges from 0 to LONG_MAX. Tells the Internet Protocol that strictly source-routed packets may be addressed to hosts outside the local network. A default value of 0 disallows addressing to outside hosts. The value of 1 allows packets to be addressed to outside hosts. Loosely source routed packets are not affected by this attribute. nonlocsrcroute is a Dynamic boolean attribute. Specifies the maximum number (should be at least 8) of modules that you can push onto a single Stream. This is a Reboot attribute and the default value is set to 8. It ranges from 8 to SHRT_MAX. Specifies whether Passive Dead Gateway Detection is enabled. A value of 0 turns it off, and a value of 1 enables it for all gateways in use. The default value is 0. This is a Dynamic boolean attribute. This option is now unused because UDP applications are now required to always set IP_DONTFRAG socket option to be able to detect decreases in Path MTU. The default value is 10 minutes. This is a Dynamic attribute. Specifies the default amount of time (in minutes) before the path MTU value for UDP and TCP paths are checked for a higher value. A value of 0 allows no path MTU rediscovery. The default value is 30 minutes. This Dynamic attribute ranges from 0 to SHRT_MAX. Specifies the maximum number of bufcalls to allocate by Streams. The Stream subsystem allocates certain number of bufcall structures at initialization, so that when the allocb call fails, the user can register their requests for the bufcall. You are not allowed to lower this value until the system reboots, at which time it returns to its default value. This is a Dynamic attribute and the default value is set to 20. It ranges from 20 to LONG_MAX. Controls the number of stream buffers. This Dynamic boolean attribute default value is 1. Specifies the maximum size of the interrupt stack allowed by Streams while running in the offlevel. Sometimes, when a process running other than INTBASE level enters into a Stream, it encounters a stack overflow problem because the interrupt stack size is too small. Setting this attribute properly reduces the chances of stack overflow problems. This is a Reboot attribute and the default value is set to 0x3000. It ranges from 0x3000 to LONG_MAX. Specifies the maximum number of timers to allocate by Streams. The Stream subsystem allocates certain a number of timer structures at initialization, so that the streams driver or module can register their timeout calls. You are not allowed to lower this value until the system reboots, at which time it returns to its default value. This is a Dynamic attribute and the default value is set to 20, ranges from 20 to LONG_MAX. Count the millisecs after a shaping timer kicked off to check if any data being shaped has been sent or not. Default value is 50 ms. Ranges from 10ms to 16000 ms. It is a Dynamic attribute. Performs address validation as specified by RFC1122, Requirements for Internet Hosts-Communication Layers. The default value of 0 does not perform address validation. A value of 1 performs address validation. rfc1122addrchk is a Dynamic boolean attribute. Enables TCP enhancements as specified by RFC 1323, TCP Extensions for High Performance. The default value of 0 disables the RFC enhancements on a system-wide scale. A value of 1 specifies that all TCP connections will attempt to negotiate the RFC enhancements. The SOCKETS application can override the default behavior on individual TCP connections, using the setsockopt subroutine. rfc1323 is a Dynamic attribute. In AIX 4.3.3 and later versions, the rfc1323 network option can also be set on a per interface basis via the ifconfig command. Enables the increasing of TCP's initial window as described in RFC 2414. The default is off (0). Set this to 1 to turn it on. When it is on, the initial window will depend on the setting of the tunable tcp_init_window. This feature is a Dynamic attribute. Specifies whether the route expires. A value of 0 allows no route expiration, which is the default. Negative values are not allowed for this option. route_expire is a Dynamic boolean attribute. The default value is 1. Specifies that each connection's cached route should be revalidated each time a new route is added to the routing table. This will ensure that applications that keep the same connection open for long periods of time (for example NFS) will use the correct route after routing table changes occur. The default value of 0 does not revalidate the cached routes. Turning this option on may cause some performance degradation. routerevalidate is a Dynamic boolean attribute. Specifies the TCP Retransmit Time out high value used in calculating factors and the maximum retransmits allowable used in TCP data segment retransmits. rto_high is the high factor. Default is 64. rto_high is a Reboot attribute. Rnages 2 to LONG_MAX. Specifies the TCP Retransmit Time Out length value used in calculating factors and the maximum retransmits allowable used in TCP data segment retransmits. rto_length is the total number of time segments. Default is 13. rto_length is a Reboot numeric attribute ranges from 1 to 64. Specifies the TCP Retransmit Time out limit value used in calculating factors and the maximum retransmits allowable used in TCP data segment retransmits. rto_limit is the number of time segments from rto_low to rto_high. Default is 7. rto_limit is a Reboot attribute ranges from 1 to 64. Specifies the TCP Retransmit Time Out low value used in calculating factors and the maximum retransmits allowable used in TCP data segment retransmits. rto_low is the low factor. Default 1. rto_low is a Reboot attribute ranges from 1 to 63. Enables TCP Selective Acknowledgment as described in RFC 2018. A value of 1 will make all TCP connections negotiate sack. Default is zero which disables the negotiation. sack feature needs support from the peer TCP. The negotiation phase during connection initiation determines that. When receiving out of order segments, Selective Acknowledgments from the receiver will inform the sender of data that has been received so that the sender can retransmit only the missing segments resulting in less unnecessarily retransmitted segments. sack is useful for recovering fast from multiple packet drops in a window of data. Specifies the maximum buffer size allowed for a socket. The default is 1048576 bytes. sb_max is a Dynamic attribute, ranges from 1 to LONG_MAX. Increase size, preferably to multiple of 4096. Should be approximately two to four times the largest socket buffer limit. Specifies the cache validation duration for all the file objects that system call send_file accessed in the Network Buffer Cache. This attribute is in number of seconds, the default is 300 for 5 minutes, value ranges from 0 to LONG_MAX. 0 means that the cache will be validated for every access. Specifies the maximum interface number for site local routing. Default is 0, ranges from 0 to SHRT_MAX. Specifies the maximum amount of network memory that can be allocated for sockets. When the total amount of memory allocated by the net_malloc subroutine reaches this threshold, the socket and socketpair system calls fail with an error of ENOBUFS. Incoming connection requests are silently discarded. Existing sockets can continue to use additional memory. The sockthresh attribute represents a percentage of the thewall attribute, with possible values of 1 to 100 and a default of 85. sockthresh is a Dynamic attribute. Specifies whether the newly created sockets will have SO_DEBUG flag on. This is a Dynamic boolean attribute. Specifies the maximum listen backlog. The default is 1024 bytes. Value ranges from 0 to SHRT_MAX. somaxconn is a Dynamic attribute. Specifies the maximum number of bytes of information that a single system call can pass to a Stream to place into the control part of a message (in an M_PROTO or M_PCPROTO block). A putmsg call with a control part exceeding this size will fail with ERANGE. This Dynamic attribute default value is set to 1024 and ranges from 1 to SHRT_MAX. Specifies the maximum number of bytes of information that a single system call can pass to a Stream to place into the data part of a message (in M_DATA blocks). Any write call exceeding this size is broken into multiple messages. A putmsg call with a data part exceeding this size will fail with ERANGE. This Dynamic attribute default value is set to 1024 and ranges from 1 to SHRT_MAX. Specifies the maximum number of bytes Streams are normally allowed to allocate. When the threshold is passed, does not allow users without the appropriate privilege to open Streams, push modules, or write to Streams devices, and returns ENOSR. The threshold applies only to output side and does not affect data coming into the system (e.g. console continues to work properly). A value of zero means that there is no threshold. The strthresh attribute represents a percentage of the thewall attribute and you can set its value from 0 to 100. The thewall attribute indicates the maximum number of bytes that can be allocated by Streams and Sockets using the net_malloc call. When you change thewall attribute, the threshold gets updated accordingly. Default as 85%%. Specifies the maximum number of requests handled by the current running thread for Module or Elsewhere level Streams synchronization.The Module level synchronization works in such a way that only one thread can run in the module at any time and all other threads which try to acquire the same module will enqueue their requests and leave. After the current running thread completes its work, it dequeues all the previously enqueued requests one by one and invokes them. If there are a large number of requests enqueued in the list, then the current running thread has to serve everyone and will always be busy serving others and starves itself. To avoid this the current running thread serves only the strturncnt number of threads, after that a separate kernel thread wakes up and invokes all the pending requests. This is a Dynamic attribute and the default value is set to 15. It ranges from 1 to LONG_MAX. Determines if a packet address is on the local network. This attribute is used by the in_localaddress subroutine. The default value of 1 specifies that addresses that match the local network mask are local. If the value is 0, only addresses matching the local subnetwork are local. subnetsarelocal is a Dynamic boolean attribute. Specifies the number of TCP packets to a port with no socket that can be received in a 500 millisecond period before TCP stops sending resets in response to such packets. When it is set as its default value 0, resets will always be sent when TCP packets are received for a bad port number. This Dynamic attribute ranges from 1 to LONG_MAX. Enables TCP level support for Explicit Congestion Notification as described in RFC 2481. Default is off (0). Turning it on (1) will make all connections negotiate ECN capability with the peer. For this feature to work you need support from the peer TCP and also IP level ECN support from the routers in the path. Specifies the largest port number to allocate for TCP ephemeral ports. The default is 65535. Ranges from tcp_ephemeral_low+1 to SHRT_MAX. Specifies the smallest port number to allocate for TCP ephemeral ports. The default is 32768.Ranges from 1024 to tcp_ephemeral_high-1. This value is used only when rfc2414 is turned on (ignored otherwise). If rfc2414 is on and this value is zero, then the initial window computation is done according to rfc2414. If this value is non-zero, the initial(congestion) window is initialized a number of maximum sized segments equal to tcp_init_window. Default 0, maximum SHRT_MAX. tcp_keepcnt represents the number of keepalive probes that could be sent before terminating the connection. The default value of this Dynamic attribute is 8. It ranges from 0 to LONG_MAX. Specifies the length of time to keep the connection active, measured in half seconds. The default is 14,400 half seconds (7200 seconds or 2 hours). Ranges from 1 to SHRT_MAX, tcp_keepidle is a Dynamic attribute. Sets the initial timeout value for a tcp connection. This value is defined in 1/2 second units, and defaults to 150, which is 75 seconds. It can be changed to any value between 1 to LONG_MAX with the -o flag. tcp_keepinit is a Dynamic attribute. Specifies the interval, measured in half seconds, between packets sent to validate the connection. The default is 150 half seconds (75 seconds). Ranges from 1 to LONG_MAX. tcp_keepintvl is a Dynamic attribute. Enables the feature that enhances TCP's loss recovery as described in the RFC 3042. The default is on (1). To turn it off set it to zero. This is a Dynamic attribute. Specifies the number of back-to-back packets that TCP can send before pausing to allow those packets to be forwarded to their destination. This can be useful if routers are unable to handle large bursts of TCP packets and are dropping some of them. Default value is 0, means no limitation for back-to-back packets before pausing. Ranges from 0 to SHRT_MAX. It is a Dynamic attribute. Default maximum segment size used in communicating with remote networks. tcp_mssdflt is only used if path MTU discovery is not enabled or path MTU discovery fails to discovery a path MTU. tcp_mssdflt is a Dynamic attribute. The default value is 512. Ranges from 0 to PMTU-52. In AIX 4.3.3 and later versions, the tcp_mssdflt network option can also be set on a per interface basis via the ifconfig command. This is the Nagle Algorithm threshold in bytes which can be used to disable Nagle. The default (65535 - the maximum size of IP packet) is Nagle turned on. To disable Nagle, set this value to 0 or 1. TCP disables Nagle for data segments larger than or equal to this threshold value. This is a Dynamic attribute. Specifies the number of tcp_debug structures. The default is 100. Ranges from 0 to SHRT_MAX. tcp_ndebugis a Dynamic attribute. Enables the modification to TCP's Fast Recovery algorithm as described in RFC 2582. This fixes the limitation of TCP's Fast Retransmit algorithm to recover fast from dropped packets when multiple packets in a window are dropped. sack also achieves the same thing but sack needs support from both ends of the TCP connection; the NewReno modification is only on the sender side. The default is on (1). Specifies that sockets using TCP over this interface follow the Nagle algorithm when sending data. By default, TCP follows the Nagle algorithm. This boolean attribute default value is 0. 'ifconfig interface tcp_nodelay NewValue' OR 'chdev -l interface -a tcp_nodelay=NewValue' The ifconfig command sets values temporarily, making it useful for testing. The chdev command alters the ODM, so custom values remained after system reboots. Enables or disables path MTU discovery for TCP applications. A value of 0 disables path MTU discovery for TCP applications, while a value of 1 enables it. The default value is 0. tcp_pmtu_discover is a Dynamic attribute. The default value is 1. Specifies the system default socket buffer size for receiving data. This affects the window size used by TCP. Setting the socket buffer size to 16KB (16,384) improves performance over Standard Ethernet and token-ring networks. The default is a value of 4096; however, a value of 16,384 is set automatically by the rc.net file or the rc.bsdnet file (if Berkeley-style configuration is issued). Lower bandwidth networks, such as Serial Line Internet Protocol (SLIP), or higher bandwidth networks, such as Serial Optical Link, should have different optimum buffer sizes. The optimum buffer size is the product of the media bandwidth and the average round-trip time of a packet. In AIX 4.3.3 and later versions, the tcp_recvspace network option can also be set on a per interface basis via the ifconfig command. The tcp_recvspace attribute must specify a socket buffer size less than or equal to the setting of the sb_max attribute. tcp_recvspace is a Dynamic attribute, but for daemons started by inetd, the following command needs to be executed: 'stopsrc -s inetd ; startsrc -s inetd' Specifies the system default socket buffer size for sending data. This affects the window size used by TCP. Setting the socket buffer size to 16KB (16,384) improves performance over Standard Ethernet and Token-Ring networks. The default is a value of 4096; however, a value of 16,384 is set automatically by the rc.net file or the rc.bsdnet file (if Berkeley-style configuration is issued). Lower bandwidth networks, such as Serial Line Internet Protocol (SLIP), or higher bandwidth networks, such as Serial Optical Link, should have different optimum buffer sizes. The optimum buffer size is the product of the media bandwidth and the average round-trip time of a packet: 'optimum_window=bandwidth * average_round_trip_time'. In AIX 4.3.3 and later versions, the tcp_sendspace network option can also be set on a per interface basis via the ifconfig command. The tcp_sendspace attribute must specify a socket buffer size less than or equal to the setting of the sb_max attribute. tcp_sendspace is a Dynamic attribute, but for daemons started by inetd, the following command needs to be executed: 'stopsrc -s inetd ; startsrc -s inetd' The tcp_timewait option is used to configure how long connections are kept in the timewait state. It is given in 15 second intervals, and the default is 1. This Dynamic attribute's range is 1 to 5. Specifies the time to live for TCP packets. The default is 60 ticks (100 ticks per minute). This Dynamic attribute ranges from 60 to 255. Specifies the maximum amount of memory, in kilobytes, that is allocated to the memory pool. thewall is a Static attribute, its value is set at the smallest of 1/2 real memory and 6.5 gigabytes, decided by system configuration. Specifies the number of UDP packets to a port with no socket that can be received in a 500 millisecond period before UDP stops sending ICMP errors in response to such packets. If set to 0, ICMP errors will always be sent when UDP packets are received for a bad port number. If greater than 0, it specifies the number of packets to be received before UDP stops sending ICMP errors. This Dynamic attribute ranges from 0 to LONG_MAX. Specifies the largest port number to allocate for UDP ephemeral ports. The default is 65535. ranges from udp_ephemeral_low+1 to 65535. This attribute is available only in 4.3.1 and later. Specifies the smallest port number to allocate for UDP ephemeral ports. The default is 32768. The Dynamic attribute ranges from 1 to udp_ephemeral_high-1. Enables or disables path MTU discovery for UDP applications. UDP applications must be specifically written to utilize path MTU discovery. A value of 0 disables the feature, while a value of 1 enables it. udp_pmtu_discover is a Dynamic attribute. The default value is 1 (enabled). Specifies the system default socket buffer size for receiving UDP data. The default is 41,600 bytes. The udp_recvspace attribute must specify a socket buffer size less than or equal to the setting of the sb_max attribute. udp_recvspace is a Dynamic attribute. Specifies the system default socket buffer size for sending UDP data. The default is 9216 bytes. The udp_sendspace attribute must specify a socket buffer size less than or equal to the setting of the sb_max attribute. udp_sendspace is a Dynamic attribute. Specifies the time to live for UDP packets. The default is 30 seconds. udp_ttl is a Dynamic attribute ranged from 30 to 255. Allows UDP checksum to be turned on/off. A value of 0 turns it off; while a value of 1 turns it on. Default is 1. udpcksum is a Dynamic attribute. Note: If you use the tcp_recvspace, tcp_sendspace, udp_recvspace or udp_sendspace attribute to specify a socket to a buffer size larger than the sb_max attribute default, you must set the sb_max attribute to an equal or greater value. Otherwise, the socket system call returns the ENOBUFS error message when an application tries to create a socket. Enables the use of Interface Specific Network Options. The default value is 1 (enabled). If the TCP tunable parameters per interface (tunable through SMIT or the chdev command) have been set, they will override the TCP global values if use_isno is set to 1. Application can still override all of these with the setsockopt() subroutine. Specifies the size of the inpcb hash table for TCP connections. This table holds the inpcbs required for connection management and is implemented as a table of hash chains. A larger table means that the linked hash chains will be smaller and lower traversal time on the average but the memory footprint will be larger. Minimum value is 1, max is 999999. This option impacts performance and should be used with extreme caution. Please consult a performance analyst in case it is felt that the value needs to be changed. The execution environment could have an influence on the value. It i strongly encouraged to maintain the system defined defaults as they tend to execute optimally in most environments. It is a loadtime option and should be changed through Smit or WebSM for post-5.2 systems and takes effect after the reboot. Default size is 24999. Specifies the size of the inpcb hash table for UDP connections. This table holds the inpcbs required for connection management and is implemented as a table of hash chains. A larger table means that the linked hash chains will be smaller and lower traversal time on the average but the memory footprint will be larger. Minimum value is 1, max is 999999. This option impacts performance and should be used with extreme caution. Please consult a performance analyst in case it is felt that the value needs to be changed. The execution environment could have an influence on the value. It i strongly encouraged to maintain the system defined defaults as they tend to execute optimally in most environments. It is a loadtime option and should be changed through Smit or WebSM for post-5.2 systems and takes effect after the reboot. Default size is 24999. Specifies the length of time to wait in the FIN_WAIT2 state before closing the connection, measured in half seconds. The default is 1,200 half seconds (600 seconds or 10 minutes). Ranges from 0 to USHRT_MAX. tcp_finwait2 is a runtime (dynamic) attribute. Specifies how often to check the IPv6 routing table for expired routes. The default is 1 second. Ranges from 1 to LONG_MAX. It is a Dynamic attribute. Specifies the time, in half seconds, to hold down a NDP entry. The default value is 3 units, or 1.5 seconds. This Dynamic attribute ranges from 1 to LONG_MAX. Starting from AIX 52B, this tunable becomes obsolete. Specifies the maximum buffer size allowed for a socket. The default is 1048576 bytes. sb_max is a Connect attribute, ranges from 1 to LONG_MAX. Increase size, preferably to multiple of 4096. Should be approximately two to four times the largest socket buffer limit. Specifies the maximum listen backlog. The default is 1024 bytes. Value ranges from 0 to SHRT_MAX. somaxconn is a Connect attribute. Enables TCP enhancements as specified by RFC 1323, TCP Extensions for High Performance. The default value of 0 disables the RFC enhancements on a system-wide scale. A value of 1 specifies that all TCP connections will attempt to negotiate the RFC enhancements. The SOCKETS application can override the default behavior on individual TCP connections, using the setsockopt subroutine. rfc1323 is a Connect attribute. In AIX 4.3.3 and later versions, the rfc1323 network option can also be set on a per interface basis via the ifconfig command. Enables the increasing of TCP's initial window as described in RFC 2414. The default is off (0). Set this to 1 to turn it on. When it is on, the initial window will depend on the setting of the tunable tcp_init_window. This feature is a Connect attribute. Enables TCP Selective Acknowledgment as described in RFC 2018. A value of 1 will make all TCP connections negotiate sack. Default is zero which disables the negotiation. sack feature needs support from the peer TCP. The negotiation phase during connection initiation determines that. When receiving out of order segments, Selective Acknowledgments from the receiver will inform the sender of data that has been received so that the sender can retransmit only the missing segments resulting in less unnecessarily retransmitted segments. sack is useful for recovering fast from multiple packet drops in a window of data. Enables TCP level support for Explicit Congestion Notification as described in RFC 2481. Default is off (0). Turning it on (1) will make all connections negotiate ECN capability with the peer. For this feature to work you need support from the peer TCP and also IP level ECN support from the routers in the path. This value is used only when rfc2414 is turned on (ignored otherwise). If rfc2414 is on and this value is zero, then the initial window computation is done according to rfc2414. If this value is non-zero, the initial(congestion) window is initialized a number of maximum sized segments equal to tcp_init_window. Default 0, maximum SHRT_MAX. Specifies the length of time to keep the connection active, measured in half seconds. The default is 14,400 half seconds (7200 seconds or 2 hours). Ranges from 1 to SHRT_MAX, tcp_keepidle is a Connect attribute. Specifies the interval, measured in half seconds, between packets sent to validate the connection. The default is 150 half seconds (75 seconds). Ranges from 1 to LONG_MAX. tcp_keepintvl is a Connect attribute. Default maximum segment size used in communicating with remote networks. tcp_mssdflt is only used if path MTU discovery is not enabled or path MTU discovery fails to discovery a path MTU. tcp_mssdflt is a Connect attribute. The default value is 512. Ranges from 0 to PMTU-52. In AIX 4.3.3 and later versions, the tcp_mssdflt network option can also be set on a per interface basis via the ifconfig command. Specifies the system default socket buffer size for receiving data. This affects the window size used by TCP. Setting the socket buffer size to 16KB (16,384) improves performance over Standard Ethernet and token-ring networks. The default is a value of 4096; however, a value of 16,384 is set automatically by the rc.net file or the rc.bsdnet file (if Berkeley-style configuration is issued). Lower bandwidth networks, such as Serial Line Internet Protocol (SLIP), or higher bandwidth networks, such as Serial Optical Link, should have different optimum buffer sizes. The optimum buffer size is the product of the media bandwidth and the average round-trip time of a packet. In AIX 4.3.3 and later versions, the tcp_recvspace network option can also be set on a per interface basis via the ifconfig command. The tcp_recvspace attribute must specify a socket buffer size less than or equal to the setting of the sb_max attribute. tcp_recvspace is a Connect attribute, but for daemons started by inetd, the following command needs to be executed: 'stopsrc -s inetd ; startsrc -s inetd' Specifies the system default socket buffer size for sending data. This affects the window size used by TCP. Setting the socket buffer size to 16KB (16,384) improves performance over Standard Ethernet and Token-Ring networks. The default is a value of 4096; however, a value of 16,384 is set automatically by the rc.net file or the rc.bsdnet file (if Berkeley-style configuration is issued). Lower bandwidth networks, such as Serial Line Internet Protocol (SLIP), or higher bandwidth networks, such as Serial Optical Link, should have different optimum buffer sizes. The optimum buffer size is the product of the media bandwidth and the average round-trip time of a packet: 'optimum_window=bandwidth * average_round_trip_time'. In AIX 4.3.3 and later versions, the tcp_sendspace network option can also be set on a per interface basis via the ifconfig command. The tcp_sendspace attribute must specify a socket buffer size less than or equal to the setting of the sb_max attribute. tcp_sendspace is a Connect attribute, but for daemons started by inetd, the following command needs to be executed: 'stopsrc -s inetd ; startsrc -s inetd' Specifies the time to live for TCP packets. The default is 60 ticks (100 ticks per minute). This Connect attribute ranges from 60 to 255. Specifies the system default socket buffer size for receiving UDP data. The default is 41,600 bytes. The udp_recvspace attribute must specify a socket buffer size less than or equal to the setting of the sb_max attribute. udp_recvspace is a Connect attribute. Specifies the system default socket buffer size for sending UDP data. The default is 9216 bytes. The udp_sendspace attribute must specify a socket buffer size less than or equal to the setting of the sb_max attribute. udp_sendspace is a Connect attribute. Specifies the time to live for UDP packets. The default is 30 seconds. udp_ttl is a Connect attribute ranged from 30 to 255. Specifies the maximum number of bufcalls to allocate by Streams. The Stream subsystem allocates certain number of bufcall structures at initialization, so that when the allocb call fails, the user can register their requests for the bufcall. You are not allowed to lower this value until the system reboots, at which time it returns to its default value. This is a Incremental attribute and the default value is set to 20. It ranges from 20 to LONG_MAX. Specifies the maximum number of timers to allocate by Streams. The Stream subsystem allocates certain a number of timer structures at initialization, so that the streams driver or module can register their timeout calls. You are not allowed to lower this value until the system reboots, at which time it returns to its default value. This is a Incremental attribute and the default value is set to 20, ranges from 20 to LONG_MAX. Specifies the smallest port number to allocate for UDP ephemeral ports. The default is 32768. The Dynamic attribute ranges from 1024 to udp_ephemeral_high-1. Turning this parameter on causes TCP to send immediate acknowledgement(Ack) packets to the sender. When tcp_nodelayack is off, TCP delays sending Ack packets by up to 200ms. This allows the Ack to be piggy-backed onto a response and minimizes system overhead. Default is 0 (off); Range is 0 or 1. This option can be used to overcome bugs in other implementations of the TCP nagle algorithm. Setting this option to 1 will cause slightly more system overhead, but can result in much higher performance for network transfers if the sender is waiting on the receiver's acknowledement. Specifies the size of the hash table used for hashing cache objects in the Network Buffer Cache. This hash table size applies to only opened file entries i.e. entries that cache files from the filesystem. Since this attribute resizes the hash table size and affects the hashing of all existing entries, this attribute can only be modified when the Network Buffer Cache is empty. This Dynamic type attribute ranges from 0 to LONG_MAX. Specifies the list of interface names for ns_alloc and ns_free events to be captured, when the trace of ns_alloc/ns_free events is enabled by setting the ndd_event_tracing option. Specifies the size of the ns_alloc/ns_free trace buffer.If the value of this option is non-zero all ns_alloc/ns_free events will be traced in a kernel buffer. The default value is zero (tracing off). Values of ndd_event_tracing larger than 1024 will allocate as many items in the kernel buffer for tracing. ndd_event_tracing is a Dynamic attribute ranges from 0 to LONG_MAX. Specifies a list of buffer sizes for net_malloc/net_free events to be captured. This dynamic attribute is a string of 127 characters maximum representing a list (up to 16) of sizes. If this attribute is not all, only net_malloc/net_free events of those sizes will be captured. The default value is all, meaning that the events of any size are captured. Specifies a list of buffer types for net_malloc/net_free events to be captured. This dynamic attribute is a string of 127 characters maximum representing a list of types. If the string is not empty and different from all, only net_malloc/net_free events of that type will be captured. The default value is all. Specifies whether the loopback traffic enabled or disabled. Default value of 0 disables the loopback traffic performance. A value of 1 enables loopback traffic performance. This is a reboot boolean attribute. Specifies the policy to be used for Multipath Routing. This imposes a global policy which is used unless the user configures a per Multipath Routing set policy. Default value of 1 implies that the Weighted Round-Robin policy is used. This works like plain round-robin when the weights are all default (1). This is a run-time attribute with a range of 1 to 5 where the values mean 1 - Weighted Round Robin 2 - Random 3- Weighted Random 4- Lowest Utilization Based 5- Hashed-based on Destination IP Address Specifies the maximum number of network interface structures per interface. This limit does not apply for ethernet interface structures for which the infrastructure expands dynamically to handle any number of ethernet interface structures. So the rest of the message applies to other interface types. The default value is 256. If the system detects at boot time that more adapters of a type are present than would be allowed by the current value of ifsize, it will automatically increase the value to support the number of adapters present, so there is no reason to change it in runtime. ifsize is a Reboot attribute. ifsize ranges from 8 to 1024. Specifies whether send buffer pool usage for sockets to be enabled(1) or disbaled(0). The default value is 1. It is a load time, boolean option. Specifies the default amount of time (in minutes) before which the path MTU entries with reference count of zero are deleted. A value of 0 suggests that the pmtu entries will not expire. The default value is 10 minutes. This dynamic attribute ranges from 0 to SHRT_MAX. The tcp_tcpsecure option is used to protect TCP connections from one or more of the following three vulnerabilities. The first vulnerability refers to sending a fake SYN to an established connection aborts the connection. The tcp_tcpsecure value of 1 gives protection from this vulnerability. The second vulnerability refers to sending a fake RST to an established connection aborts the connection. tcp_tcpsecure value of 2 protects from this vulnerability. The third vulnerability refers to injecting fake data in an established TCP connection. tcp_tcpsecure value of 4 protects from this vulnerability. tcp_tcpsecure can take a minimum or default value of 0 (no protection from the above vulnerabilities) and a maximum value of 7. The other values of 3,5,6 and 7 will protect the connection from a combination of the above three vulnerabilities. tcp_tcpsecure is a Dynamic attribute. Specifies the maximum number of fragments of a IP packet that can be kept on IP reassembly queue at a time. The default value of 200 keeps upto 200 fragments of a large IP packet in the IP reassembly queue. ip_nfrag is a Dynamic attribute. Specifies whether SODEBUG process environment variable will be checked for the newly created sockets; if this is the case, these sockets will have SO_DEBUG flag on. This is a Connect boolean attribute. tcp_icmpsecure option is used to protect TCP connections from ICMP attacks. ICMP attacks are classified as blind throughput-reduction attacks. There are two known attacks : the ICMP Source Quench attack and the ICMP attack against PMTU Discovery mechanism. Specifies that when an interface address is deleted, all the existing TCP connections that were bound locally to the interface address deleted must be notified with error ENETDOWN. Specifies the number of consecutive duplicate acknowledgements which will cause TCP to goto fast retransmit phase. The default value for this network option is 3. Specifies the slot interval of the timer wheel, in ticks, where a tick=1000/HZ=10ms. The range of value for timer_wheel_tick is 0-100. The default value is 0. timer_wheel_tick is a loadtime attribute. Specifies the RTO, in ticks, for connections experiencing packet drops. The value ranges between 0 and 3000 milliseconds. The default value is 0. tcp_low_rto is a runtime attribute. Note: The option timer_wheel_tick must be set to non-zero value before setting tcp_low_rto option. Also, tcp_low_rto must be equal to or a multiple of ten times the timer_wheel_tick value. Enables the increasing of TCP's initial window as described in RFC 2414. The default is on (1). When it is on, the initial window will depend on the setting of the tunable tcp_init_window. This feature is a Connect attribute. Setting the option tcp_nagle_limit turns off the nagle algorithm system wide and setting tcp_nodelay option for a socket turns off the nagle algorithm for that specific connection whereas setting tcp_ nagleoverride disables the nagle algorithm only for certain situations during the connection.The default value is 0.The value of 1 disables nagle algorithm only for certain TCP packets in a connection. The option is valid for Trusted AIX environment only. If the option is disabled in this environment, the MAC checks are bypassed at the IP layer. The default value is 1. This option is a runtime attribute. Specifies the maximum number of packets to queue while waiting for ARP responses. This attribute is supported by Ethernet, 802.3, Token Ring and FDDI interfaces Specifies the time in minutes before a complete ARP entry will be deleted. To reduce ARP activity in a stable network, you can increase arpt_killc. Specifies Address Resolution Protocol(ARP) table bucket size. netstat -p arp will show the number of ARP packets sent and the number of ARP entries purged from the ARP table. If large number of entries are being purged, the ARP table size should be increased. Use arp -a to show the ARP table hashing distribution. Specifies the number of ARP table buckets. netstat -p arp will show the number of ARP packets sent and the number of ARP entries purged from the ARP table. If large number of entries are being purged, the ARP table size should be increased. Use arp -a to show the ARP table hashing distribution. Increase this value for systems that have a large number of clients or servers. The default provides for 149 x 7 = 1043 ARP entries, but assumes an even hash distribution. Allows response to ICMP echo packets to the broadcast address. A value of 0 turns it off; while a value on 1 turns it on. The default is to not respond to echo packets to a broadcast address. This prevents so called 'broadcast storms' on the network that can result when multiple machines respond to a broadcast address. Specifies whether or not we are avoiding SYN attacks. If non-zero, clean_partial_conns specifies how many partial connections to randomly remove to make room for new non-attack connections. A value of 0 disables this option. This option should be turned on for servers that need to protect against network attacks. Delays ACKs for certain TCP packets and attempts to piggyback them with the next packet sent instead. This action will only be performed for connections whose destination port is specified in the list of the delayackports attribute. This can be used to increase performance when communicating with an HTTP server by reducing the total number of packets sent. The parameter can have one of four values: 0-No delays, normal operation 1-Delay the ACK for the server's SYN 2-Delay the ACK for the server's FIN 3-Delay both the ACKs for the SYN and FIN. Specifies the list of destination ports for which the operation defined by the delayack port option will be performed. The attribute takes a list of up to ten ports, separated by commas and enclosed in curly braces. For example: no -o delayackports={80,30080}. To clear the list set the option to {}. Specifies how many consecutive packets must be lost before Dead Gateway Detection decides that a gateway is down. N/A. Specifies how many seconds should pass between pings of a gateway by Active Dead Gateway Detection. N/A. Specifies how many minutes a route's cost should remain raised when it has been raised by Passive Dead Gateway Detection. After this many minutes pass, the route's cost is restored to its user-configured value. N/A. Specifies whether or not to allow a directed broadcast to a gateway. The value of 1 allows packets to be directed to a gateway to be broadcast on a network on the other side of the gateway. Enables more extensive statistics for network memory services. Because these extra statistics cause a reduction in system performance on SMP systems, extendednetstats is set to 0, for off, in /etc/rc.net. If these statistics are desired, it is recommended that the code in /etc/rc.net that sets extendednetstats to 0 be commented out. Allows you to set the millisecond delay for the TCP fast timeout timer. This timeout controls how often the system scans the TCP control blocks to send delayed acknowledgments. Reducing this timer value may improve performance with some non-IBM systems. However, this may also result in slightly increased system utilization. Specifies the upper limit for the number of ICMP v6 error messages that can be sent per second. This prevents excessive bandwidth being used by ICMP v6 error messages. N/A. Specifies whether the system responds to an ICMP address mask request. If the value 0 is set, the network silently ignores any ICMP address mask request that it receives. Specifies IP multicasts on token ring should be mapped to the broadcast address rather than a functional address when value 1 is used. N/A. Specifies the maximum number of network interface structures per interface of a single type. This limit does not apply to ethernet interface structures for which the infrastructure expands dynamically to handle any number of ethernet interface structures. The ifsize needs to be large on machines that support hotplug adapters and on DLPAR configurations because adapters can be added on the fly and the static interface tables must be large enough to accept the worst case number of adapters that may be added for this system or partition. If the system detects at boot time that more adapters of a type are present that would be allowed by the current value of ifsize, it will automatically increase the value to support the number of adapters present. Lets you configure the inet interrupt stack table size. This is needed if you were running with unoptimized debug kernel or the netinet kernel extension. This is different from the pin more stack code (which is not configurable) because this is on interrupt. This parameter only needs to be changed if there is a system panic due to interrupt stack overflow. Specifies the default hop count that is used for IPv6 packets if no other hop count is specified. N/A. Specifies how often to check the IPv6 routing table for expired routes, in seconds. N/A. Specifies whether the kernel should forward ipv6 packets. The default value of 0 prevents forwarding of ipv6 packets when they are not for the local systems. A value of 1 enables forwarding. Specifies whether the system forwards source-routed IPv6 packets. A value of 1 allows the forwarding of source-routed packets. A value of 0 causes all source-routed packets that are not at their destinations to be discarded. Specifies whether the kernel should forward packets. Set this parameter to 1, if the system is acting as an IP router. Specifies the time to live for IP fragments in half-seconds. Check for fragments dropped after timeout (netstat -p ip). If value of IP: fragments dropped after timeout is nonzero, increasing ipfragttl may reduce retransmissions. Specifies whether or not to process redirects that are received. A value of 0 processes redirects as usual. A value of 1 ignores redirects. Specifies the number of received packets that can be queued on the IP protocol input queue. Examine ipintrq overflows (netstat -s) or use crash to access IP input queue overflow counter. Increase size if system is using a lot of loopback sessions. Most operating system network drivers call IP directly and do not use the IP queue. On these devices increasing ipqmaxlen has no effect. Specifies whether the kernel should send redirect signals. This is a configuration decision with performance consequences. Specifies whether the system forwards source routed packets. The default value of 1 allows the forwarding of source-routed packets. A value of 0 causes all source-routed packets that are not at their destinations to be discarded. Specifies whether the system accepts source routed packets. The default value of 0 causes all source-routed packets destined for this system to be discarded. A value of 1 allows source-routed packets to be received. Specifies whether applications can send source routed packets. The default value of 1 allows source-routed packets to be sent. A value of 0 causes setsockopt() to return an error if an application attempts to set the source routing option, and removes any source routing options from outgoing packets. Specifies timeout value in seconds for link local timeouts (used when multi_homed=1). N/A. Specifies the maximum number of bytes that can be allocated using the allocb call for the BPRI_LO priority. When the total amount of memory allocated by the net_malloc call reaches this threshold, then the allocb request for the BPRI_LO priority returns 0. The lowthresh attribute represents a percentage of the thewall attribute and you can set its value from 0 to 100. Specifies the interface to use for link local addresses. N/A. Specifies the interface to use for site local address routing. N/A. Specifies the maximum number of ipv6 packet reassembly queues. N/A. Specifies the time to live (in seconds) for RIP packets. N/A. Specifies the maximum number of bytes that can be allocated using the allocb call for the BPRI_MED priority. When the total amount of memory allocated by the net_malloc call reaches this threshold, then the allocb request for the BPRI_MED priority returns 0. The medthresh attribute represents a percentage of the thewall attribute. A typical setting of 95 represents 95% of thewall attribute. Specifies the level of multi-homed ipv6 host support. This will only be performed for connections whose destination port is specified in the list of the delayackports parameter. This can be used to increase performance when communicating with an HTTP server. The parameter can have one of four values: 0: Indicates the original functionality in AIX 4.3; 1: Indicates that link local addresses will be a resolved by querying each interface for the link local address; 2: Indicates that link local addresses will only be examined for the interface defined by main_if6; 3: Indicates that link local addresses will only be examined for the interface defined by main_if6 and site local addresses will only be routed for the main_site6 interface. Specifies the total maximum amount of memory that can be used for the Network Buffer Cache. This attribute is in number of KBytes. When the cache grows to this limit, the least-used cache objects are flushed out of the cache to make room for the new ones. Specifies the maximum size of the cache object allowed in the Network Buffer Cache without using the private segments. This parameter is in number of bytes. A data object bigger than this size is either cached in a private segment or is not cached at all. Specifies the minimum size of the cache object allowed in the Network Buffer Cache. This attribute is in number of bytes. A data object smaller than this size is not put into the NBC. This attribute only applies for send_file() API and some Web servers that use the get engine in the kernel. Specifies the maximum number of private segments that can be created for the Network Buffer Cache. When this option is set at non-0, a data object between the size specified in nbc_max_cache and the segment size (256MB) is cached in a private segment. A data object bigger than the segment size is not cached at all. When the maximum number of private segments exist, cache data in private segments may be flushed for new cache data so that the number of private segments do not exceed the limit. When nbc_pseg is set to 0, all cache in private segments are flushed. Specifies the maximum amount of cached data size allowed in private segments in the Network Buffer Cache. This value is expressed in KBytes. Since data cached in private segments are pinned by the Network Buffer Cache, nbc_pseg_limit controls the amount of pinned memory used for the Network Buffer Cache in addition to the network buffers in global segments. When the amount of cached data reaches this limit, cache data in private segments may be flushed for new cache data so that the total pinned memory size doesn't exceed the limit. When nbc_pseg_limit is set to 0, all cache in private segments is flushed. Specifies the maximum number of Multicast NDP Neighbor Discovery Protocol (NDP) packets to send. N/A. Specifies the maximum number of Unicast Neighbor Discovery Protocol (NDP) packets to send. N/A. Specifies the number of packets to hold waiting on completion of a Neighbor Discovery Protocol (NDP) entry (used by IPv6). N/A. Specifies the time, in half seconds, to keep a Neighbor Discovery Protocol (NDP) entry. N/A. Specifies the time, in half seconds, to delay before sending their first Neighbor Discovery Protocol (NDP) probe. N/A. Specifies the time, in half seconds, to test if a Neighbor Discovery Protocol (NDP) entry is still valid. N/A. Specifies the time, in half seconds, to wait before retransmitting a NDP request. N/A. It is used as boolean attribute for mask with each bucket requesting that such fragments be promoted to full pages. Allows promotion of allocations smaller than 1 page to full pages for better detection of memory overwriting problems. It's a mask for each bucket size requesting so that such fragments should be promoted to full pages. Enabling this option for memory fragments will result in lower performance. Specifies the size of the net_malloc and net_free trace buffers per CPU. net_malloc_police is a built in functionality inside network memory allocator to help debug problems caused by network memory abusers. Additional error checks for freeing a free buffer, alignment, and buffer overwrite will also be enabled. It provides the trace facility which contains the allocated address, size of the address, type of the address and the calling function name with the stack trace. The frequency of recording the allocation events has been kept under acceptable performannce level. Tells the Internet Protocol that strictly source-routed packets may be addressed to hosts outside the local network. A value of 0 disallows addressing to outside hosts. A value of 1 allows packets to be addressed to outside hosts. Loosely source routed packets are not affected by this attribute. Specifies the maximum number (should be at least 8) of modules that you can push onto a single Stream. Read-only in AIX 5.2 and later. This attribute can be set at boot time in the /etc/pse_tune.conf file. Specifies whether Passive Dead Gateway Detection is enabled. A value of 0 turns it off, and a value of 1 enables it for all gateways in use. This option is now unused because UDP applications are now required to always set IP_DONTFRAG socket option to be able to detect decreases in Path MTU. A value of zero allows no aging. The default value is 10 minutes. The pmtu_default_age value can be overridden by UDP applications. pmtu_default_age is a runtime attribute. On AIX 5.3, this option is unused as UDP applications will have to set the IP_DONTFRAG socket option to detect decreases in the Path MTU. Specifies the default amount of time (in minutes) before the path MTU value for UDP and TCP paths are checked for a higher value. A value of 0 allows no path MTU rediscovery. Specifies the maximum number of bufcalls to allocate by Streams. The Stream subsystem allocates certain number of bufcall structures at initialization, so that when the allocb call fails, the user can register their requests for the bufcall. You are not allowed to lower this value until the system reboots, at which time it returns to its default value. Controls the number of stream buffers. N/A. Specifies the maximum size of the interrupt stack allowed by Streams while running in the offlevel. Sometimes, when a process running other than INTBASE level enters into a Stream, it encounters a stack overflow problem because the interrupt stack size is too small. Setting this attribute properly reduces the chances of stack overflow problems. Specifies the maximum number of timers to allocate by Streams. The Stream subsystem allocates certain a number of timer structures at initialization, so that the streams driver or module can register their timeout calls. You are not allowed to lower this value until the system reboots, at which time it returns to its default value. Count the millisecs after a shaping timer kicked off to check if any data being shaped has been sent or not. N/A.. Performs address validation as specified by RFC1122, Requirements for Internet Hosts-Communication Layers. A value of 0 does not perform address validation. A value of 1 performs address validation. Enables TCP enhancements as specified by RFC 1323, TCP Extensions for High Performance. A value of 0 disables the RFC enhancements on a system-wide scale. A value of 1 specifies that all TCP connections will attempt to negotiate the RFC enhancements. The SOCKETS application can override the default behavior on individual TCP connections, using the setsockopt subroutine. The rfc1323 network option can also be set on a per interface basis via the ifconfig command. Enables the increasing of TCP's initial window as described in RFC 2414. When it is on, the initial window will depend on the setting of the tunable tcp_init_window. Specifies whether the route expires. A value of 0 allows no route expiration. Negative values are not allowed for this option. Specifies that each connection's cached route should be revalidated each time a new route is added to the routing table. This will ensure that applications that keep the same connection open for long periods of time (for example NFS) will use the correct route after routing table changes occur. A value of 0 does not revalidate the cached routes. Turning this option on may cause some performance degradation. Specifies the TCP Retransmit Time out high value used in calculating factors and the maximum retransmits allowable used in TCP data segment retransmits. rto_high is the high factor. Specifies the TCP Retransmit Time Out length value used in calculating factors and the maximum retransmits allowable used in TCP data segment retransmits. rto_length is the total number of time segments. Specifies the TCP Retransmit Time out limit value used in calculating factors and the maximum retransmits allowable used in TCP data segment retransmits. rto_limit is the number of time segments from rto_low to rto_high. Specifies the TCP Retransmit Time Out low value used in calculating factors and the maximum retransmits allowable used in TCP data segment retransmits. rto_low is the low factor. Enables TCP Selective Acknowledgment as described in RFC 2018. A value of 1 will make all TCP connections negotiate sack. Default is zero which disables the negotiation. sack feature needs support from the peer TCP. The negotiation phase during connection initiation determines that. When receiving out of order segments, Selective Acknowledgments from the receiver will inform the sender of data that has been received so that the sender can retransmit only the missing segments resulting in less unnecessarily retransmitted segments. Sack is useful for recovering fast from multiple packet drops in a window of data. Specifies the maximum buffer size allowed for a TCP and UDP socket. Limits setsockopt, udp_sendspace, udp_recvspace, tcp_sendspace, and tcp_recvspace. Increase size, preferably to multiple of 4096. Should be approximately two to four times the largest socket buffer limit. Specifies the cache validation duration for all the file objects that system call send_file accessed in the Network Buffer Cache. This attribute is in number of seconds. A value of 0 means that the cache will be validated for every access. Specifies the maximum interface number for site local routing. N/A. Specifies the maximum amount of network memory that can be allocated for sockets. Used to prevent new sockets or TCP connections from exhausting all MBUF memory and reserve the remaining memory for the existing sockets or TCP connections. When the total amount of memory allocated by the net_malloc subroutine reaches this threshold, the socket and socketpair system calls fail with an error of ENOBUFS. Incoming connection requests are silently discarded. Existing sockets can continue to use additional memory. The sockthresh attribute represents a percentage of the thewall attribute. Specifies whether the newly created sockets will have SO_DEBUG flag on. N/A. Specifies the maximum listen backlog. Increase this parameter on busy Web servers to handle peak connection rates. Specifies the maximum number of bytes of information that a single system call can pass to a Stream to place into the control part of a message (in an M_PROTO or M_PCPROTO block). A putmsg call with a control part exceeding this size will fail with ERANGE. Specifies the maximum number of bytes of information that a single system call can pass to a Stream to place into the data part of a message (in M_DATA blocks). Any write call exceeding this size is broken into multiple messages. A putmsg call with a data part exceeding this size will fail with ERANGE. Specifies the maximum number of bytes Streams are normally allowed to allocate. When the threshold is passed, does not allow users without the appropriate privilege to open Streams, push modules, or write to Streams devices, and returns ENOSR. The threshold applies only to output side and does not affect data coming into the system (e.g. console continues to work properly). A value of zero means that there is no threshold. The strthresh attribute represents a percentage of the thewall attribute. The thewall attribute indicates the maximum number of bytes that can be allocated by Streams and Sockets using the net_malloc call. Specifies the maximum number of requests handled by the current running thread for Module or Elsewhere level Streams synchronization. The Module level synchronization works in such a way that only one thread can run in the module at any time and all other threads which try to acquire the same module will enqueue their requests and leave. After the current running thread completes its work, it dequeues all the previously enqueued requests one by one and invokes them. If there are a large number of requests enqueued in the list, then the current running thread has to serve everyone and will always be busy serving others and starves itself. To avoid this the current running thread serves only the strturncnt number of threads, after that a separate kernel thread wakes up and invokes all the pending requests. Specifies whether all subnets that match the subnet mask are to be considered local for purposes of establishing, for example, the TCP maximum segment size. This parameter is used by the in_localaddress subroutine. The default value of 1 specifies that addresses that match the local network mask are local. If the value is 0, only addresses matching the local subnetwork are local. This is a configuration decision with performance consequences. If the subnets do not all have the same MTU, fragmentation at bridges may degrade performance. If the subnets do have the same MTU, and subnetsarelocal is 0, TCP sessions may use an unnecessarily small MSS. Specifies the number of TCP packets to a port with no socket that can be received in a 500 millisecond period before TCP stops sending resets in response to such packets. When it is set to a value of 0, resets will always be sent when TCP packets are received for a bad port number. Enables TCP level support for Explicit Congestion Notification as described in RFC 2481. Default is off (0). Turning it on (1) will make all connections negotiate ECN capability with the peer. For this feature to work you need support from the peer TCP and also IP level ECN support from the routers in the path. Specifies the largest port number to allocate for TCP ephemeral ports. The number of ephemeral sockets is determined by tcp_ephemeral_high minus tcp_ephemeral_low. For maximum number of ephemeral sockets, set tcp_ephemeral_high to 65535 and tcp_ephemeral_low to 1024. Specifies the smallest port number to allocate for TCP ephemeral ports. The number of ephemeral sockets is determined by tcp_ephemeral_high minus tcp_ephemeral_low. For maximum number of ephemeral sockets, set tcp_ephemeral_high to 65535 and tcp_ephemeral_low to 1024. This value is used only when rfc2414 is turned on (ignored otherwise). If rfc2414 is on and this value is zero, then the initial window computation is done according to rfc2414. If this value is non-zero, the initial(congestion) window is initialized a number of maximum sized segments equal to tcp_init_window. Changing tcp_init_window allows you to tune the TCP slow start to control the number of TCP segments (packets) outstanding before an ACK is received. For example, setting this value to 6 would allow 6 packets to be sent initially, instead of the normal 2 or 3 packets, thus speeding up the initial packet rate. tcp_keepcnt represents the number of keepalive probes that could be sent before terminating the connection. N/A. Specifies the length of time to keep the connection active, measured in half seconds. N/A. Sets the initial timeout value for a tcp connection, measured in half seconds. N/A. Specifies the interval, measured in half seconds, between packets sent to validate the connection. For example, 150 half seconds results in 75 seconds between validation probes. This will allow TCP to know that a connection is still valid and keep the connection open when it is otherwise idle. This is a configuration decision with minimal performance consequences. No change is recommended. If the interval were shortened significantly, processing and bandwidth costs might become significant. Enables the feature that enhances TCP's loss recovery as described in the RFC 3042. A value of 1 enables this option and zero (0) disables the option. Specifies the number of back-to-back packets that TCP can send before pausing to allow those packets to be forwarded to their destination. This can be useful if routers are unable to handle large bursts of TCP packets and are dropping some of them. A value of 0 means no limitation for back-to-back packets before pausing. Default maximum segment size used in communicating with remote networks. tcp_mssdflt is only used if path MTU discovery is not enabled or path MTU discovery fails to discovery a path MTU. The tcp_mssdflt network option can also be set on a per interface basis (see the documentation for ISNO options). Limiting data to (MTU - 40) bytes ensures that, where possible, only full packets will be sent. This is the Nagle Algorithm threshold in bytes which can be used to disable Nagle. The default is Nagle turned on. To disable Nagle, set this value to 0 or 1. TCP disables Nagle for data segments larger than or equal to this threshold value. Specifies the number of tcp_debug structures. N/A. Enables the modification to TCP's Fast Recovery algorithm as described in RFC 2582. This fixes the limitation of TCP's Fast Retransmit algorithm to recover fast from dropped packets when multiple packets in a window are dropped. sack also achieves the same thing but sack needs support from both ends of the TCP connection; the NewReno modification is only on the sender side. Turning this parameter on causes TCP to send immediate acknowledgement (Ack) packets to the sender. When tcp_nodelayack is off, TCP delays sending Ack packets by up to 200ms. This allows the Ack to be piggy-backed onto a response and minimizes system overhead. This option can be used to overcome bugs in other implementations of the TCP nagle algorithm. Setting this option to 1 will cause slightly more system overhead, but can result in much higher performance for network transfers if the sender is waiting on the receiver's acknowledement. Enables or disables path MTU discovery for TCP applications. A value of 0 disables path MTU discovery for TCP applications, while a value of 1 enables it. Specifies the system default socket buffer size for receiving data. This affects the window size used by TCP. The optimum buffer size is the product of the media bandwidth and the average round-trip time of a packet. The tcp_recvspace network option can also be set on a per interface basis (reference documentation on Interface Specific Network Options (ISNO) ). Most interfaces now have this tunable set in the ISNO defaults. The tcp_recvspace attribute must specify a socket buffer size less than or equal to the setting of the sb_max attribute. Specifies the system default socket buffer size for sending data. The optimum buffer size is the product of the media bandwidth and the average round-trip time of a packet: 'optimum_window=bandwidth * average_round_trip_time'. The tcp_sendspace network option can also be set on a per interface basis (reference documentation on Interface Specific Network Options (ISNO) ). Most interfaces now have this tunable set in the ISNO defaults. The tcp_sendspace attribute must specify a socket buffer size less than or equal to the setting of the sb_max attribute. The tcp_timewait option is used to configure how long connections are kept in the timewait state. It is given in 15 second intervals. Increasing this value will degrade performance of Web servers or applications that open and close a lot of TCP connections. Specifies the time to live for TCP packets, expressed in ticks. A tick is 0.6 seconds (there are 100 ticks per minutes) Specifies the maximum amount of memory, in kilobytes, that is allocated to the memory pool. Not settable anymore. Specifies the number of UDP packets to a port with no socket that can be received in a 500 millisecond period before UDP stops sending ICMP errors in response to such packets. If set to 0, ICMP errors will always be sent when UDP packets are received for a bad port number. If greater than 0, it specifies the number of packets to be received before UDP stops sending ICMP errors. Specifies the largest port number to allocate for UDP ephemeral ports. N/A. Specifies the smallest port number to allocate for UDP ephemeral ports. N/A. Enables or disables path MTU discovery for UDP applications. UDP applications must be specifically written to utilize path MTU discovery. A value of 0 disables the feature, while a value of 1 enables it. Specifies the system default socket buffer size (in bytes) for sending UDP data. The udp_sendspace attribute must specify a socket buffer size less than or equal to the setting of the sb_max attribute. udp_sendspace must be at least as large as the largest datagram size that the application will send. Increase size, preferably to multiple of 4096. Specifies the time to live (in seconds) for UDP packets. N/A. Allows UDP checksum to be turned on/off. A value of 0 turns it off; while a value of 1 turns it on. Enables the use of Interface Specific Network Options. If the ISNO TCP tunable parameters per interface (tunable through SMIT or the chdev command) have been set, they will override the global network option values if use_isno is set to 1. Application can still override all of these with the setsockopt() subroutine. Specifies the size of the inpcb hash table for TCP connections. This table holds the inpcbs required for connection management and is implemented as a table of hash chains. A larger table means that the linked hash chains will be smaller and lower traversal time on the average but the memory footprint will be larger. This value should be a prime number. This option impacts performance and should be used with extreme caution. Please consult a performance analyst in case it is felt that the value needs to be changed. The execution environment could have an influence on the value. It is strongly encouraged to maintain the system defined defaults as they tend to execute optimally in most environments. Specifies the size of the inpcb hash table for UDP connections. This table holds the inpcbs required for connection management and is implemented as a table of hash chains. A larger table means that the linked hash chains will be smaller and lower traversal time on the average but the memory footprint will be larger. This value should be a prime number. This option impacts performance and should be used with extreme caution. Please consult a performance analyst in case it is felt that the value needs to be changed. The execution environment could have an influence on the value. It is strongly encouraged to maintain the system defined defaults as they tend to execute optimally in most environments. Specifies the length of time to wait in the FIN_WAIT2 state before closing the connection, measured in half seconds. N/A. Specifies the system default socket buffer size for receiving UDP data. Change when nonzero n in netstat -s report of udp: n socket buffer overflows. The udp_recvspace parameter must specify a socket buffer size less than or equal to the setting of the sb_max parameter. Increase size, preferably to multiple of 4096. Specifies the size of the hash table used for hashing cache objects in the Network Buffer Cache. This hash table size applies to only opened file entries i.e. entries that cache files from the filesystem. Since this attribute resizes the hash table size and affects the hashing of all existing entries, this attribute can only be modified when the Network Buffer Cache is empty. Specifies the list of interface names for ns_alloc and ns_free events to be captured, when the trace of ns_alloc/ns_free events is enabled by setting the ndd_event_tracing option. N/A. Specifies the size of the ns_alloc/ns_free trace buffer. If the value of this option is non-zero all ns_alloc/ns_free events will be traced in a kernel buffer. A value of zero disables this event tracing. Values of ndd_event_tracing larger than 1024 will allocate as many items in the kernel buffer for tracing. Specifies a list of buffer sizes for net_malloc/net_free events to be captured. This strings represents a list of sizes. If this attribute is not all, only net_malloc/net_free events of those sizes will be captured. A value of all means that the events of any size are captured. Specifies a list of buffer types for net_malloc/net_free events to be captured. This string represents a list of types. If the string is not empty and different from all, only net_malloc/net_free events of that type will be captured. Specifies whether to utilize a separate queue per CPU in order to improve loopback performance. N/A. Specifies the policy to be used for Multipath Routing. Available routing policies are: Weighted Round-Robin (1) - Based on user-configured weights assigned to the multiple routes (through the route command) round-robin is applied. If no weights are configured then it behaves identical to plain round-robin. Random (2) - Chooses a route at random. Weighted Random (3) - Chooses a route based on user-configured weights and a randomization routine. The policy adds up the weights of all the routes and pick a random number between 0 and total weight. Each of the individual weights are removed from the total weight, until this number is zero. This picks a route in the range of the total number of routes available. Lowest Utilization (4) - Chooses a route with the minimum number of current connections going through it. Hash-based (5) - Hash-based algorithm chooses a route by hashing based on the destination IP address. Enables caching of mbuf clusters to improve performance. If this value is disabled, then to allocate a mbuf cluster, AIX has to allocate a cluster buffer and also an mbuf buffer to point to it, thus requiring two buffer allocation operations. Likewise, to free the cluster, two buffer free operations are required. With this option enabled, AIX will maintain a cache of clusters for each cluster size that is being used. This improves performance by reducing overhead to allocate and free mbuf clusters. The default value of 1 enables this option on a system-wide scale. The mbuf cluster cache can be displayed using the netstat -M command. Specifies the default amount of time (in minutes) before which the path MTU entries with reference count of zero are deleted. A value of 0 suggests that the pmtu entries will not expire. Specifies whether or not connection reset attacks and data corruption attacks on TCP are avoided. This option is used to protect TCP connections from one or more of the following three vulnerabilities. The first vulnerability involves the sending of a fake SYN to an established connection to abort the connection. A tcp_tcpsecure value of 1 provides protection from this vulnerability. The second vulnerability involves the sending of a fake RST to an established connection to abort the connection. A tcp_tcpsecure value of 2 provides protection from this vulnerability. The third vulnerability involves injecting fake data in an established TCP connection. A tcp_tcpsecure value of 4 provides protection from this vulnerability. Values for tcp_tcpsecure can range from a minimum of 0 (this is the default value and provides no protection from these vulnerabilities) to a maximum value of 7. Values of 3, 5, 6, or 7 will protect the connection from combinations of these three vulnerabilities. Specifies the maximum number of fragments of a IP packet that can be kept on IP reassembly queue at a time. N/A. Specifies whether SODEBUG process environment variable will be checked for the newly created sockets; if this is the case, these sockets will have SO_DEBUG flag on. N/A. Specifies whether or not ICMP (Internet Control Message Protocol) attacks on TCP are avoided. This option should be turned on to protect TCP connections against ICMP attacks. The ICMP attacks may be of the form of ICMP source quench attacks and PMTUD (Path MTU Discovery) attacks. If this network option is turned on, the system does not react to ICMP source quench messages. This will protect against ICMP source quench attacks. Also, if this network option is enabled, the payload of the ICMP message is tested to determine if the sequence number of the TCP header portion of the payload is within the range of acceptable sequence numbers. This will mitigate PMTUD attacks to a large extent. Specifies that when an interface address is deleted, all the existing TCP connections that were bound locally to the interface address deleted must be notified with error ENETDOWN. Existing FTP/Telnet connections are disconnected when the ENETDOWN error is returned. Specifies the number of consecutive duplicate acknowledgements which will cause TCP to goto fast retransmit phase. Increase this parameter if TCP performance is low due to an increased number of duplicate acknowledgements but the network is not congested. Be aware that setting a high value for this option can cause TCP to time out and retransmit. Specifies the slot interval of the timer wheel, in ticks, where a tick=1000/HZ=10ms. This attribute is used in conjunction with tcp_low_rto attribute to reduce the TCP timeout values to smaller units. This option(timer_wheel_tick) must be set to non-zero value before setting the tcp_low_rto option. An AIX clock tick is 10 ms (one 100th of a second), 1 TCP tick = timer_wheel_tick*10ms. For example, if timer_wheel_tick=5, then a TCP tick will be equal to 50 ms. Specifies the TCP retransmit timeout (RTO), in ticks, for connections experiencing packet drops. A tick is 0.6 seconds (one 100th of a second). The option timer_wheel_tick must be set to non-zero value before setting tcp_low_rto option. Also, tcp_low_rto must be equal to or a multiple of ten times the timer_wheel_tick value. This tunable allows TCP to use smaller timeout values for packet timeout and retransmit on high speed networks. Normal TCP retransmit timeout is 1.5 seconds. Setting the option tcp_nagle_limit turns off the nagle algorithm system wide and setting tcp_nodelay option for a socket turns off the nagle algorithm for that specific connection whereas setting tcp_ nagleoverride disables the nagle algorithm only for certain situations during the connection. The value of 1 disables nagle algorithm only for certain TCP packets in a connection. The option is valid for Trusted AIX environment only. If the option is disabled in this environment, the MAC checks are bypassed at the IP layer. N/A. Specifies whether to allow promotion of a fragment to page size. This option allows promotion of fragment sizes specified in net_malloc_frag_mask to page size. Setting this option to 0, disables the page promotion irrespective of the sizes set in net_malloc_frag_mask. Specifies the time, in half seconds, to hold down a NDP entry. Starting from AIX 52B, this tunable becomes obsolete. Enables TCP traffic regulation defined by policies created using the tcptr command. A value of 0 means disabled. Any non-zero value means traffic regulation is enabled. A value of 0 disables this option. This option should be turned on for servers that need to protect against network attacks. Specifies whether the network memory affinity is enabled or disabled. N/A. net_malloc_police is a built in functionality inside network memory allocator to help debug problems caused by network memory abusers. Additional error checks for freeing a free buffer, alignment, and buffer overwrite will also be enabled. It provides the trace facility which contains the allocated address, size of the address, type of the address and the calling function name with the stack trace. The frequency of recording the allocation events has been kept under acceptable performannce level. The actual value set by the kernel might be restricted to lower than the supplied value, based on the number of cpus and the physical memory available in the system. Specifies whether to enable or disable IGMPv2 type of multicast packet delivery. By default, if the routers on the subnet operate in IGMPv3 mode, the host also operates in IGMPv3 mode and source filtering is performed on the incoming multicast packets. If the administrator chooses to enable IGMPv2 mode of multicast packet delivery on the host (no source filtering), they can enable this option. This will only impact the delivery of the multicast packets. This option allows the Dead Gateway Detection (DGD) service to flush cached route of existing connection when it detects a dead gateway has come back up. The default value of 0 disables it. A value of 1 enables it. Specifies whether TCP fastpath loopback is enabled (1) or disabled (0). This option allows the TCP loopback traffic to shortcut the entire TCP/IP stack (protocol and interface) in order to achieve better performance. Specifies whether TCP fastpath loopback between WPARs of a system is allowed (1) or forbidden (0). This option is valid only if TCP fastpath loopback is enabled (with tcp_fastlo option). Specifies the type of Lock to be used for RTENTRY Lock macros. If value is set to 1, Disabled Read/Write Complex Lock would be used else Simple Lock would be used for RTENTRY Lock macros. This option allows TCP/IP applications with specific socket options to adjust the network congestion window. This should be used in a specific WAN environment only. The default value of 0 disables it. A value of 1 enables it. enables the HighSpeed TCP as specified in FC 3649. This modifies the congestion control mechanism for use with TCP connections with large congestion windows to improve the average throughput. A value of 1 enables the HighSpeed TCP enhancements on a system-wide scale. A value of 0 disables it. Default is 0. enables the Limited SlowStart as specified in RFC 3742. This limits the number of segments by which the congestion window is increased for one window during slow-start. This enhancement improves the performance for TCP connections with large congestion windows. A value from 1 to 100 enables the Limited SlowStart enhancements on a system-wide scale and set it as value of the maximum slow-start threshold. A value of 0 disables it. Default is 0. This option allows to enable/disable TCP timestamp randomisation security feature.This feature adds a random number to global system clock based on method mentioned in RFC 1948 , to prevent security exploits based on guessing packet timestamp. The default value of 0 disables it. A value of 1 enables it. This option allows to enable/disable TCP port randomisation security feature.This feature returns a random ephemeral port based on method mentioned in RFC 1948 , to prevent security exploits based on guessing ephemeral port. The default value of 0 disables it. A value of 1 enables it. Restricted tunable. Use if asked by support. N/A. Specifies the number of dog threads that are used during hashing. This option is valid only if dog threads are enabled for an interface. A value of 0 sets it to default ie dog threads equal to the number of CPUs. Max value is 1024. The minimum of tunable value and the number of cpus is taken as the number of dog threads during hashing. Specifies the initial high water mark value for 128K bytes bucket per cpu. If init_high_wat is set, it will pin more initial memory for internal 128K bytes bucket than default behavior. The init_high_wat attribute represents a percentage of the thewall per cpu. For example, if init_high_wat is set to 2, thewall is 8 gigabytes, and it has 4 logic cpus, the number of 128 kilobytes in size per cpu is: ((8 * 1024 * 1024 * 1024) / 4) / (128 * 1024) = 16384. 2% of 16386 is 327. So the initial high water value for 128 kilobytes in size per cpu is 327. WARNING: This is an extremely sensitive option and can have adverse impact on your system performance if set unresaonably high. Please use extreme caution in modifying this option. Used to specify at which level kernel logging messages should be output to the console. Specify a number from 0-7 to determine the level at which kernel log messages will appear on the console. The number values correspond to the following levels: LOG_EMERG 0, LOG_ALERT 1, LOG_CRIT 2, LOG_ERR 3, LOG_WARNING 4, LOG_NOTICE 5, LOG_INFO 6, LOG_DEBUG 7. Specifies the RTO, in ticks, for connections experiencing packet drops. The value ranges between 0 and 3000 milliseconds. The default value is 0. tcp_low_rto is a runtime attribute. Note: The option timer_wheel_tick must be set to non-zero value before setting tcp_low_rto option. Also, tcp_low_rto must be zero or a multiple of ten times the timer_wheel_tick value. A tick is 0.01 seconds (one 100th of a second). The option timer_wheel_tick must be set to non-zero value before setting tcp_low_rto option. Also, tcp_low_rto must be zero or a multiple of ten times the timer_wheel_tick value. This tunable allows TCP to use smaller timeout values for packet timeout and retransmit on high speed networks. Normal TCP retransmit timeout is 1.5 seconds. The tcp_low_rto value will be set as initial retransmit timeout value. An AIX clock tick is 10 ms (one 100th of a second), 1 TCP tick = timer_wheel_tick*10ms. A check will be made every TCP tick to determine if the number of milliseconds expired has reached the retransmit timeout value. For example, if timer_wheel_tick=5, then a TCP tick is equal to 50ms. If tcp_low_rto is set to 100 in this case, the system can potentially perform retransmissions (if necessary) after 2 TCP ticks. This option allows to enable/disable TCP timestamp randomisation security feature.This feature adds a random number to global system clock based on method mentioned in RFC 1948 , to prevent security exploits based on guessing packet timestamp. The default value of 0 disables it. A value of 1 enables it. This option allows to enable/disable TCP port randomisation security feature.This feature returns a random ephemeral port based on method mentioned in RFC 1948 , to prevent security exploits based on guessing ephemeral port. The default value of 0 disables it. A value of 1 enables it. Specifies the number of dog threads that are used during hashing. This option is valid only if dog threads are enabled for an interface. A value of 0 sets it to default ie dog threads equal to the number of CPUs. Max value is 1024. The minimum of tunable value and the number of cpus is taken as the number of dog threads during hashing. This option enables or disables the UDP performance improvement feature. This feature removes the unnecessary overhead of mbuf allocation and copy when the application requests the IP address on which the datagram is received. The default value of 0 disables it. A value of 1 enables it. Restricted tunable. Use if asked by support. N/A. Specifies the number of dog threads that are used during hashing. This option is valid only if dog threads are enabled for an interface. When dog threads are enabled, IP packets are delegated to individual threads for handling, based on a hash algorithm. If the value of this tunable is set to 0, all the dog threads which are created at boot time will be used for hashing. If it is set to a value greater than 0, number of threads equal to this value are considered for hashing. The number of dog threads created is equal to the number of CPUs, with a cap value which is calculated based on stack sizes of kprocs and dogthreads. Enables OSTD when memory usage is >70% of the threshold. If this option is set to 0, when netm_errlevel is set at 3 and memory usage is >70% of the threshold, it won't do OSTD.In this case it will do OSTD only when netm_errlevel is set to 5 or higher and memory usage is >70% of the threshold. Enables coalescing when number of entries on the bucket is larger than the high water mark value. If this option is set to 0, coalescing will not be done when number of entries on the bucket is larger than the high water mark value. The option enables or disables the UDP send performance improvement feature. This feature caches connection information and recently transmitted mbufs for reuse. The default value of 0 disables it. A value of 1 enables it. This option specifies the number of queues and threads for UDP to use on transmit. IPv4 packets will be queued to these queues, improving performance. The default value of 0 specifies no queueing and no queues. Other values specify the number of queues to create for UDP/IPv4 output. Specifies whether the system responds to an ICMP timestamp request. If the value 0 is set, the network silently ignores any ICMP timestamp request that it receives. icmptimestamp is a Dynamic boolean attribute. Specifies the TCP retransmit timeout (RTO), in half-seconds, for a connection experiencing packet drops before the connection is established. = "The tcp_syn_rto value will be set as the initial retransmit timeout value for retransmits that occur before the connection is established. ";Restricted tunable. Use if asked by support. N/A. Specifies the maximum number of TCP segments allowed to be processed in the reassembly queue. A value of 0 means unlimited queue length. Specifies that when an interface address is deleted, all the existing TCP connections that were bound locally to the interface address deleted must not do any further retransmission. Existing shh connections should not do any further retransmission. Specifies whether SO_REUSEPORT load balancing is enabled (1) or disabled (0). This option allows the SO_REUSEPORT socket option to utilize load balancing techniques.