sysctl

Pre-Alpha. This page describes behavior that may change.

Ze includes a sysctl plugin that manages kernel parameters with named profiles. Profiles group co-dependent tunables so operators can apply a coherent set of sysctls per interface unit.

Built-in profiles

Profile	Use case
`dsr`	Direct Server Return: disable RP filter, enable ARP announce/ignore.
`router`	IP forwarding enabled, proxy ARP, standard RP filter.
`hardened`	Strict RP filter, SYN cookies, no IP forwarding.
`multihomed`	Multiple uplinks: loose RP filter, ARP filtering.
`proxy`	Proxy ARP enabled, forwarding enabled.

Configuration

sysctl {
    profile router;
}

Profiles can also be applied per interface unit:

interface {
    ethernet uplink {
        mac-address 00:1a:2b:3c:4d:5e;
        unit 0 {
            sysctl {
                profile router;
            }
        }
    }
}

Three-layer precedence

Global defaults from the built-in profile definitions.
Interface-level profiles override globals for that interface.
Explicit per-interface sysctl leaves (e.g., ipv4 { forwarding }) override profile values.

CLI commands

The ze sysctl command provides offline access to sysctl management:

ze sysctl show         # Show effective sysctl values
ze sysctl profiles     # List available profiles

sysctl

Built-in profiles

Configuration

Three-layer precedence

CLI commands

See also

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!