Most default Linux installations use SYN cookies to protect the system against malicious attacks (such as DDOS) that flood TCP SYN packets.

This feature is not compatible with stable and busy Tanzu GemFire clusters. SYN Cookies protection gets incorrectly activated by normal Tanzu GemFire traffic, severely limiting bandwidth and new connection rates, and destroying SLAs. Security implementations should instead seek to prevent DDOS types of attacks by placing Tanzu GemFire server clusters behind advanced firewall protection.

To deactivate SYN cookies permanently:

  1. Edit the /etc/sysctl.conf file to include the following line:

    net.ipv4.tcp_syncookies = 0
    

    Setting this value to zero deactivate SYN cookies.

  2. Reload sysctl.conf:

    sysctl -p
    
check-circle-line exclamation-circle-line close-line
Scroll to top icon