ansible/roles/base/tasks/06net.yml

   1 ---
   2 - name: Load the tcp_bbr kernel module
   3   modprobe:
   4     name: tcp_bbr
   5
   6 - name: Persist the tcp_bbr module to configuration
   7   copy:
   8     dest: /etc/modules-load.d/local-network.conf
   9     content: tcp_bbr
  10
  11 - name: Set network-related sysctl options
  12   sysctl:
  13     sysctl_file: /etc/sysctl.d/local-network.conf
  14     sysctl_set: yes
  15     name: "{{ item.key }}"
  16     value: "{{ item.value }}"
  17
  18   with_dict:
  19     # CoDel (controlled delay) with Fair Queuing as the default queue scheduler
  20     #  mitigates bufferbloat and helps share bandwidth equitably across flows.
  21     net.core.default_qdisc: fq_codel
  22
  23     # BBR is currently the best TCP congestion control algorithm.
  24     # C.f. https://queue.acm.org/detail.cfm?id=3022184
  25     net.ipv4.tcp_congestion_control: bbr
  26
  27     # Disable Selective Acknowledgement (SACK)
  28     # Workaround CVE-2019-11477, CVE-2019-11478, CVE-2019-11479
  29     # See https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
  30     net.ipv4.tcp_sack: 0
  31
  32   loop_control:
  33     label: "{{ item.key }}"