If you are seeing "TCP: drop open request" for real load (not a DDoS), you need to increase tcp_max_syn_backlog (8192 worked much better than
1024 on heavy webserver load).

kernel.shmall = 2097152
kernel.shmmax = 2147483648
kernel.shmmni = 4096
# semaphores: semmsl, semmns, semopm, semmni
kernel.sem = 250 32000 100 128
fs.file-max = 65536
net.ipv4.ip_local_port_range = 1024 65000
net.core.rmem_default=16777216
net.core.rmem_max=16777216
net.core.wmem_default=16777216
net.core.wmem_max=16777216
net.ipv4.tcp_rmem=4096 87380 16777216
net.ipv4.tcp_wmem =4096 65536 16777216
net.ipv4.tcp_timestamps=0
net.ipv4.tcp_window_scaling=0
net.core.netdev_max_backlog=12288
net.ipv4.tcp_max_syn_backlog=8192
net.ipv4.tcp_fin_timeout=30
net.ipv4.tcp_no_metrics_save=1
net.ipv4.ip_default_ttl=80