What is TCP keep alive?
A TCP keep-alive packet is simply an ACK with the sequence number set to one less than the current sequence number for the connection. A host receiving one of these ACKs responds with an ACK for the current sequence number. Keep-alives can be used to verify that the computer at the remote end of a connection is still available. The keepalive packet contains null data. In an Ethernet network, a keepalive frame length is 60 bytes, while the server response to this, also a null data frame, is 54 bytes. There are three parameters related to keepalive:
· Keepalive time is the duration between two keepalive transmissions in idle condition. TCP keepalive period is required to be configurable and by default is set to no less than 2 hours.
· Keepalive interval is the duration between two successive keepalive retransmissions, if acknowledgement to the previous keepalive transmission is not received.
· Keepalive retry is the number of retransmissions to be carried out before declaring that remote end is not available
TCP keep-alives can be sent once every KeepAliveTime (defaults to 7,200,000 milliseconds or two hours) if no other data or higher-level keep-alives have been carried over the TCP connection. If there is no response to a keep-alive, it is repeated once every KeepAliveInterval seconds.
How to config TCP keep alive from OS level?
For Windows, TCP keep alive configured from Key: Tcpip\Parameters
· KeepAliveInterval, Value Type: REG_DWORD (ms), Default: 1000 (1s)Description: This parameter determines the interval between TCP keep-alive retransmissions until a response is received. Once a response is received, the delay until the next keep-alive transmission is again controlled by the value of KeepAliveTime. The connection is aborted after the number of retransmissions specified by TcpMaxDataRetransmissions have gone unanswered. Note that TCPIP driver waits for a TCP Keepalive ACK for the duration of time specified in this registry entry.
· KeepAliveTime, Value Type: REG_DWORD(ms), Default: 7,200,000 (two hours)Description: The parameter controls how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet. If the remote system is still reachable and functioning, it acknowledges the keep-alive transmission. Keep-alive packets are not sent by default. This feature may be enabled on a connection by an application. Note that In order for a TCP session to stay idle, there should be no data sent or received.
· TcpMaxDataRetransmissions (Windows XP/2003 only. Windows Vista/2008, the number of TCP Keepalive attempts are hardcoded to 10 and could not be adjusted via the registry.), Value Type: REG_DWORD, Default: 5Description: This parameter controls the number of times that TCP retransmits an individual data segment (not connection request segments) before aborting the connection. The retransmission time-out is doubled with each successive retransmission on a connection. It is reset when responses resume. The Retransmission Timeout (RTO) value is dynamically adjusted, using the historical measured round-trip time (Smoothed Round Trip Time) on each connection. The starting RTO on a new connection is controlled by the TcpInitialRtt registry value.
For Linux, keep alive setting configured with
# echo 7200 > /proc/sys/net/ipv4/tcp_keepalive_time
# echo 75 > /proc/sys/net/ipv4/tcp_keepalive_intvl
# echo 9 > /proc/sys/net/ipv4/tcp_keepalive_probes
What should application do?
Even if TCP KeepaliveTime and TCPKeepAliveInterval registry keys are set to a specific value (TCPIP driver uses the deafult values even if we don’t set these registry keys from the registry), TCPIP driver won’t start sending TCP Keepalives until Keepalives are enabled via various methods at upper layers (layers above TCPIP driver).
Native Socket applications can enable TCP keepalives by using anyone of the following methods:
– setsockopt() with SO_KEEPALIVE option
– WSAIoctl() with SIO_KEEPALIVE_VALS option (it’s also possible to change Keepalive timers with this API call dynamically on a per-socket basis)
How to confirm keepalive is actually working?
For connections successfully set up with keep alive, we will see the keep alive timer available for each connection.
Linux: ss/lsof/netstat
ss command is included in iproute2 package and is the substitute of the command netstat. ss is used to dump socket statistics. It allows showing information similar to netstat. It can display more TCP and state informations than other tools. It is a new, incredibly useful and faster (as compare to netstat) tool for tracking TCP connections and sockets.
http://www.cyberciti.biz/tips/linux-investigate-sockets-network-connections.html
Dial “o” for obscure: “netstat -o”
The “-o” command-line option causes the TCP timers to be displayed next to the connection. If you’re not into TCP/IP, the extra information will not make sense. For those who are, you’ll be able to see your TCP timers in real-time, and follow the progress of things like the KeepAlive timer, for instance. For a real treat, use “watch netstat -to”, sit down and watch the blinkenlights.
Useful reference to build this re-org knowledge:
- http://tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/
- http://blogs.technet.com/b/nettracer/archive/2010/06/03/things-that-you-may-want-to-know-about-tcp-keepalives.aspx
- http://www.cyberciti.biz/tips/linux-investigate-sockets-network-connections.html
- http://www.pcvr.nl/tcpip/tcp_keep.htm
- http://www.gnugk.org/keepalive.html
- and always: Wikipedia
Lily 