• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 508
  • Last Modified:

tcp/ip keepalive

Can someone explain how tcp/ip keepalives work for an application and the os?
Do you know what the following values are
[test@testbox ipv4]$ cat tcp_retries1
[test@testbox ipv4]$ cat tcp_retries2
Are there any values worthwhile increasing to get around these tcp/ip timeouts?
What is the effect of increasing the default tcp_keepalive timeout from the default vallue of 7200?

  • 2
2 Solutions
Both of these are kernel parameters to set the following:
The tcp_retries1 variable tells the kernel how many times it should retry to get to a host beforereaching a decision that something is wrong and that it should report the suspected problem tothe network layer.

The tcp_retries2 value tells the kernel how many times to retry before killing an alive TCPconnection.

Normally you should not touch keepalive parameters (connections are in CLOSE_WAIT for 2 days, and you should fix the other end unless that is IE from the internet). Retries are not keepalives. Parameters you mention will help on lossy links, namely having 50% loss on the wire.
There is some practical use for intense keepalives. (sysctl -a | grep keep) for more info on what to write into /etc/sysctl.conf  - they can trick broken firewall which drops (ftp) connection into thinking it is alive, but sometimes it is not enough.. But normally you would first try to fix that broke firewall.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now