Keyword(s):TCP keepalive abort

This document describes the operation of the TCP Keepalive feature available within Solaris[TM] and when it might be used.

Typically, idle TCP connections are maintained indefinitely once established, even if no communication occurs between host systems.

In some cases, keeping the connection open may inappropriately consume host and/or application resources, if for example:

• the remote host crashes or otherwise undergoes some type of non-orderly shutdown and/or reboots without notifying it's TCP peer.
• the remote host is unreachable; the network path between the two hosts is broken. Perhaps a firewall is silently timing out idle connections, for example.

TCP Keepalive is a feature provided by many TCP implementations, including Solaris as a way to "clean up" idle connections in these situations.

Applications must enable this feature with the SO_KEEPALIVE socket option via the setsockopt(3SOCKET) socket call. Once enabled, a "keepalive probe" packet is sent provided the connection has remained in the ESTABLISHED state and been idle for a specific period of time.

This timeframe is the "tcp_keepalive_interval":

A "keepalive probe" packet is handled just like any other TCP packet which requires an acknowledgment (TCP ACK) from the other side. It will be retransmitted per the standard retransmission backoff algorithm. If no response is received by the tcp_ip_abort_interval, the connection is terminated, as would be the case for any other "unACKed" packet.

The actual maximum idle time of a connection utilizing TCP keepalive which has no responding peer will therefore be:

      tcp_keepalive_interval + tcp_ip_abort_interval

The Solaris default tcp_ip_abort_interval is 8 minutes (480000 milliseconds).

In cases in which a remote host has rebooted and is therefore running with no knowledge of the prior connection, we can expect the remote host to immediately respond to the keepalive probe with a TCP Reset, which will cause the Solaris system to immediately terminate the connection.

TCP_keepalive probes have no effect on inactive connections as long as the remote host is still responding to probes. Care should be taken, however, to ensure the above parameters remain at a high enough value to avoid unnecessary traffic and other issues such as prematurely closing active connections in situations where a few packets have gone missing.

The ndd(1M) utility is used to change the above parameters. These changes are not preserved across reboots, and therefore placing the appropriate command in a startup script such as "/etc/rc2.d/S68nettune" (executed before network applications typically start) should be utilized to make any changes permanent.

The TCP_keepalive probes have no effect on inactive connections as long as the remote host is still responding to probes. Care should be taken, however to not set the above parameters too low, which can generate unnecessary traffic.

Below is an examples of ndd commands to query and reset the tcp_keepalive interval:

   Query current value: 
   # ndd -get /dev/tcp tcp_keepalive_interval
   7200000

   Change keepalive interval to one hour (3600000 milliseconds): 
   # ndd -set /dev/tcp tcp_keepalive_interval 3600000

The above parameters are global and will affect the entire system. In general, the defaults set by Solaris are optimal for most environments. Make changes only with careful consideration and in response to a particular situation.