Sunday, 21 October 2018

How to Configure TCP Keepalive option in Solaris By Devan

How to Configure TCP Keepalive option in Solaris

Typically, idle TCP connections are maintained indefinitely once established, even if no communication occurs between host systems. This is quite normal in TCP. In some cases, keeping the connection open may inappropriately consume host and/or application resources (normally TCP port ranges), if for example:
  • the remote host crashes or otherwise undergoes some type of non-orderly shutdown and/or reboots without notifying it’s TCP peer.
  • the remote host is unreachable; the network path between the two hosts is broken. (Perhaps a firewall is silently timing out idle connections, for example.)
TCP Keepalive is a feature provided by many TCP implementations, including Solaris, as a way to “clean up” idle connections in these situations. Applications must enable this feature with the SO_KEEPALIVE socket option via the setsockopt(3SOCKET) socket call. Solaris can’t be forced to enable keepalive for an application that does not set up the option. Once enabled, a “keepalive probe” packet is sent provided the connection has remained in the ESTABLISHED state and been idle for the specified time frame.
This time frame is the “tcp_keepalive_interval”:
Default value:    7200000 milliseconds  (2 Hours)
Minimum value:      10000 milliseconds  (10 Seconds)
Maximum value:  864000000 milliseconds  (10 Days)
A “keepalive probe” packet is handled just like any other TCP packet which requires an acknowledgment (TCP ACK) from the other side. It will be retransmitted per the standard retransmission backoff algorithm. If no response is received by the tcp_ip_abort_interval, the connection is terminated, as would be the case for any other “unACKed” packet.
The actual maximum idle time of a connection utilizing TCP keepalive which has no responding peer will therefore be:
tcp_keepalive_interval + tcp_ip_abort_interval
The Solaris default tcp_ip_abort_interval is 8 minutes (480000 milliseconds).
In cases in which a remote host has rebooted and is, therefore, running with no knowledge of the prior connection, we can expect the remote host to immediately respond to the keepalive probe with a TCP Reset, which will cause the Solaris system to immediately terminate the connection.
TCP_keepalive probes have no effect on inactive connections as long as the remote host is still responding to probes. Care should be taken, however, to ensure the above parameters remain at a high enough value to avoid unnecessary traffic and other issues such as prematurely closing active connections in situations where a few packets have gone missing.

Solaris 10 and below

The ndd utility is used to change the above parameters. These changes are not preserved across reboots, and therefore placing the appropriate command in a startup script such as “/etc/rc2.d/S68nettune” (executed before network applications typically start) should be done to make any changes permanent.
Below is an examples of ndd commands to query and reset the tcp_keepalive interval:
Query current value:
# ndd -get /dev/tcp tcp_keepalive_interval
7200000
Change keepalive interval to 15 minutes (900000 milliseconds):
# ndd -set /dev/tcp tcp_keepalive_interval 900000

Solaris 11.0 and above

On Solaris 11.0 the ipadm command now manages these setting. Please note that in this case Solaris 11.0 and above will preserve the changes across reboot. You can temporarily change the settings by adding the (-t) option to ipadm.
Query current value and see defaults:
# ipadm show-prop -p _keepalive_interval tcp
To save persistent configuration across reboot:
# ipadm set-prop -p _keepalive_interval=900000 tcp

keepalive_abort_interval

Solaris 11.0 also included an extra socket option which an application can set with setsockopt(3socket) called TCP_KEEPALIVE_ABORT_THRESHOLD which allows an application on a per socket bases to set its own keepalive abort interval. Note that the application must define this option in its source code if it wants to use this. With this there is also another tunable which allows a system admin to tune the keepalive abort interval. This tuning controls the keep alive abort interval only and does not affect the tcp_ip_abort_interval as with previous releases.
Query current value and see defaults:
# ipadm show-prop -p _keepalive_abort_interval tcp
To save persistent configuration across reboot:
# ipadm set-prop -p _keepalive_abort_interval=240000 tcp
Default value:             480000 milliseconds   (8 minutes)
Minimum value:                   0 milliseconds   (0 milliseconds)
Maximum value:  4294967295 milliseconds   (47 Days)
by at
Tags ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)