How to Configure Linux TCP keepalive Setting

TCP keepalive Setting

In line with the increase in internet users, the traffic and workload on the web server is also increased. Hence, the webmaster or system administrator needs to make sure that the web server is able to accommodate a sufficient number of TCP connections.

If your web server has begun to show an increase in the number of visitors, you may start planning to perform basic tcp tuning on the linux operating system.

On average, most people that visit the website or blog that comes from search engines only read a page just for 1-2 minutes. After they got the answer for what they really want, they simply leave the page and visit other sites. But the old opened connection still remains and unused for a long time.

For low and average number of website visitors, the default values for the keepalive parameter should be sufficient.

But for high concurrency web server or in a busy server, decrease timeouts on TCP sockets can help to clean up the tcp connections from clients that have been disconnected. This can be done by changing the default value of tcp_keepalive setting in sysctl.conf.

What is TCP Keepalive Setting?

TCP keepalive is a mechanism for TCP connections that help to determine whether the other end has stopped responding or not.

TCP will send the keepalive probe contains null data to the network peer several times after a period of idle time. If the peer does not respond, the socket will be closed automatically.

The application will then receive a notification about the socket closure, which it should handle in the correct manner.

Most of the operating systems and hosts that support TCP also support TCP Keepalive.

Basically, tuning some of the settings in sysctl.conf really help speeding things up under heavy usage.

Tunable TCP settings can be found on /proc/sys/net/ipv4

What are the default values of TCP KeepAlive setting ?

tcp_keepalive_time = 7200 (seconds)
tcp_keepalive_intvl = 75 (seconds)
tcp_keepalive_probes = 9 (number of probes)

TCP keepalive process waits for two hours (7200 secs) for socket activity before sending the first keepalive probe, and then resend it every 75 seconds. As long as there is TCP/IP socket communications going on and active, no keepalive packets are needed.

How to Configure Linux TCP keepalive Settings ?

Please note that the following tuning is for linux operating system only. This steps has been tested in CentOS 5/6/7, RHEL 5/6/7 and Oracle Linux 6/7.

Optionally you can do further tuning of the web applications level such as Apache or Nginx web server.

1. Edit your /etc/sysctl.conf

# vi /etc/sysctl.conf

2. Add the following setting :

net.ipv4.tcp_keepalive_time = 60
net.ipv4.tcp_keepalive_intvl = 10
net.ipv4.tcp_keepalive_probes = 6

Explanation for above parameter in section a), b) and c).

3. To load settings, enter the following command :

# sysctl -p

KeepAlive Parameter Details

a) Decrease the time default value for tcp_keepalive_time connection from 7200 seconds to 60 seconds. This determine the time of connection inactivity after which the first keep alive request is sent. Parameter below shows that the TCP will begin sending keepalive null packets after 1 minute.

net.ipv4.tcp_keepalive_time = 60

b) The following parameter (tcp_keepalive_intvl) determines the keepalive probe will resend every 10 seconds after first keep alive probe. This reduce from 75 seconds to 10 seconds gap or time interval between each of the keep alive probes.

net.ipv4.tcp_keepalive_intvl = 10

c) Next parameter (tcp_keepalive_probes) is expressed in the pure number. The following setting determine the number of probes before timing out. We recommend to reduce number of retransmitted from 9 to 6 before the connection is considered broken.

net.ipv4.tcp_keepalive_probes = 6

With this, your application will detect dead TCP connections after 120 seconds (60s + 10s + 10s + 10s + 10s + 10s + 10s).