You can't please everyone, so you got to please yourself..(Ricky Nelson)
I don't imagine Ricky Nelson was thinking about tcp timeouts and
keepalives in the 70's, and probably isn't still, but the subject comes
up fairly often for me and never fails to be annoying.
Annoying? OK, maybe confusing is the better choice. This is one of
those areas where the cure can be worse than the disease and where
discussions by tcp programmers can get acrid and heated. The
biggest problem is that users often really don't know what they want, and
if they do know, it probably shouldn't have anything to do with the
tcp stack, but next thing you know somebody is changing kernel level
values, and probably not getting the results they expected.
Typically it starts on one side or the other of the basic question,
which is "when should a connection to another machine be dropped?".
The other side has gone away, lost its mind (or at least its network
connection) or maybe some router in between the two of you is misbehaving.
Whatever. Packets that should be flowing between you and X are not,
and you want something done about it now. It is absolutely critical
that you be aware of this connection problem immediately so that you
can take action to fix it. That's one way to look at it.
The other way to see it is that
you got disconnected from machine X because there was some stupid momentary
glitch and that's not what you want to happen: it's critical that
your process remain connected so that it doesn't have to restart
processing whatever data it was chewing on.
Ricky should sing the chorus now.
You can't please everyone, so you got to please yourself..
So what is poor tcp to do? Break the connection at the first
sign of trouble or hang in there waiting for it to come back? Most
TCP implementations have "keepalives": (from http://www.ietf.org/rfc/rfc1122.txt)
Implementors MAY include "keep-alives" in their TCP
implementations, although this practice is not universally
accepted. If keep-alives are included, the application MUST
be able to turn them on or off for each TCP connection, and
they MUST default to off.
Keep-alive packets MUST only be sent when no data or
acknowledgement packets have been received for the
connection within an interval. This interval MUST be
configurable and MUST default to no less than two hours.
So, if we look in /proc/sys/net/ipv4 on a recent Linux box, we'll
find three items related to this:
$ ls -l *keep*
-rw-r--r-- 1 root root 0 Feb 8 07:04 tcp_keepalive_intvl
-rw-r--r-- 1 root root 0 Feb 8 07:04 tcp_keepalive_probes
-rw-r--r-- 1 root root 0 Feb 8 07:04 tcp_keepalive_time
$ cat *keep*
That says wait 7200 seconds before sending a keepalive probe,
then send up to 9 at 75 second intervals. Add that all up and it's
2 hours, 11 minutes and 15 seconds before tcp decides the connection
Depending upon what you had in mind, that may be
far too long or far too short. If I put my Mac to sleep for half
an hour while I have lunch, I don't want my ssh connnection dropped.
On the other hand, if I have an application that needs fresh data
from that server every fifteen minutes, I don't want to wait two
hours to find out I have a problem.
There was a version of SCO Unix that set TIME_WAIT very high - 30 minutes if I remember
correctly!. You'd need to
edit /etc/default/inet and change tcp_2msl (milliseconds) to lower the time. No need to stop and restart tcp/ip or reboot if you use "inconfig tcp_2msl (value)"; value between 1 and 65,535. That edits the file and patches the running kernel.
Ricky? Could we have that chorus one more time?
While you can easily muck with tcp's idea of proper values for
these keepalive parameters, the reality is that these are application
problems, and the applications should deal with them. Each
application has its own needs, and should set its own criteria.
How much control you have varies. The Linux telnet daemon
normally does keepalives, but can be told not to by adding "-n"
to its startup parameters:
$ cat /etc/xinetd.d/*telnet*
# default: off
# description: The kerberized telnet server accepts normal telnet sessions, \
# but can also use Kerberos 5 authentication.
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/kerberos/sbin/telnetd
server_args = -n
log_on_failure += USERID
Transport-level keepalive messages are enabled unless the -n option
is present. The use of keepalive messages allows sessions to be
timed out if the client crashes or becomes unreachable.
If keepalives are being used, several parameters may be controlled
using the following options:
The argument n specifies the time (in seconds) that a connection
must be idle before the first keepalive probe will be sent.
The argument n specifies the interval (in seconds) between
keepalive probes if no response is received.
The argument n specifies the number of unanswered keepalive
probes that will be sent prior to dropping the connection.
That's handy. Sshd can turn keepalives on or off in its sshd_config
file, but what's often forgotten is that the client is permitted
to set its own behavior through ssh_config or at invocation:
ssh -o TCPKeepAlive=no foo.foo.com
SSH2 also has an encrypted form of keepalives that go through the
tunnel: (from man ssh_config)
Sets a timeout interval in seconds after which if no data has
been received from the server, ssh will send a message through
the encrypted channel to request a response from the server. The
default is 0, indicating that these messages will not be sent to
the server. This option applies to protocol version 2 only.
Sets the number of server alive messages (see above) which may be
sent without ssh receiving any messages back from the server. If
this threshold is reached while server alive messages are being
sent, ssh will disconnect from the server, terminating the ses-
sion. It is important to note that the use of server alive mes-
sages is very different from TCPKeepAlive (below). The server
alive messages are sent through the encrypted channel and there-
fore will not be spoofable. The TCP keepalive option enabled by
TCPKeepAlive is spoofable. The server alive mechanism is valu-
able when the client or server depend on knowing when a connec-
tion has become inactive.
The default value is 3. If, for example, ServerAliveInterval
(above) is set to 15, and ServerAliveCountMax is left at the
default, if the server becomes unresponsive ssh will disconnect
after approximately 45 seconds.
Let's try that:
$ date;ssh -o TCPKeepAlive=no -o ServerAliveInterval=15 tony@foo;date
Wed Feb 8 07:48:53 EST 2006
(unplug network cable here)
[tony@foo tony]$ Disconnecting: Timeout, server not responding.
Wed Feb 8 07:50:12 EST 2006
Pretty close. But it's seldom so easy or definite. When you combine
system level timouts with application level mechanisms, and both
the client and the server are doimg their own thing, determining
when and how a session will time out can become very confusing,
and getting the precise behavior you want can be frustrating if
you don't have control over both sides of the application.