For TCP Keepalive parameters in Linux, tcpkeepalive

For TCP Keepalive parameters in Linux, tcpkeepalive

Basic Principles
The Keepalive of TCP can be simply understood as the keep tcp alive, which is used to detect whether the TCP sockets connection is normal or has been disconnected.
The principle of Keeplived is very simple. When a TCP connection is established, the sender creates some timers, some of which are used to handle problems related to keeplaive. When the keepalive timer counts to 0, the sender sends some keepalive data packets that do not contain data to the peer end and enables the ACK flag. If you get a response from the keepalive test package, you can think that the current TCP connection is normal, so you don't have to worry about the specific implementation at the user level. In fact, TCP allows the processing of data streams rather than data packets. Therefore, the zero-byte data packet does not harm the user program.
Enabling keepalive will generate additional traffic to the firewall or vro.
Keepalive mainly undertakes two tasks:
Detect dead peer connections
Keepalive can be used to detect the connection status of the peer before the peer end dies and sends a notification. Kernel errors or forced termination of peer application processes may cause this situation. Another scenario is to use keepalive to check whether the peer is dead. The peer is still alive, but the network has been disconnected before the peer is connected.
Assume A simple TCP connection before host A and host B: There is A simple three-way handshake between host A and host B. A sends SYN to B, and B sends SYN + ACK to, finally, A sends ACK to B. Now a stable TCP connection is established, waiting for a party to transmit data through this channel. Now the problem arises: Unplug the power of host B, and host B will immediately shut down without notifying host A that the current connection is about to be closed. Host A is preparing to receive data, but it is unknown that host B has been shut down. When host B is started, host A and host B are in normal state again. host a knows that there is an active connection with host B, but host B does not. When host A tries to send data to host B through this dead connection, host B will return RST, and host A will take the initiative to close the connection.
Keepalived can notify the sender when the peer host is not reachable to reduce the risk of false positives. In fact, if two hosts in the network have this problem, keepalive will wait for a while before marking a connection port and try again to send the keepalive Packet
__________
|
| A | B |
| _____ |
^
| ---> -------------- SYN --------------> --- |
| --- <------------ SYN/ACK ------------ <--- |
| ---> -------------- ACK --------------> --- |
|
| System crash ---> X
|
| System restart ---> ^
|
| ---> -------------- PSH --------------> --- |
| --- <------------ RST -------------- <--- |
|
2. Stop the TCP connection to the peer end when the network is disconnected.
_______________
|
| A | NAT | B |
| _____ |
^
| ---> --- | ----------- SYN -------------> --- |
| --- <--- | --------- SYN/ACK ----------- <--- |
| ---> --- | ----------- ACK -------------> --- |
|
| <--- Connection deleted from table |
|
| --->-PSH-> --- | <--- invalid connection |
|
2. Use TCP keepalive in Linux
Tcp_keepalive_time
A connection requires the idle time before TCP starts sending the keepalive test data packet. In seconds

Tcp_keepalive_probes
The maximum number of TCP keepalive test packets sent. The default value is 9. If the peer still does not respond after nine keepalive test packets are sent, disable the connection.
Tcp_keepalive_intvl
The interval between sending two TCP keepalive test packets. The default value is 75 seconds.
$ Cat/proc/sys/net/ipv4/tcp_keepalive_time
7200
$ Cat/proc/sys/net/ipv4/tcp_keepalive_probes
9
$ Cat/proc/sys/net/ipv4/tcp_keepalive_intvl
75
You can use echo to temporarily modify
Echo "300">/proc/sys/net/ipv4/tcp_keepalive_time
You can also modify/etc/sysctl. conf to take effect permanently.
$ Grep net. ipv4.tcp _ keepalive_time/etc/sysctl. conf
Net. ipv4.tcp _ keepalive_time = 300
$ Sysctl-p | grep net. ipv4.tcp _ keepalive_time
Net. ipv4.tcp _ keepalive_time = 300

Java enterprise-level general permission security framework source code SpringMVC mybatis or hibernate + ehcache shiro druid bootstrap HTML5

[Download java framework source code]