Overriding the default Linux kernel 20-second TCP socket connect Timeout

Whatever language or client library you ' re using, you should is able to set the timeout on network socket operations, TYPI Cally split into a connect timeout, read timeout, and write timeout.

However, although you should is able to make these timeouts as small as your want, the Connect timeout in particular have an Effective maximum value for any given kernel. Beyond this point, higher timeout values might request would have no effect-connecting would still time out after a sh Orter time.

The reason TCP connects is special is, the establishment of a TCP connection has a special sequence of packets Starti Ng with a SYN packet. If no response is received to this initial SYN packet, the kernel needs to retry, which it may has to do a couple of time S. All kernels I know of wait a increasing amount of time between sending SYN retries, to avoid flooding slow hosts.

All kernels put a upper limit on the number of times they would retry SYNs. On bsd-derived kernels, including Mac OS X, the standard pattern is, the second SYN would be second 6 seconds after the First, then a third SYN seconds after that and then the connect times out after a total of around seconds.

On Linux However, the default retry cycle ends after just seconds. Linux does send SYN retries somewhat faster than bsd-derived Kernels-linux supposedly sends 5 SYNs in this seconds, b UT this includes the original packet (the retries is after 3s, 6s, 12s, 24s).

The end result though is so if your application wants a connect timeout shorter than 20s, no problem, but if your applic Ation wants a connect timeout longer than 20s, you'll find that the default kernel configuration would effectively chop it Back to 20s.

Changing this upper timeout limit was easy, though it requires the change a system configuration parameter and so you WI ll need to has root access to the box (or get the system administrators to agree to change it for you).

The relevant sysctl tcp_syn_retries is and which for IP V4 are net.ipv4.tcp_syn_retries .

Be conservative in choosing the value of the it to. Like BSD, the SYN retry delays increase in time (albeit doubling rather than tripling), so a relatively small increase in The number of retries leads to a large increase in the maximum connect timeout. In a perfect world, there would is no problem with have a very high timeout because applications ' connect timeouts'll Come into play.

However, many applications do not set a explicit connect timeout, and so if you set the kernel to ten minutes, you ' re prob Ably going to find something hanging for ages sooner or later when a remote host goes down!

I recommend that the set it to a value of 6, 7, or at the most 8. 6 gives an effective connect timeout ceiling of around 7 seconds gives around, and 8 seconds gives Ds.

To the running kernel, you can use The/proc interface:

Or Use the SYSCTL command:

# sysctl net.ipv4.tcp_syn_retriesnet.ipv4.tcp_syn_retries = AA sysctl-w net.ipv4.tcp_syn_retries=6net.ipv4.tcp_syn_ Retries = 6

To do this value stick across reboots however you need to add it to /etc/sysctl.conf :

Net.ipv4.tcp_syn_retries = 6

Most Linux installations support reading sysctls from the files /etc/sysctl.d in, which are usually better practice as it makes it easi Er to administer upgrades, so I suggest you put it in a file there instead.

(I see no reason you ' d want-to-sysctl, but note that the values of 4 or less are seem to be treated as 4-total t Imeout 9s.)

[Ref]http://www.sekuda.com/overriding_the_default_linux_kernel_20_second_tcp_socket_connect_timeout

Overriding the default Linux kernel 20-second TCP socket connect Timeout