In this blog entry, I will be discussing TCP keepalive mechanism and will also provide some information about configuration options on Windows systems.
Let's first understand the mechanism. A TCP keep-alive packet is simply an ACK with the sequence number set to one less than the current sequence number for the connection. A host receiving one of these ACKs responds with an ACK for the current sequence number. Keep-alives can be used to verify that the computer at the remote end of a connection is still available. TCP keep-alives can be sent once every KeepAliveTime (defaults to 7,200,000 milliseconds or two hours) if no other data or higher-level keep-alives have been carried over the TCP connection. If there is no response to a keep-alive, it is repeated once every KeepAliveInterval seconds. KeepAliveInterval defaults to 1 second. NetBT connections, such as those used by other Microsoft networking components, send NetBIOS keep-alives more frequently, so normally no TCP keep-alives are sent on a NetBIOS connection. TCP keep-alives are disabled by default, but Windows Sockets applications can use the setsockopt() function to enable them.
Now let's talk a little bit about configuration options. There're 3 registry keys where you can affect TCP Keepalive mechanism on Windows systems:
KeepAliveIntervalKey: Tcpip\ParametersValue Type: REG_DWORD-time in millisecondsValid Range: 1-0xFFFFFFFFDefault: 1000 (one second)Description: This parameter determines the interval between TCP keep-alive retransmissions until a response is received. Once a response is received, the delay until the next keep-alive transmission is again controlled by the value of KeepAliveTime. The connection is aborted after the number of retransmissions specified by TcpMaxDataRetransmissions have gone unanswered.
Notes:TCPIP driver waits for a TCP Keepalive ACK for the duration of time specified in this registry entry.
KeepAliveTimeKey: Tcpip\ParametersValue Type: REG_DWORD-time in millisecondsValid Range: 1-0xFFFFFFFFDefault: 7,200,000 (two hours)Description: The parameter controls how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet. If the remote system is still reachable and functioning, it acknowledges the keep-alive transmission. Keep-alive packets are not sent by default. This feature may be enabled on a connection by an application
Notes:In order for a TCP session to stay idle, there should be no data sent or received.
c) If OS is Windows XP/2003 the following registry entry applies:
TcpMaxDataRetransmissionsKey: Tcpip\ParametersValue Type: REG_DWORD-numberValid Range: 0-0xFFFFFFFFDefault: 5Description: This parameter controls the number of times that TCP retransmits an individual data segment (not connection request segments) before aborting the connection. The retransmission time-out is doubled with each successive retransmission on a connection. It is reset when responses resume. The Retransmission Timeout (RTO) value is dynamically adjusted, using the historical measured round-trip time (Smoothed Round Trip Time) on each connection. The starting RTO on a new connection is controlled by the TcpInitialRtt registry value.
Notes:This registry entry determines the number of TCP retransmissions for an individual TCP segment. There's no special registry entry to determine the retransmission behavior of TCP Keepalives and this registry entry is also used for the TCP keepalive scenario.
Important note: If OS is Windows Vista/2008, the number of TCP Keepalive attempts are hardcoded to 10 and could not be adjusted via the registry.
d) Some special considerations
=> Even if TCP KeepaliveTime and TCPKeepAliveInterval registry keys are set to a specific value (TCPIP driver uses the deafult values even if we don't set these registry keys from the registry), TCPIP driver won't start sending TCP Keepalives until Keepalives are enabled via various methods at upper layers (layers above TCPIP driver).
=> Native Socket applications can enable TCP keepalives by using anyone of the following methods:
- setsockopt() with SO_KEEPALIVE option- WSAIoctl() with SIO_KEEPALIVE_VALS option (it's also possible to change Keepalive timers with this API call dynamically on a per-socket basis)
=> Managed applications (.NET), can use one of the following methods:
- SetSocketOption method from Socket Class in System.Net.Sockets namespace- GetSocketOption method from Socket Class in System.Net.Sockets namespace
=> Effect of using Keepalives on bandwidth usage
Since TCP Keepalives are TCP segments without data (and the SEQ number set to one less than the current SEQ number), Keepalive usage bandwidth usage can simply be neglected. There's an example below to give an idea about how big a TCP Keepalive packet could be:
- 14 bytes (L2 header - Assuming that Ethernet protocol is used. This could be even lower for other WAN protocols like PPP/HDLC/etc)- 20 bytes (IP header - assuming no IP options are used)- 20 bytes (TCP header - assuming no TCP options are used)
Total: ~54 bytes
Even if TCP Keepalive interval is set to 5 minutes or so (default is 2 hours), given that TCP connection goes idle, TCPIP driver will send a ~54 TCP Keepalive message every 5 minutes and as can be seen it could simply be neglected.
You may also find some references below:
References=============================http://www.microsoft.com/downloads/details.aspx?FamilyID=06c60bfe-4d37-4f50-8587-8b68d32fa6ee&displaylang=en Microsoft Windows Server 2003 TCP/IP Implementation Details
http://www.microsoft.com/downloads/details.aspx?FamilyId=12AC9780-17B5-480C-AEF7-5C0BDE9060B0&displaylang=enTCP/IP Registry Values for Microsoft Windows Vista and Windows Server 2008
http://msdn.microsoft.com/en-us/library/ms740476(VS.85).aspx setsockopt Functionhttp://msdn.microsoft.com/en-us/library/ms741621(VS.85).aspx WSAIoctl Functionhttp://msdn.microsoft.com/en-us/library/system.net.sockets.socket.setsocketoption.aspx Socket..::.SetSocketOption Method http://msdn.microsoft.com/en-us/library/system.net.sockets.socket.getsocketoption.aspx Socket..::.GetSocketOption Method
Hope this helps.
Microsoft security guides for Vista, Windows 7 , 2008 and 2008 R2 recommend a value of 3 for the TcpMaxdataRetransmissions key. This key is also mentioned in the TCP/IP Registry Values for Microsoft Windows Vista and Windows Server 2008 document and it also has the same recommendation.
However your note above "Important note: If OS is Windows Vista/2008, the number of TCP Keepalive attempts are hardcoded to 10 and could not be adjusted via the registry. " , what does this mean. Is there some error somewhere. Please advise. Thanks.
Thank you for the feedback Ravindra. There could be some misleading information in some documentations, if you could send me Microsoft links for those documents that you refer to, I can internally initiate change request. Back to how it works in Windows Vista onwards, you can also get more information at the below link:
msdn.microsoft.com/.../ee470551(VS.85).aspx SO_KEEPALIVE Socket Option
On Windows Vista and later, the number of keep-alive probes (data retransmissions) is set to 10 and cannot be changed.