Keep Alive TCP/IP connected sockets over the Internet - when? how? and how much?

Question

UPDATE: Skip to the answer if you want to save yourself the lengthy preamble.

TCP/IP connections KeepAlives are specified to be at least once every

Answer 1

When

When you want to prevent you connection being dropped.

How

By sending something after a period of inactivity possible by either sending TCP/IP KeepAlives or sending something yourself (reccomended since setting the period at which TCP/IP KeepAlives are sent will apply at the system level to all connected sockets instead of at the application level).

How Much

How long is a piece of string? First you have to understand why the connection is dropped:

The reason the connection is dropped is:

Home/commercial "routers" and firewalls which are "stateful" and connection aware tend to drop external TCP connections after some period of inactivity

So it has nothing to do with your application or TCP/IP per se, but to do with the hardware or software your connection goes through. You could do some research into typical periods of inactivity at which home/commercial devices/software you may go through drop a connection (see lists below). However if the peer could be potentially any user on the Internet:

Ultimately if you cannot know what equipment/sofware they go through: allow for a client to set their own period of inactivity (at which to send something to keep the connection alive).

Or send KeepAlives (or your equivalent) at short intervals (of inactivity) to accommodate all cases (though unnecessary traffic is a bad thing an extra packet every few seconds of inactivity nowadays is a drop in the ocean, except mobile networks still). But be warned as per the specification on TCP/IP it is supposed to survive temporary outages so setting it too low could have the undesirable affect of not surviving a temporary outage, from http://aplawrence.com/Bofcusm/2426.html:

The down side of tightening the keepalive parameters is that you also sharply limit TCP's resilience in the face of cable outages. A session whose both ends are alive and ready to run normally stays alive even if an intermediate cable or router is disconnected for a few minutes. If you've told the server to frantically send keepalives, it will notice a cable break and disconnect sessions that would otherwise have survived nicely.

But you would have an outage if your was doing some comms anyway so you have to handle this and I think this concern is outdated as one does not get temporary outages (they are more likely to be permanent - cable unplugged) with todays persistent connections (as opposed to dodgy dial-up say). Should you have an outage you may want to re-establish your connection (such as RDP does) or not (such as Telnet).

Some research into what common applications use:

App    |    KeepAlive sent after    |    configurable    | ref
--------------------------------------------------------------
Telnet |    600 seconds             |          Y         | http://www-01.ibm.com/support/docview.wss?uid=nas14adccb91a24d9ed28625694900513857
MS RDP |    ?

And some research into what devices/software drop inactive connections and when:

Device/SW                |    dropped after    |    configurable    | ref
--------------------------------------------------------------
Windows 2003 Firewall    |    24 hours         |          ?         | http://technet.microsoft.com/en-us/library/cc755604(WS.10).aspx
SonicWall TZ100/200      |     5 mins          |          Y         |  http://www.sonicwall.com/downloads/SonicWALL_TZ_100_200_Series_Getting_Started_Guide.pdf
Netgear FR114P           |     5 mins          |          N         | http://www.broadbandreports.com/forum/remark,4182300
Cisco ASA                |     1 hour          |          Y         | http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/firewall/asa_91_firewall_config/conns_connlimits.html

Please edit to/refine these lists for the benefit of all.

Answer 2

TCP/IP connections KeepAlives are specified to be at most once every two hours.

That's not what it says. It says 'This interval MUST be configurable and MUST default to no less than two hours.'

The problem is this was written in 1989 and is concerned about the cost of sending the extra KeepAlive packet!

The real reason for making keep-alive optional and a 2-hour default if provided is #(2) in that list of reasons - TCP/IP is supposed to survive temporary outages of intermediate equipment, re-routing, etc. It is a useful mechanism for e.g. Telnet servers to detect lost clients.

Disregard the spec and change your system wide KeepAlive interval to lower than 2 hours.

That's not 'disregarding the spec.' That's just changing the default.

Most applications that want long-term connections either provide a ping in their own application protocol or use connection pools that survive connection failures.