How to verify if SM_ENABLE_TCP_KEEPALIVE is working?

Document ID : KB000015634
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

We have just enabled SM_ENABLE_TCP_KEEPALIVE by setting the environment variables and would like to verify it is working properly, as we have a firewall in between the Policy Server and the Web Agent.

How we could verify it?

We already ensured our RedHat Linux servers have TCP Keep Alive enabled.

Environment:
Web Agent R12.52 SP1 on RHELPolicy Server R12.52 SP1 on RHEL
Answer:

In order to verify TCP Keep Alive is working, you can capture network traces and produce a disconnection from the Web Agent to the Policy Server. When the server detects the other end is disconnected, it will send the keep alive packets which will be seen in the network trace.

This can be done easier by using your firewall to set a rule to drop the requests from the Web Agent to the Policy Server when capturing the network traces. Then, depending on the OS TCP Keep Alive settings, you will see the packets being sent in the network traces following the intervals set in the system.

First, verify that the environment variable is correctly set to 1 in both servers by checking the current variables: SM_ENABLE_TCP_KEEPALIVE=1

You can check the current TCP Keep Alive settings in your OS to know for example the current interval, so you can see what to expect on the network traces:

# cat /proc/sys/net/ipv4/tcp_keepalive_time
7200
# cat /proc/sys/net/ipv4/tcp_keepalive_intvl
75
# cat /proc/sys/net/ipv4/tcp_keepalive_probes
9

If need to change any values, you can echo the new one:

# echo 600 > /proc/sys/net/ipv4/tcp_keepalive_time

Do not change any value without consulting your sysadmin. For more information on OS TCP Keep Alive settings, check OS vendor documentation: RedHat Support Portal - TCP Keep Alive

Also, remember that you need to restart the services after setting the SM_ENABLE_TCP_KEEPALIVE environment variable for the changes to be applied.

The Keep Alive packets in your network traces will look like the following:
17922    10:33:21.988218    <PS IP>    <WA IP>    TCP    66    [TCP Keep-Alive] 44443 → 45935 [ACK] Seq=230 Ack=155 Win=14528 Len=0 TSval=4180041061 TSecr=3010560045
17949    10:33:23.263118    <PS IP>    <WA IP>    TCP    66    [TCP Keep-Alive] 44443 → 45934 [ACK] Seq=20290 Ack=1367 Win=17152 Len=0 TSval=4180042336 TSecr=3010561322
17986    10:33:25.324121    <PS IP>    <WA IP>    TCP    66    [TCP Keep-Alive] 44443 → 45938 [ACK] Seq=230 Ack=155 Win=14528 Len=0 TSval=4180044397 TSecr=3010563383
17987    10:33:25.330148    <PS IP>    <WA IP>    TCP    66    [TCP Keep-Alive] 44443 → 45937 [ACK] Seq=17241 Ack=230 Win=14528 Len=0 TSval=4180044403 TSecr=3010563389

If you are using WireShark tool to review the network traces, you can use the filter "tcp.analysis.keep_alive" to see only these packets.