Enabling SM_ENABLE_TCP_KEEPALIVE by setting the environment variables.
How to verify it is working properly, as there's a firewall in between
the Policy Server and the Web Agent ?
TCP Keep Alive is enabled at the OS level.
Web Agent R12.52 SP1 on RedHat
Policy Server R12.52 SP1 on RedHat
In order to verify TCP Keep Alive is working, capture network traces
and produce a disconnection from the Web Agent to the Policy
Server. When the server detects the other end is disconnected, it will
send the keep alive packets which will be seen in the network trace.
This can be done easier by using your firewall to set a rule to drop
the requests from the Web Agent to the Policy Server when capturing
the network traces. Then, depending on the OS TCP Keep Alive settings,
packets will be seend sending in the network traces following the
intervals set in the system.
First, verify that the environment variable is correctly set to 1 in
both servers by checking the current variables:
Check the current TCP Keep Alive OS settings to know for example the
current interval, so you can see what to expect on the network traces:
# cat /proc/sys/net/ipv4/tcp_keepalive_time
# cat /proc/sys/net/ipv4/tcp_keepalive_intvl
# cat /proc/sys/net/ipv4/tcp_keepalive_probes
If need to change any values, echo the new one:
# echo 600 > /proc/sys/net/ipv4/tcp_keepalive_time
Don't change any value without consulting the sysadmin. For more
information on OS TCP Keep Alive settings, check OS vendor
Also, remember that a restart of the services is needed after setting
the SM_ENABLE_TCP_KEEPALIVE environment variable for the changes to be
The Keep Alive packets in your network traces will look like the
17922 10:33:21.988218 <PS IP> <WA IP> TCP 66 [TCP Keep-Alive] 44443 → 45935 [ACK] Seq=230 Ack=155 Win=14528 Len=0 TSval=4180041061 TSecr=3010560045
17949 10:33:23.263118 <PS IP> <WA IP> TCP 66 [TCP Keep-Alive] 44443 → 45934 [ACK] Seq=20290 Ack=1367 Win=17152 Len=0 TSval=4180042336 TSecr=3010561322
17986 10:33:25.324121 <PS IP> <WA IP> TCP 66 [TCP Keep-Alive] 44443 → 45938 [ACK] Seq=230 Ack=155 Win=14528 Len=0 TSval=4180044397 TSecr=3010563383
17987 10:33:25.330148 <PS IP> <WA IP> TCP 66 [TCP Keep-Alive] 44443 → 45937 [ACK] Seq=17241 Ack=230 Win=14528 Len=0 TSval=4180044403 TSecr=3010563389
When using WireShark tool to review the network traces, use the filter
"tcp.analysis.keep_alive" to see only these packets.
RedHat Support Portal - TCP Keep Alive