Linux 操作系統中基于 TCP keep-alive的超時檢測和保活機制
作者:IT明哥
如果執行 JAVA 程序時,遇到如下錯誤,Exception in thread "main" java.lang.NoSuchFieldError: TCP_KEEPIDLE,通常是因為使用的 JDK 版本不支持 TCP_KEEPIDLE等jdk.net.ExtendedSocketOptions 擴展選項, 這些擴展選項是 Java 9 才正式引入的,只有部分版本的Java 8 支持該選項。
1. OBPROXY 基于TCP keep-alive的超時檢測和保活機制
- 在分析某數據包時,我們發現,針對空閑的TCP連接,obproxy 服務端每隔5分鐘都會發送一些特殊的 tcp數據包,這些數據包在wireshark中顯示為 [TCP KEEP-ALIVE],其示例如下::
- 這些數據包其實就是大名鼎鼎的tcp keep-alive 心跳包。而 obproxy 之所以會發送這些心跳包,其實是因為obproxy 開啟了其SO_KEEPALIVE 選項(keep-alive packets are sent only when the SO_KEEPALIVE socket option is enabled),并使用了 LINUX 操作系統的 socket 套接字級別的基于 tcp keep-alive的超時檢測和保活機制,該機制的詳情見后文。
- obproxy相關參數和配置方式如下:
alter proxyconfig set server_tcp_user_timeout = 0;
alter proxyconfig set sock_option_flag_out = 3;
alter proxyconfig set server_tcp_keepidle = 5;
alter proxyconfig set server_tcp_keepintvl = 5;
alter proxyconfig set server_tcp_keepcnt = 2;
alter proxyconfig set client_sock_option_flag_out = 3;
alter proxyconfig set client_tcp_keepidle = 5;
alter proxyconfig set client_tcp_keepintvl = 5;
alter proxyconfig set client_tcp_keepcnt = 2;
alter proxyconfig set client_tcp_user_timeout = 0;
alter proxyconfig set skip_proxyro_check=true;2. LINUX基于TCP keep-alive的超時檢測和保活機制
Linux操作系統中,基于TCP keep-alive的超時檢測和保活機制,分為兩個層面,一個是操作系統級別的,一個是 socket 套接字級別的。
2.1. LINUX中操作系統級別的基于TCP keep-alive的超時檢測和保活機制
操作系統級別的,基于TCP keep-alive的超時檢測和保活機制,主要跟以下幾個內核參數相關,可以在操作系統層面,通過 sysctl 命令查看和更改這些內核參數:
- /proc/sys/net/ipv4/tcp_keepalive_intvl: 默認 75秒,The number of seconds between TCP keep-alive probes;
- /proc/sys/net/ipv4/tcp_keepalive_probes: 默認 9 次,The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end;
- /proc/sys/net/ipv4/tcp_keepalive_time: 默認 7200 秒即2小時,The number of seconds a connection needs to be idle before TCP begins sending out keep-alive probes. Keep-alives are sent only when the SO_KEEPALIVE socket option is enabled. An idle connection is terminated after approximately an additional 11 minutes (9 probes an interval of 75 seconds apart) when keep-alive is enabled;
- sysctl net.ipv4.tcp_keepalive_time
- sysctl net.ipv4.tcp_keepalive_intvl
- sysctl net.ipv4.tcp_keepalive_probes
2.2. LINUX中socket套接字級別的基于TCP keep-alive的超時檢測和保活機制
socket 套接字級別的,基于TCP keep-alive的超時檢測和保活機制,則需要相關應用在其代碼中,指定如下這些 socket 套接字選項,事實上 obproxy 就是利用了該機制:
- TCP_KEEPIDLE:the amount of time until the first keepalive packet is sent;
- TCP_KEEPCNT:the number of probes to send;
- TCP_KEEPINTVL:the interval between keepalive packets;
3. JAVA中如何指定 socket端口級別的基于TCP keep-alive的超時檢測和保活機制
JDK11及之后的版本,也支持socket端口級別的,基于TCP keep-alive的超時檢測和保活機制配置,事實上大部分 JDK8 版本,也在代碼層面通過 backport 支持了該機制,相關源碼如下:
- java.net.StandardSocketOptions
- java.net.StandardSocketOptions#SO_KEEPALIVE
- jdk.net.ExtendedSocketOptions
- When the SO_KEEPALIVE option is enabled, TCP probes a connection that has been idle for some amount of time. The default value for this idle period is 2 hours which is too long for most applications. The TCP_KEEPIDLE, TCP_KEEPCOUNT, TCP_KEEPINTERVAL option can be used to affect this value for a given socket.
- The default idle time for SO_KEEPALIVE is 2 hours, too long for most applications. Some operation systems have support to configure the idle time on a per connection basis (Linux has TCP_KEEPIDLE, Windows has SIO_KEEPALIVE_VALS). We should consider exposing an extended socket option to configure this.
- TCP_KEEPIDLE, TCP_KEEPCOUNT, and TCP_KEEPINTERVAL are non-standard socket options supported on several platforms to provide fine control over the TCP/IP keep alive mechanism. It should be possible to set these socket options via the setOption method defined by java.net.Socket and java.nio.channels.SocketChannel.
- Add a JDK-specific socket option that supports setting TCP_KEEPIDLE, TCP_KEEPCOUNT, TCP_KEEPINTERVAL, on platforms that support it. The option can be set/get through the existing set/getOption methods on Socket and NetworkChannel.
圖片
圖片
注意:如果執行 JAVA 程序時,遇到如下錯誤,Exception in thread "main" java.lang.NoSuchFieldError: TCP_KEEPIDLE,通常是因為使用的 JDK 版本不支持 TCP_KEEPIDLE等jdk.net.ExtendedSocketOptions 擴展選項, 這些擴展選項是 Java 9 才正式引入的,只有部分版本的Java 8 支持該選項。
4. 參考鏈接
責任編輯:武曉燕
來源:
明哥的IT隨筆
