Linux Parameter ‚tcp_keepalive_time‘ – sets the idle time (in seconds) a TCP connection must remain inactive before the kernel starts sending keepalive probes to check if the other end is still responsive and the default value is 7.200 seconds (2 hours)

The tcp_keepalive_time is part of a three-parameter system:

tcp_keepalive_time – the initial idle time before the first probe is sent (default: 7.200 seconds)
tcp_keepalive_intvl – the interval (in seconds) between subsequent keepalive probes if the previous one doesn’t receive an acknowledgment (default: 75 seconds)
tcp_keepalive_probes – the number of failed probes after which the connection is considered broken and is closed (default: 9)

root@pve-ubuntu-01:~# sysctl net.ipv4.tcp_keepalive_time net.ipv4.tcp_keepalive_intvl net.ipv4.tcp_keepalive_probes
net.ipv4.tcp_keepalive_time = 7200
net.ipv4.tcp_keepalive_intvl = 75
net.ipv4.tcp_keepalive_probes = 9

root@pve-ubuntu-01:~#

Change temporarily for testing:

root@pve-ubuntu-01:~# sysctl -w net.ipv4.tcp_keepalive_time=900 # Sets the time to 15 minutes
root@pve-ubuntu-01:~# sysctl -a | grep keep
net.ipv4.tcp_keepalive_intvl = 75
net.ipv4.tcp_keepalive_probes = 9
net.ipv4.tcp_keepalive_time = 900
net.ipv6.conf.all.keep_addr_on_down = 0
net.ipv6.conf.default.keep_addr_on_down = 0
net.ipv6.conf.eth0.keep_addr_on_down = 0
net.ipv6.conf.lo.keep_addr_on_down = 0

Always set keepalive less than firewall timeout with intvl and probes tuned for your use case

This entry was posted on Mittwoch, September 17th, 2025 at 14:26 and is filed under Administration, Linux Solution, Network Info. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.