wp | anoopdotnet

Because I always forget how.

In any enterprise level application environment, you’ll find that your tiers are segregated by a firewall.

In some cases, you may see this type of architecture

FIREWALL -> WEB -> FIREWALL -> APP -> FIREWALL -> DB

or even

FIREWALL -> WEB -> FIREWALL -> APP/DB

In both designs, which are somewhat similar, you may potentially run into keepalive issues.

Keepalives are essentially messages sent between two devices on a specified interval to verify the state of the connection between them. If a message is not acknowledged by the receiving device, then the transmitting device assumes the connection is down and then will find another way to route data until that connection is re-established (if it does which usually, it doesn’t)

Keepalives are essential in environments where you’re using connection pools. Web servers may sometimes use a connection pool to talk to an application server like tomcat or weblogic. Application servers frequently use database connection pools to ensure that the performance is optimal.

Most connection pools will have a keep alive setting so you should leverage that when you can. Some connection pools do not. Mod_weblogic for example doesn’t have it’s own keep alive value. It can be enabled or disabled but by default, it will use the system keepalive interval which on RHEL/CentOS systems is set to 7200 seconds (two hours).

To check your current system keepalive settings

# sysctl -a | grep net.ipv4.tcp_keepalive
net.ipv4.tcp_keepalive_intvl = 75
net.ipv4.tcp_keepalive_probes = 9
net.ipv4.tcp_keepalive_time = 7200


net.ipv4.tcp_keepalive_intvl is the frequency by which keepalive messages are sent.
net.ipv4.tcp_keepalive_probes tells your system how many unacknowledged keepalive messages should be ignored before considering the connection to be dead.
net.ipv4.tcp_keepalive_time tells your system how long to wait before sending the first keepalive message after the last packet. This is the biggie!

I don’t understand why 7200 seconds was chosen as a number. In my environment here, the firewall can drop idle connections after one hour and sometimes even less depending on how big the connection table can get (I’m looking at you checkpoint).

So I normally trim these down so that the keepalive time is less and the number of probes is more. The interval is also reduced by a bit but that’s not really important. You would normally make these changes on the server that is initiating the connection. A webserver, or an application server. Sometimes a DB server but not always.

in /etc/sysctl.conf, add these lines (or modify them if they’re already there)


net.ipv4.tcp_keepalive_intvl = 60
net.ipv4.tcp_keepalive_probes = 20
net.ipv4.tcp_keepalive_time = 300


To put these settings into effect, run


sysctl -p /etc/sysctl.conf


and now retest with sysctl -a

Once set, you will need to restart your webserver or app server so it sees the new settings. This allows you to start with a fresh set of connections that you can actually monitor using netstat.

You should be able to corroborate on both ends of the connection, the ports, state and number of connections which tells you that things are A-OK!

Hope this helps.

I love find

There is no other way to put it. It’s such a fantastic tool and once you get used to it, you almost never use the sub par “locate” utility to find files.

Some of my favorite find switches and one liners are listed below. Explanations too.

Find all directories in the current directory only without going any deeper that start with “20″. Note that I have included ‘-mindepth 1′ and there is a reason for that. Try excluding it and you’ll see exactly what I mean.

find ./ -maxdepth 1 -mindepth 1 -type d -name "20*"


Find all files named config.php in this directory and all sub directories. Print the name of the file and run ‘ls -al’ on the file. run a grep command for “string1″ (case insensitive) against the files. I find this command very useful in doing a single replacement across many files. It helps me determine what will change if I run a mass replacement. The “{}” at the end is the name of the file that is replaced in the command. Without that, you will get an error.

find ./ -name "config.php" -ls -print -exec grep -i string1 {} \;


Now I can find those same files and then run a sed command that will replace all occurrences of string1 with string2. The “-i” in this case tells sed to make the change to the file in place without creating a new file. This way you have less to clean up but be careful because there is no backup. If you want to backup the file, use “-i” where is the extension you want the backup file to have. E.g. -i.bak

find ./ -name "config.php" -exec sed -i "s/string1/string2/g" {} \;

Another use of exec where you sub {} for the file name allows you to do cool things like back up many different files with the same condition. In this case, anything that is “config.*” will be “config.*.bak”.

find ./-name "config.*" - exec cp {} {}.bak \;

Find any directories that have a no permissions for group and others. This is important if you want to find directories that don’t have permissions that are needed for users to enter a directory. After this, you can use -exec chmod 755 {} \; to change the permissions appropriately.

find ./ -type d -perm 0700


Find any files that are owned by a particular user. You can also specify “-group” to find files by user and group names. I use this to find files owned by “root” in home directories and then chown them to the appropriate user.

find ./ -user "username"


The -exec feature in find is perhaps the most valuable aspect of “find”. I use it several times a day in combination with sed and awk to do all sorts of one liners that would normally need a script.

Don’t forget that you can do all sorts of really neat things with find, sed, awk if you use regular expressions.