TCP/IP settings

Edit online

You can verify and update the TCP/IP parameter values if you observe timeout failures when you access a directory server.

If an LDAP server is protected behind a firewall, socket connection requests might timeout and can result in intermittent authentication failures. The socket connection request failures are because of a mismatch between the connection timeout settings of firewall and the frequency of keep alive network packets of an operating system.

If socket connection failures occur, decrease the operating system network parameters that control the interval between the keep alive packets. The interval between two subsequent keep alive packers are also referred as the keep alive interval.

The parameters that control the keep alive frequency vary with each operating system. You must set the keep alive interval value lesser than the connection timeout value of the firewall. If you do not know the value of the firewall setting, set keep alive interval value to 2 minutes and verify.

The closed TCP/IP connections between the client and the LDAP server are cleaned at system-specified intervals. The LDAP server performance might degrade in environments where the connections are opened or closed at a high frequency. On Microsoft Windows systems, you can modify the registry keys to reduce the interval between the cleaning process.

AIX®
To change the TCP/IP parameter values on an AIX system, run the following command:
no -o parametername=value
You can use the command to change the following parameter values:
tcp_keepidle
Specifies the duration of time to keep the connection active. If you set this parameter, TCP generates a KEEPALIVE transmission for an application that requests to keep connection active. This value is defined in half second (1/2) unit and defaults to 14,400 units (7200 seconds or 2 hours). The tcp_keepidle parameter is a runtime parameter. You must assign a value to tcp_keepidle that is less than the connection timeout value of the firewall. If you do not know the value of the firewall setting, set keep alive interval value to 2 minutes and verify.
tcp_keepinit
Sets the initial timeout value for a TCP connection. This value is defined in half second (1/2) unit, and defaults to 150 (75 seconds). You can change the value with the -o parameter. The tcp_keepinit parameter is a runtime parameter.
tcp_keepintvl
Specifies the interval between packets that are sent to validate the connection. This value is defined in half second (1/2) unit, and defaults to 150 (75 seconds). The tcp_keepintvl parameter is a runtime parameter.
Windows
To change the TCP/IP settings on a Windows system, set the following registry keys:
Note: You must set the parameters on both the client and server systems.
  1. Access the command prompt.
  2. Run the regedit command to open Registry Editor.
    > regedit
  3. In the Registry Editor window, expand Computer > HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > services > Tcpip > Parameters.
  4. If the TcpTimedWaitDelay entry is not in the registry, add TcpTimedWaitDelay.
  5. Set the DWORD value of the TcpTimedWaitDelay entry to 1e, which sets the value to 30 seconds.
  6. If the StrictTimeWaitSeqCheck entry is not in the registry, add TcpTimedWaitDelay.
  7. Set the DWORD value of the StrictTimeWaitSeqCheck entry to 1.
  8. Restart the system.
Linux®
To change the TCP/IP parameter values on a Linux system temporarily until the next restart, run the following command:
sysctl -w net.ipv4.parametername = value
To set the values permanently, run the following command:
  1. Update /etc/sysctl.conf file with:
    net.ipv4.parametername = value
  2. Run the following command:
    RHEL
    chkconfig sysctl on
    SUSE
    chkconfig boot.sysctl on
You can use this command to change the following parameter values:
tcp_keepalive_time
Specifies the interval between the last data packet sent and the first keepalive probe in seconds.
tcp_keepalive_intvl
Specifies the interval between subsequent keepalive probes in seconds.
tcp_keepalive_probes
Specifies the number of probes that are sent and unacknowledged before the client considers the connection broken and notifies the application layer.
Solaris
To change the TCP/IP parameter values on a Solaris system, run the following command:
ndd -set /dev/tcp parameternamevalue
You can use this command to change the following parameter values:
tcp_time_wait_interval
Specifies the duration that a TCP connection stays in TIME-WAIT state in milliseconds.
tcp_keepalive_interval
Specifies the the interval between probes in milliseconds.