Mastering TCP & HTTP Keepalive: Preventing Half-Open Connections

TCP Keepalive

Concept

TCP keepalive is a timer in the TCP stack that periodically sends a probe packet to the remote endpoint to verify that the connection is still alive, preventing the connection from entering a half‑open state.

Purpose

The probe detects whether the peer is still reachable, avoiding situations where one side believes the connection is open while the other has already closed it.

Mechanism

When a TCP connection is established, a timer tcp_keepalive_time counts down. If no data is exchanged before the timer expires, the kernel sends a keepalive probe. If the probe receives no response, a second timer tcp_keepalive_probes triggers additional probes at intervals defined by tcp_keepalive_intvl. Successful responses reset the original timer, keeping the connection alive.

The three tunable parameters are exposed as files in the Linux proc filesystem:

/proc/sys/net/ipv4/tcp_keepalive_time
/proc/sys/net/ipv4/tcp_keepalive_intvl
/proc/sys/net/ipv4/tcp_keepalive_probes

Each endpoint maintains a buffer file for incoming data; closing this file effectively drops any further data, which is why a half‑open connection can waste resources.

To inspect the buffer for a specific port, run: lsof -i :8080 Replace 8080 with the actual listening port.

HTTP Keepalive

Concept

HTTP persistent connection (also called HTTP keep‑alive or connection reuse) allows multiple HTTP request/response pairs to share a single TCP connection, reducing the overhead of establishing new connections. HTTP/2 extends this idea with multiplexing.

Purpose

By reusing the TCP connection, a server can transmit more data during the lifetime of a single connection, improving throughput and latency.

Mechanism

After a client receives a response, an HTTP‑level timer starts. If the timer expires before the next request, the server closes the connection. Any new request before expiration resets the timer.

Below is a Python socket example that illustrates how HTTP keepalive controls the release of the underlying TCP connection.

The example uses raw sockets instead of higher‑level libraries (e.g., requests) to focus on the socket management logic without additional abstraction.

Relationship Between TCP and HTTP Keepalive

TCP keepalive acts as a kernel‑level safety net, ensuring that idle or half‑open sockets are eventually reclaimed, which prevents the system from exhausting its maximum socket limit.

HTTP keepalive operates at the application layer, allowing web frameworks to close idle connections sooner than the kernel’s default timeout, thereby freeing resources more quickly for new requests.

Both timers run independently: the kernel’s TCP timer and the application’s HTTP timer coexist without conflict.

Practical Configuration Tips

Server software exposes its own keepalive settings. For example, Gunicorn provides a keepalive option, and Nginx uses keepalive_timeout. These parameters control how long the server waits for the next request before closing the connection.

When multiple services share the same host, the global TCP keepalive settings affect all of them, so coordination is required.

Typical recommendations for Gunicorn:

Generally set in the 1‑5 second range for servers with direct client connections; increase the value when behind a load balancer.

It is important to align the timeout values of Nginx and the backend service to avoid premature connection termination, which can lead to dropped data and increased latency.