Monday, 17 January 2011

IPv6 Part 1

Some trivia

Why 128 bit ?  - It was a compromise between a fixed 64 bit and a variable 160 bits (google OSI NSAP for more)

How many IP addresses ? - 340,282,366,920,938,463,463,374,607,431,768,211,456

What about IPv5 ? -  Used by ST - a stream protocol and not related to IP

Key Differences
  • More IPs
  • Different Header format
  • Extension support
  • Flow labeling
  • Authentication support


  • Very simplified (See
  • 20 bytes + Options in IPv4 Vs  12 fields (40 bytes) in IPv6
  • Base header no longer contains fragmentation options
  • Header no longer contains any checksum
  • Time to live (TTL) is now called Hop Limit
  • Support for traffic classes
  • Extensibility in headers. Options are not limited to the 40 bytes

Sunday, 9 January 2011

TCP timers and keepalives

Netstat -o includes tcp timers which are useful for Apache keepalive analysis.

netstat -ntpo | grep ESTAB | egrep ":80|:443"

Output looks like this

The last column denotes what the connection is doing.

  • 'on' - Actively transfering data.

  • 'off' - Currently disconnecting

  • 'keepalive' - Connections are using TCP keepalives. The first number denotes the time in seconds from when the last data was transferred until when the next TCP keepalive probe will be sent. By default this starts at 7200s, and resets again every time more data is sent. If the value is low , for eg. 4000 seconds , it means some of the keep alive connections are hanging or doing nothing for a long period. Note, connections to internal proxy or other internal processes might hang longer but this should not happen to web based connection.

  • The defaults are dictated by the sysctl values :-

  • ''net.ipv4.tcp_keepalive_probes'' - How many keepalive probes TCP sends out, until it decides that the connection is broken. Default value: 9.

  • ''net.ipv4.tcp_keepalive_time'' - How often TCP sends out keepalive messages when keepalive is enabled. Default: 2hours (7200 seconds)

  • ''net.ipv4.tcp_keepalive_intvl'' - How frequently the probes are send out. Multiplied by tcp_keepalive_probes it is time to kill not responding connection, after probes started. Default value: 75sec i.e. connection will be aborted after ~11 minutes of retries.

  • More information on the sysctly values can be found in the kernel documentation ''/usr/share/doc/kernel-doc-/Documentation/networking/ip-sysctl.txt''