How to keep TCP sessions alive for extended periods of time?

Resolution

There are several layers that would affect the remote network session, include application layer, tcp layer and link layer.
Here we list out some common places that usually need to consider with.

Bash time out setting

• If bash time out variable set up, it will let idle session timeout.
• You can check and change this variable or disable it on your bash shell.

# export | grep TMOUT              # Check if bash shell timeout is set or not
# echo "TMOUT=9999" >> ~/.bashrc   # Change the value

• For more information about TMOUT, please refer to: How do I configure the shell to logout automatically after a period of idle time in Red Hat Enterprise Linux?

openssh-servers & openssh-clients

For details of openssh timeout configuration see Which options can be use to configure ssh's timeout?

vsftpd

• Below directive can be changed for idle time out.

# vi /etc/vsftpd/vsftpd.conf
      idle_session_timeout=0

From its manual page:

Specifies the maximum amount of time between commands from a remote client.
Once triggered, the connection to the remote client is closed.
The default value is 300. 

Being disconnected, because network outage

• When options which is related keepalive of kernel parameter or daemon side config or client config are enables, it will terminate tcp session according those options.
• For example, when you think of following kernel parameter options as an example, first keepalive packets will be started to send after 600 seconds after that next packets will be sent every 60 second later for 20 times.
• When client or server do not answer at all for this period time, tcp session will be considered broken one and it will be terminated.

# echo 600 > /proc/sys/net/ipv4/tcp_keepalive_time
# echo 60 > /proc/sys/net/ipv4/tcp_keepalive_intvl
# echo 20 > /proc/sys/net/ipv4/tcp_keepalive_probes

• For more information refer article What is TCP keepalive, how do I change it and how can I tell it is enabled on a particular socket?.

Link Layer

• The firewall also maintains an idle timer for each connection.
• If no packets have been sent through the connection before the idle timer expires, the firewall immediately terminates the connection and deletes it from its conn table.
• The idle timeout is usually set to 60 minutes.
• Please check with your network admin.
• For example, Case of ASA 5500

hostname(config-pmap-c)# set connection timeout tcp hh:mm:ss [reset] 

The tcp hh:mm:ss keyword
sets the idle timeout between 0:5:0 and 1193:00:00.
The default is 1:0:0.
You can also set this value to 0, which means the connection never times out.
The reset keyword sends a reset to TCP endpoints when the connection times out.
The adaptive security appliance sends the reset packet only in response to a host sending another packet for the timed-out flow (on the same source and destination port).
The host then removes the connection from its connection table after receiving the reset packet.
The host application can then attempt to establish a new connection using a SYN packet.

Note : This network appliance setting can be overcome by using tcp_keepalive.
When keepalive variables are set up to send keepalive packets to a server or client under idle timeout numbers of the appliance, the appliance will not recognize session as idle connection.