In an earlier post I showed a Java program that will login to an Oracle database and wait for 350 seconds. I also talked about how we set the Linux parameter net.ipv4.tcp_keepalive_time to 60 seconds but that I needed to add (ENABLE=BROKEN) to the TNS connect string to enable the keepalive. I found a helpful post that said to use netstat -a -n -o to see connections that are using TCP keepalive. So, I tried my Java program with and without (ENABLE=BROKEN) and ran netstat -a -n -o both ways and it showed that keepalive was only working with (ENABLE=BROKEN).
with (ENABLE=BROKEN) $ netstat -a -n -o | grep 10.99.94.32 tcp6 0 0 220.127.116.11:44314 10.99.94.32:1523 ESTABLISHED keepalive (27.30/0/0) $ netstat -a -n -o | grep 10.99.94.32 tcp6 0 0 18.104.22.168:44314 10.99.94.32:1523 ESTABLISHED keepalive (41.47/0/0) without (ENABLE=BROKEN) $ netstat -a -n -o | grep 10.99.94.32 tcp6 0 0 22.214.171.124:54884 10.99.94.32:1523 ESTABLISHED off (0.00/0/0)
I edited the IP addresses to obscure them and removed spaces to make it fit better, but the important thing is that with (ENABLE=BROKEN) the 60 second keepalive timer is working, but without it the timer is off.
This information might not be that helpful to others if they do not have this kind of timeout, although I have been told that many firewalls have similar timeouts. Certainly, any AWS customer that connects through their Gateway Load Balancer to an on premises Oracle database would need to know this sort of thing. Hopefully, we are not the only ones in the world doing it this way! But at least I documented it for myself which will be helpful no matter what.