On 7/17/23 20:29, Ben Hutchings wrote:
But the router's package filter will have lost state after a reboot,
and reject packets from tcp connections that the clients assume to
exist. This is not a problem with udp, because connection-less.
>
Ah, I see. You didn't mention that there was dynamic NAT involved
before.
Because it isn't. What is involved is a stateful packet filter (FreeBSD
pf). I said
| We run nfs through a router (several client subnets accessing servers
| in an internal server subnet), and found nfs over udp a lot more
| robust in the face or router reboots.
If an NFS server is rebooted abruptly (so it doesn't properly close TCP
connections), once it's back up it will respond to any requests from
clients with a TCP RST, and they should reconnect.
Understood, and not relevant here.
If a NAT router between client and server is rebooted, I think that
something similar should happen, but the router would need to send the
TCP RST instead.
After a router reboot, the stateful packet filter will have lost
information on active tcp connections, and (rightfully) reject packets
for what the nfs clients (rightfully) see as an existing connection.
Is your router configured to send a TCP RST when receiving a packet for
an unknown connection, or does it just drop those packets? (In
iptables this is the difference between REJECT and DROP policies.)
The router defaults to returning RST.
Anyway: I am not asking for an udp default here, but simply for Debian
to keep providing the _option_, and leave the decision to me, the admin.
Cheerio,
Hauke
--
The ASCII Ribbon Campaign Hauke Fath
() No HTML/RTF in email Institut für Nachrichtentechnik
/\ No Word docs in email TU Darmstadt
Respect for open standards Ruf +49-6151-16-21344
