RE: TCP timeout question [7:48934]
Let me tell you about this experience I have with this and if someone could please explain it. I usually telnet into my mini-lab and open a session for each router and switch. I also have the exec-timeout 0 0 command for the vty interfaces. So at night when I go to bed ... I put my W2K machine into hibernate mode while leaving all the telnet sessions open. So technically, the ethernet interface goes down for the, and the routers/switch still have an open session. The next day I will power up the computer and carry on as if nothing has happened. The connection is still live, the router doesn't force me to login again, etc. I understand the exec-timeout 0 0 means the the connection should not timeout, but if the 'session' is lost when my computer is powered of, shouldn't the router be clever enough to realise that that session is not active, since this is through the network? I understand there is no CD facility since it is vty and not tty. That's a good way I guess to teach people about 'uncleared sessions for BCRAN and how to use the clear line vty x command! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48999t=48934 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TCP timeout question [7:48934]
By default, most OS's will keep the sockets open. When you created a socket, you can include the SO_KEEPALIVE option. This will keep the socket open for tcp_keepalive_interval value of the OS, the defult is 2 hours on microsoft and Solaris sysems. If you do not use this socket options they will stay open forever theoretically unless the OS does some type of housekeeping that closes old/stale file descriptors or something similiar since a socket is simply a file descriptor. This keepalive in the OS is configurable through ndd command in solaris or through the registry in Windows. Thanks everyone for the info. sam sneed wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Lets say we have host A 22.12.12.12 and host B 99.99.99.99. Host B is a server listening on port 3055. Host A connects to the server B and sends data. Now neither host A or B send anything to each other for 1 hour. Is the connection still there? Is there a timeout for the connection? I do not see anything in the RFC's about keepalives for TCP connections, so how would Host B know the difference between host A not sneding data for a long time or host A crashes? If I unplug the power on host A while the TCP connection is up and leave it unplugged for a week and will the server still have the the connection in its tables when I do a netstat -an? I doubt it, so I figure the server must have its own timeout on idle connections? Anyone known any real values for these timeouts for various OS's? Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49032t=48934 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
TCP timeout question [7:48934]
Lets say we have host A 22.12.12.12 and host B 99.99.99.99. Host B is a server listening on port 3055. Host A connects to the server B and sends data. Now neither host A or B send anything to each other for 1 hour. Is the connection still there? Is there a timeout for the connection? I do not see anything in the RFC's about keepalives for TCP connections, so how would Host B know the difference between host A not sneding data for a long time or host A crashes? If I unplug the power on host A while the TCP connection is up and leave it unplugged for a week and will the server still have the the connection in its tables when I do a netstat -an? I doubt it, so I figure the server must have its own timeout on idle connections? Anyone known any real values for these timeouts for various OS's? Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48934t=48934 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TCP timeout question [7:48934]
sam sneed wrote: Lets say we have host A 22.12.12.12 and host B 99.99.99.99. Host B is a server listening on port 3055. Host A connects to the server B and sends data. Now neither host A or B send anything to each other for 1 hour. Is the connection still there? Is there a timeout for the connection? I do not see anything in the RFC's about keepalives for TCP connections, The TCP RFC doesn't include keepalives, as you say. But some implementations use them. It's actually a controversial issue. Some protocol experts consider it a bad feature. It can cause an otherwise good connection to be terminated due to a temporary problem. The host requirements RFC, RFC 1112, says that implementations may implement a TCP keepalive but it must default to off. There's an entire discussion of it in section 4.2.3.6 of that RFC. Keepalive packets are sent when no data or acknowledgement packets have been received for the connection within an interval. This interval must be configurable and must default to no less than two hours. BSD UNIX has a tcp_keepidle variable which is the number of 500-ms clock ticks before sending a keepalive probe. I'm not sure about recent versions, but the default value used to be 14,400 (2 hours). Changing this would affect all TCP sessions that are using the keepalive function. I think I've seen a lot of implementations that have the keepalive set to much shorter than 2 hours, even though the RFC says it shouldn't be shorter. I know I've seen implementations repeatedly resend the previous sequence number with no data, which is what a keepalive looks like, before two hours have elapsed. An application can do its own application-layer probing of the connection, of course, and that's less controversial. For example, BGP sends its own keepalive every 60 seconds. An application can also make sure that connections don't stay open unnecessarily by cleanly closing the connection with FINs or by sending a RESET. A lot of HTTP servers send resets, for example. So that's some info. Not all the pieces of the puzzle. I hope someone else will know more about other specific operating systems and application timers. Good question! Thanks. Priscilla Oppenheimer http://www.priscilla.com so how would Host B know the difference between host A not sneding data for a long time or host A crashes? If I unplug the power on host A while the TCP connection is up and leave it unplugged for a week and will the server still have the the connection in its tables when I do a netstat -an? I doubt it, so I figure the server must have its own timeout on idle connections? Anyone known any real values for these timeouts for various OS's? Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48940t=48934 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TCP timeout question [7:48934]
Someone sent me this link which I think was helpful: http://www.sean.de/Solaris/soltune.html#common I will have to do more research. The problem I need to solve: My firewall keeps connections in its state table for 1 hour. So after one hour if you did a netstat on each host the connection appears up. But when host A sends data to host B, the firewall silently drops the packet. Host A will keep resending and its packets will get dropped. Host A times out and closes its socket. Host B nevers receives the FIN and it still shows the connection is up according to netstat. This is a pain because I have to constantly reeastblish connections between host A and B.I'd like to raise the timeout on my server to a lower value and maybe bump up the timeut value on the firewall to a higher value. I will do my research and post a summary since I've similiar types of posts in the past without complete explanations FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TCP timeout question [7:48934]
I think the RFC that say's keepalives must be at least 2 hours isn't very security conscious. What I mean is if you take a syn attack, it sets up connections and then never sends any data, holding the connection in a half-open state. I know there's a finite number of connections that a host can have open at one time, so once that number is reached, no one else can communicate (I understand that this has been fixed in various ways in different TCP/IP stacks). But I'd have to say that one could hold open a bunch of these sessions, I guess you'd call them open-hung states, and eventually knock off the system as well. I don't think a session should stay open for that long, but at the same time, I wouldn't think it should close after 500 ms of not hearing any data either. I guess you need a balance, but how much I'd have no idea. \\ \]sam sneed wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Someone sent me this link which I think was helpful: http://www.sean.de/Solaris/soltune.html#common I will have to do more research. The problem I need to solve: My firewall keeps connections in its state table for 1 hour. So after one hour if you did a netstat on each host the connection appears up. But when host A sends data to host B, the firewall silently drops the packet. Host A will keep resending and its packets will get dropped. Host A times out and closes its socket. Host B nevers receives the FIN and it still shows the connection is up according to netstat. This is a pain because I have to constantly reeastblish connections between host A and B.I'd like to raise the timeout on my server to a lower value and maybe bump up the timeut value on the firewall to a higher value. I will do my research and post a summary since I've similiar types of posts in the past without complete explanations FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48986t=48934 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
