Should it ? to be honest I wasn't clear so I dug up some discussion on Jetty mailing list, they have interesting discussion about HTTP implementation of keep-alive [1], turns out they do not support this setting (over simplifying) but this is for http...
Knox uses Jetty's implementation of Websockets, after successful handshake we create a new socket, it does not appear that it uses Keep-Alive setting at all. Instead it relies on the session close signal between the clients if either of them close the connection (or in case of failure) then connection is severed. IMO there is really no use of keep-alive here. Let me know what you think ! Best, Sandeep [1] http://dev.eclipse.org/mhonarc/lists/jetty-users/msg07976.html On Mon, Sep 11, 2017 at 4:11 PM, Johan Wärlander <[email protected]> wrote: > Hmm.. Shouldn't the websocket connections inherit the system wide settings > for keepalive, as long as the application doesn't specifically set anything > up? > > Regards, > Johan > > On mån 11 sep. 2017 21:55 Sandeep More <[email protected]> wrote: > >> Hello Vin, >> >> I am afraid we cannot configure TCP KeepAlive property for websockets. >> You could try to send a ping from the client to keep the connection active >> but I am guessing you have already tried that :) >> >> Best, >> Sandeep >> >> On Sat, Sep 9, 2017 at 3:40 AM, Vin J <[email protected]> wrote: >> >>> Hi Sandeep, >>> >>> The situation is like this: >>> >>> client <--> internet gateway/firewall <--> knox gateway <--> backend >>> service >>> >>> Setting websocket timeouts in knox doesn't help (it is already set to a >>> larger value) as it doesn't do anything to keep connection between client >>> and knox gateway "active". If there is no client activity for a few mins, >>> the internet gateway/firewall in the middle times out the TCP connection. >>> So knox is not the one shutting down the connection here. >>> >>> One easy solution to prevent this is to turn on TCP keepalive on the >>> connection. That way the internet gateway/firewalls know the connection is >>> active and should be kept alive. So I was looking to see if we could >>> potentially do that from the knox side. >>> >>> >>> On Fri, Sep 8, 2017 at 11:25 PM, Sandeep More <[email protected]> >>> wrote: >>> >>>> Hello Vin, >>>> >>>> If you specifically need to set the ability to control the timeouts for >>>> websocket Knox has couple of options >>>> >>>> 1. gateway..websocket.async.write.timeout - default value 60000 ms >>>> 2. gateway.websocket.idle.timeout - default value 300000 ms >>>> >>>> You can set these values in gateway-site.xml config. >>>> Let me know if that works. >>>> >>>> Best, >>>> Sandeep >>>> >>>> >>>> >>>> On Fri, Sep 8, 2017 at 1:27 PM, Vin J <[email protected]> wrote: >>>> >>>>> Hi, >>>>> >>>>> Is there a way to control TCP/IP settings applied on connections that >>>>> Knox accepts? So Knox would ensure something like custom socketOptions >>>>> <https://docs.oracle.com/javase/7/docs/api/java/nio/channels/SocketChannel.html#setOption(java.net.SocketOption,%20T)> >>>>> are applied by Jetty on an inbound connection. >>>>> >>>>> The specific need I have is to enable TCP keepAlive on WebSocket >>>>> connections that Knox is accepting for a backend service. We see >>>>> gateways/firewalls timing out TCP connections under these WebSockets if >>>>> they are idle for 2-3 mins unless there's TCP keepAlive probes flowing >>>>> during the idle period. And since there's usually a user interface on the >>>>> other side of a WebSocket it is not unusual for it to be idle for a few >>>>> mins between user activity. Ability to enable TCP keepAlive on the Knox >>>>> side has the benefit of not requiring clients to manage the situation. >>>>> >>>>> Regards, >>>>> Vin. >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>> >>
