[RPKI] Tcp keepalives
Tony Tauber
ttauber at 1-4-5.net
Mon Aug 30 17:42:21 UTC 2021
In some early lab testing I did, I noticed that RTR sessions were often
resetting every 10 minutes.
The reason I discerned was there was an intervening firewall which must've
had a 10 minute auto-flush of stale state info.
Rather than trying to fight a losing battle with firewall folks (also with
possible collateral effects), I found it easier to configure the client to
refresh more often.
For example, on Cisco IOS-XR, the "refresh-time 300" parameter (5-minute
refresh) helped my situation.
I haven't yet gotten Routinator v0.10.0 deployed so not sure about what
we're seeing, but architecturally maybe it's weird for the server (vs.
client) to send the keepalives?
Tony
On Fri, Aug 27, 2021 at 4:19 PM Björn Karlsson via RPKI <
rpki at lists.nlnetlabs.nl> wrote:
> Hello,
>
> Did something change with the handling of tcp keepalives between version
> 0.8.2 and 0.10.0?
>
> I recently upgraded one of two servers to 0.10.0 and after the upgrade I
> don’t see keepalives which I do from the 0.8.2 server (and previously,
> before the upgrade, from the upgraded server).
>
> Same configuration for both servers, default:
>
> rtr-tcp-keepalive = 60
>
> When I check with tcpdump there are no keepalives from the 0.10.0 server
> but roughly 75s (system default) from the 0.8.2 version. Also, doing a show
> tcp packet-trace on the Cisco shows the same.
>
> I’m trying to debug a problem where the session to the 0.10.0 server is
> reset roughly once per hour (which is the refresh time). Since the session
> is through a firewall I suspect I need the keepalives..
>
> Thanks,
>
> —BC
>
>
> --
> RPKI mailing list
> RPKI at lists.nlnetlabs.nl
> https://lists.nlnetlabs.nl/mailman/listinfo/rpki
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/rpki/attachments/20210830/09ac1680/attachment.htm>
More information about the RPKI
mailing list