[RPKI] Tcp keepalives

Martin Hoffmann martin at nlnetlabs.nl
Mon Sep 6 08:20:42 UTC 2021


Hi Björn!

Sorry for the late reply, I was on vacation.

You are correct, keep-alives fell victim to the upgrade to Tokio 1.0
and then we forgot to bring it back. I have re-opened the original
issue[0] with an aim to fix it in the next release.

Apologies and cheers,
Martin


[0]: https://github.com/NLnetLabs/routinator/issues/320

Björn Karlsson via RPKI wrote:
> Yep, that’s the workaround I’ve deployed, more frequent refreshes and
> this helps since fw state info does not timeout. I had a pretty long
> refresh time set before (1h) but since I have Routinator refresh
> timer setup 1h it doesn’t really matter if I decrease the RTR refresh
> timer.
> 
> From looking at the code it seems support for tcp keepalives was
> removed in 0.10.0 since it disappeared from tokio(?). And since it
> used the system default 75s rather the configured 60, it probably
> didn’t work in 0.8.2 either.
> 
> I would argue the default should be to use the system default setting
> rather than no keepalives, though.
> 
> Thanks,
> 
> —BC
> 
> > On 30 Aug 2021, at 19:42, Tony Tauber <ttauber at 1-4-5.net> wrote:
> > 
> > In some early lab testing I did, I noticed that RTR sessions were
> > often resetting every 10 minutes. The reason I discerned was there
> > was an intervening firewall which must've had a 10 minute
> > auto-flush of stale state info. Rather than trying to fight a
> > losing battle with firewall folks (also with possible collateral
> > effects), I found it easier to configure the client to refresh more
> > often. For example, on Cisco IOS-XR, the "refresh-time 300"
> > parameter (5-minute refresh) helped my situation.
> > 
> > I haven't yet gotten Routinator v0.10.0 deployed so not sure about
> > what we're seeing, but architecturally maybe it's weird for the
> > server (vs. client) to send the keepalives?
> > 
> > Tony
> > 
> > On Fri, Aug 27, 2021 at 4:19 PM Björn Karlsson via RPKI
> > <rpki at lists.nlnetlabs.nl <mailto:rpki at lists.nlnetlabs.nl>> wrote:
> > Hello,
> > 
> > Did something change with the handling of tcp keepalives between
> > version 0.8.2 and 0.10.0?
> > 
> > I recently upgraded one of two servers to 0.10.0 and after the
> > upgrade I don’t see keepalives which I do from the 0.8.2 server
> > (and previously, before the upgrade, from the upgraded server).
> > 
> > Same configuration for both servers, default:
> > 
> > rtr-tcp-keepalive = 60
> > 
> > When I check with tcpdump there are no keepalives from the 0.10.0
> > server but roughly 75s (system default) from the 0.8.2 version.
> > Also, doing a show tcp packet-trace on the Cisco shows the same.
> > 
> > I’m trying to debug a problem where the session to the 0.10.0
> > server is reset roughly once per hour (which is the refresh time).
> > Since the session is through a firewall I suspect I need the
> > keepalives..
> > 
> > Thanks,
> > 
> > —BC
> > 
> > 
> > -- 
> > RPKI mailing list
> > RPKI at lists.nlnetlabs.nl <mailto:RPKI at lists.nlnetlabs.nl>
> > https://lists.nlnetlabs.nl/mailman/listinfo/rpki
> > <https://lists.nlnetlabs.nl/mailman/listinfo/rpki>  
> 



More information about the RPKI mailing list