Mailing List Archive: add keepalives as an options to the console tool

add keepalives as an options to the console tool

May 1, 2014, 8:27 AM

Post #1 of 7 (3488 views)

hello,
wanted to mention something that I think would be pretty simple to add,
though its clearly a rare issue.

in our case we have several datacenters connected by vpn links. like
most vpns it watches for stale sessions and clears them to keep its
state tables reasonably clean. what was happening was if you were
working with the console tool on a device and lets say were waiting to
see output or just leaving the connection open for later work you would
often find the tcp connection between "console" and the remote
conserver. this was only mildly annoying but since when do we not fix
the mildly annoying :)

I took the easy way out and am using libkeepalive to send keepalives on
my console connections however it would be a nice to have to add a flag
to console to be able to set the tcp_keepalives on the ssl connections
it makes.

-denis

--
__________________________
Denis Alan Hainsworth
denis@alumni.brandeis.edu
_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users

Re: add keepalives as an options to the console tool [ In reply to ]

denis at alumni

May 1, 2014, 12:02 PM

Post #2 of 7 (3436 views)

Permalink

On Thu, May 01, 2014 at 06:08:37AM -0500, Joe Greco wrote:
> > hello,
> > wanted to mention something that I think would be pretty simple to add,
> > though its clearly a rare issue.
> >
> > in our case we have several datacenters connected by vpn links. like
> > most vpns it watches for stale sessions and clears them to keep its
> > state tables reasonably clean. what was happening was if you were
> > working with the console tool on a device and lets say were waiting to
> > see output or just leaving the connection open for later work you would
> > often find the tcp connection between "console" and the remote
> > conserver. this was only mildly annoying but since when do we not fix
> > the mildly annoying :)
> >
> > I took the easy way out and am using libkeepalive to send keepalives on
> > my console connections however it would be a nice to have to add a flag
> > to console to be able to set the tcp_keepalives on the ssl connections
> > it makes.
>
> Why don't you just enable keepalives globally? On FreeBSD for example
> that's been net.inet.tcp.always_keepalive=1 for many years.

Its certainly one option but folks dont always have access to the global
options or your IT/sysadmin dept may not want to for valid/invalid
reasons. I always like when I can enable such things on a per program
basis.

-denis
_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users

Re: add keepalives as an options to the console tool [ In reply to ]

bryan at conserver

May 1, 2014, 12:55 PM

Post #3 of 7 (3423 views)

Permalink

I think having keepalives between client and server has, basically, been an oversight. They are enabled (when possible) from server to console. I've attached a quick patch (based on 8.2.0) that compiles and passes "make test". But that's the extent of the effort on my side so far. I'd love to know if it solves your problem, as it'll go in 8.2.1.

Bryan

Re: add keepalives as an options to the console tool [ In reply to ]

denis at alumni

May 1, 2014, 2:06 PM

Post #4 of 7 (3418 views)

Permalink

Hey Bryan,
I'll try to test it out soonish. Does it use the OS default keepalive
settings? As linux's is like 2 hours whch is well over when most
firewalls will kill off a session with no traffic.

This is why i was thinking of it more as a confurable setting. Also
that would allow people who maybe are on sketchy lab networks and would
rather not have keepalives tearing down things, to be able seet them
high or disable them.

-denis

On Thu, May 01, 2014 at 12:55:48PM -0700, Bryan Stansell wrote:
> I think having keepalives between client and server has, basically, been an oversight. They are enabled (when possible) from server to console. I've attached a quick patch (based on 8.2.0) that compiles and passes "make test". But that's the extent of the effort on my side so far. I'd love to know if it solves your problem, as it'll go in 8.2.1.
>
> Bryan
>

>
>
>
> On May 1, 2014, at 12:02 PM, Denis Hainsworth <denis@alumni.brandeis.edu> wrote:
>
> > On Thu, May 01, 2014 at 06:08:37AM -0500, Joe Greco wrote:
> >>> hello,
> >>> wanted to mention something that I think would be pretty simple to add,
> >>> though its clearly a rare issue.
> >>>
> >>> in our case we have several datacenters connected by vpn links. like
> >>> most vpns it watches for stale sessions and clears them to keep its
> >>> state tables reasonably clean. what was happening was if you were
> >>> working with the console tool on a device and lets say were waiting to
> >>> see output or just leaving the connection open for later work you would
> >>> often find the tcp connection between "console" and the remote
> >>> conserver. this was only mildly annoying but since when do we not fix
> >>> the mildly annoying :)
> >>>
> >>> I took the easy way out and am using libkeepalive to send keepalives on
> >>> my console connections however it would be a nice to have to add a flag
> >>> to console to be able to set the tcp_keepalives on the ssl connections
> >>> it makes.
> >>
> >> Why don't you just enable keepalives globally? On FreeBSD for example
> >> that's been net.inet.tcp.always_keepalive=1 for many years.
> >
> > Its certainly one option but folks dont always have access to the global
> > options or your IT/sysadmin dept may not want to for valid/invalid
> > reasons. I always like when I can enable such things on a per program
> > basis.
> >
> > -denis
> > _______________________________________________
> > users mailing list
> > users@conserver.com
> > https://www.conserver.com/mailman/listinfo/users
>

> _______________________________________________
> users mailing list
> users@conserver.com
> https://www.conserver.com/mailman/listinfo/users

--
__________________________
Denis Alan Hainsworth
denis@alumni.brandeis.edu
_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users

Re: add keepalives as an options to the console tool [ In reply to ]

bryan at conserver

May 1, 2014, 2:26 PM

Post #5 of 7 (3419 views)

Permalink

My knowledge on any keepalive "tuning" is minimal. But, looking at tcp(7) on a linux host, it looks like there are TCP options like TCP_KEEPIDLE that allow you to override the system-level settings, but they are linux specific and it says portable code should not use these options.

So, as far as I understood things (and still do), there's no generic way to adjust timings. Obviously, it *could* be a linux-specific feature, but that seems non-ideal. Maybe a console<->conserver keepalive would be best (akin to openssh "server alive" messages)...

If anyone wants to educate me on tuning keepalives (in a portable way), I'm all ears... ;-)

I'll be thinking about things...

Bryan

On May 1, 2014, at 2:06 PM, Denis Hainsworth <denis@alumni.brandeis.edu> wrote:

> Hey Bryan,
> I'll try to test it out soonish. Does it use the OS default keepalive
> settings? As linux's is like 2 hours whch is well over when most
> firewalls will kill off a session with no traffic.
>
> This is why i was thinking of it more as a confurable setting. Also
> that would allow people who maybe are on sketchy lab networks and would
> rather not have keepalives tearing down things, to be able seet them
> high or disable them.
>
> -denis
>
> On Thu, May 01, 2014 at 12:55:48PM -0700, Bryan Stansell wrote:
>> I think having keepalives between client and server has, basically, been an oversight. They are enabled (when possible) from server to console. I've attached a quick patch (based on 8.2.0) that compiles and passes "make test". But that's the extent of the effort on my side so far. I'd love to know if it solves your problem, as it'll go in 8.2.1.
>>
>> Bryan
>>
>
>
>>
>>
>>
>> On May 1, 2014, at 12:02 PM, Denis Hainsworth <denis@alumni.brandeis.edu> wrote:
>>
>>> On Thu, May 01, 2014 at 06:08:37AM -0500, Joe Greco wrote:
>>>>> hello,
>>>>> wanted to mention something that I think would be pretty simple to add,
>>>>> though its clearly a rare issue.
>>>>>
>>>>> in our case we have several datacenters connected by vpn links. like
>>>>> most vpns it watches for stale sessions and clears them to keep its
>>>>> state tables reasonably clean. what was happening was if you were
>>>>> working with the console tool on a device and lets say were waiting to
>>>>> see output or just leaving the connection open for later work you would
>>>>> often find the tcp connection between "console" and the remote
>>>>> conserver. this was only mildly annoying but since when do we not fix
>>>>> the mildly annoying :)
>>>>>
>>>>> I took the easy way out and am using libkeepalive to send keepalives on
>>>>> my console connections however it would be a nice to have to add a flag
>>>>> to console to be able to set the tcp_keepalives on the ssl connections
>>>>> it makes.
>>>>
>>>> Why don't you just enable keepalives globally? On FreeBSD for example
>>>> that's been net.inet.tcp.always_keepalive=1 for many years.
>>>
>>> Its certainly one option but folks dont always have access to the global
>>> options or your IT/sysadmin dept may not want to for valid/invalid
>>> reasons. I always like when I can enable such things on a per program
>>> basis.
>>>
>>> -denis
>>> _______________________________________________
>>> users mailing list
>>> users@conserver.com
>>> https://www.conserver.com/mailman/listinfo/users
>>
>
>> _______________________________________________
>> users mailing list
>> users@conserver.com
>> https://www.conserver.com/mailman/listinfo/users
>
>
> --
> __________________________
> Denis Alan Hainsworth
> denis@alumni.brandeis.edu

_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users

Re: add keepalives as an options to the console tool [ In reply to ]

cfowler at outpostsentinel

May 1, 2014, 2:35 PM

Post #6 of 7 (3419 views)

Permalink

On 05/01/2014 05:26 PM, Bryan Stansell wrote:
> My knowledge on any keepalive "tuning" is minimal. But, looking at tcp(7) on a linux host, it looks like there are TCP options like TCP_KEEPIDLE that allow you to override the system-level settings, but they are linux specific and it says portable code should not use these options.
>
> So, as far as I understood things (and still do), there's no generic way to adjust timings. Obviously, it *could* be a linux-specific feature, but that seems non-ideal. Maybe a console<->conserver keepalive would be best (akin to openssh "server alive" messages)...
>
> If anyone wants to educate me on tuning keepalives (in a portable way), I'm all ears... ;-)
>
> I'll be thinking about things...
echo 300 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 1 > /proc/sys/net/ipv4/tcp_keepalive_probes

This adjusts it for the server. How important is keeping the connection
alive? When you are only receiving from the remote target then it is
very important.

Chris
_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users

Re: add keepalives as an options to the console tool [ In reply to ]

denis at alumni

May 1, 2014, 3:45 PM

Post #7 of 7 (3418 views)

Permalink

Hmm. I have no clue how to write portable code ;)

these guys seem to be discussing such things

https://github.com/automatak/dnp3/issues/38

That being said if basic keepalive settings are not tweakable with other
builds I'd say just add it as a linux only feature for now.
Me and one other dude are probably the only ones that will find it
useful :)
-denis

On Thu, May 01, 2014 at 02:26:02PM -0700, Bryan Stansell wrote:
> My knowledge on any keepalive "tuning" is minimal. But, looking at tcp(7) on a linux host, it looks like there are TCP options like TCP_KEEPIDLE that allow you to override the system-level settings, but they are linux specific and it says portable code should not use these options.
>
> So, as far as I understood things (and still do), there's no generic way to adjust timings. Obviously, it *could* be a linux-specific feature, but that seems non-ideal. Maybe a console<->conserver keepalive would be best (akin to openssh "server alive" messages)...
>
> If anyone wants to educate me on tuning keepalives (in a portable way), I'm all ears... ;-)
>
> I'll be thinking about things...
>
> Bryan
>
> On May 1, 2014, at 2:06 PM, Denis Hainsworth <denis@alumni.brandeis.edu> wrote:
>
> > Hey Bryan,
> > I'll try to test it out soonish. Does it use the OS default keepalive
> > settings? As linux's is like 2 hours whch is well over when most
> > firewalls will kill off a session with no traffic.
> >
> > This is why i was thinking of it more as a confurable setting. Also
> > that would allow people who maybe are on sketchy lab networks and would
> > rather not have keepalives tearing down things, to be able seet them
> > high or disable them.
> >
> > -denis
> >
> > On Thu, May 01, 2014 at 12:55:48PM -0700, Bryan Stansell wrote:
> >> I think having keepalives between client and server has, basically, been an oversight. They are enabled (when possible) from server to console. I've attached a quick patch (based on 8.2.0) that compiles and passes "make test". But that's the extent of the effort on my side so far. I'd love to know if it solves your problem, as it'll go in 8.2.1.
> >>
> >> Bryan
> >>
> >
> >
> >>
> >>
> >>
> >> On May 1, 2014, at 12:02 PM, Denis Hainsworth <denis@alumni.brandeis.edu> wrote:
> >>
> >>> On Thu, May 01, 2014 at 06:08:37AM -0500, Joe Greco wrote:
> >>>>> hello,
> >>>>> wanted to mention something that I think would be pretty simple to add,
> >>>>> though its clearly a rare issue.
> >>>>>
> >>>>> in our case we have several datacenters connected by vpn links. like
> >>>>> most vpns it watches for stale sessions and clears them to keep its
> >>>>> state tables reasonably clean. what was happening was if you were
> >>>>> working with the console tool on a device and lets say were waiting to
> >>>>> see output or just leaving the connection open for later work you would
> >>>>> often find the tcp connection between "console" and the remote
> >>>>> conserver. this was only mildly annoying but since when do we not fix
> >>>>> the mildly annoying :)
> >>>>>
> >>>>> I took the easy way out and am using libkeepalive to send keepalives on
> >>>>> my console connections however it would be a nice to have to add a flag
> >>>>> to console to be able to set the tcp_keepalives on the ssl connections
> >>>>> it makes.
> >>>>
> >>>> Why don't you just enable keepalives globally? On FreeBSD for example
> >>>> that's been net.inet.tcp.always_keepalive=1 for many years.
> >>>
> >>> Its certainly one option but folks dont always have access to the global
> >>> options or your IT/sysadmin dept may not want to for valid/invalid
> >>> reasons. I always like when I can enable such things on a per program
> >>> basis.
> >>>
> >>> -denis
> >>> _______________________________________________
> >>> users mailing list
> >>> users@conserver.com
> >>> https://www.conserver.com/mailman/listinfo/users
> >>
> >
> >> _______________________________________________
> >> users mailing list
> >> users@conserver.com
> >> https://www.conserver.com/mailman/listinfo/users
> >
> >
> > --
> > __________________________
> > Denis Alan Hainsworth
> > denis@alumni.brandeis.edu
>
>
> _______________________________________________
> users mailing list
> users@conserver.com
> https://www.conserver.com/mailman/listinfo/users

--
__________________________
Denis Alan Hainsworth
denis@alumni.brandeis.edu
_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users

Mailing List Archive

Mailing List Archive

Attached Files: