|
From: | John Haxby |
Subject: | Re: [Qemu-devel] PATCH: enabling TCP keepalives - v3 |
Date: | Fri, 01 May 2009 17:11:40 +0100 |
User-agent: | Thunderbird 2.0.0.21 (X11/20090320) |
Avi Kivity wrote:
Two hours is typically too long and 60 seconds is overly aggressive. Connection tracking devices often have a 10 minute timeout for idle connections -- the connection will magically evaporate after 600s of idle time.Daniel P. Berrange wrote:You don't neccessarily always get a different IP for VPN connections, as administrators may well choose to give users a fixed IP for their VPN client. I'm not entirely against keepalives, but I thing making it drop the connection after a mere 60 seconds is way too quick, if this is enabled by default. I'd be more inclined to just have it use the kernel defaults for timeoutsThat's around two hours.I understand the wariness when it comes to dropping connections, but vnc is a reconnectable protocol; it isn't like you lose any data. If the connection drops for two minutes it is useless anyway.
In my experience, VPN connections usually last hours if there's a keepalive of some sort keeping them going. It doesn't matter what the keepalive is, just so long as there's _some_ traffic keeping it ticking over. Usually it's enough to set the default keepalive time (sysctl -w net.ipv4.tcp_keepalive_time=540, for example) -- in some cases keepalives don't make it through the network and you need some sort of application ping, but that's comparatively unusual.
From a Linux perspective, I'd be inclined to just enable keepalives on the connection and let the user set the default keepalive interval if it's needed.
For those people that have seriously dodgy VPN connections that no amount of keepalive will keep up, they need some alternative. Probably starting with a new VPN :-)
jch
[Prev in Thread] | Current Thread | [Next in Thread] |