tony wrote:
> Hello,
>
> Have 3 licence servers on Redhat FC2, two of them with a firewall
> between them.
Can we infer that 2 of them have no firewall between them?
> They are allegedly not talking properly to each other.
> They do every 30 mins a handshake, but something is going wrong.
Every 30 minutes a connection request/setup takes place? Exchange
messages and then close connection?
> It has been suggested that the tcp keep alive is set too low, but it
> is about 2 hours - ie longer than 30 mins.
The default of 2 hours (7200 secs) must elapse before keep alive probes
are sent. If the connections are closing, this won't matter anyway.
If the connections are meant to remain open "all the time", but
messages are exchanged every 30 minutes, then I would expect the apps
to maintain connection status/time outs on their own. TCP keep alive
timers are system wide and apps that need to remain connected
will/should implement some sort of heartbeat probe rather than depend
on system keep alive timers (IMHO).
> Another suggestion is that the firewall is blocked by the firewall.
> Have not yet managed to look into this - no login on the firewall
box,
> but is this plausible/likely? And how could it be fixed?
I would expect that if you have two machines without a firewall between
them that work "properly" while two machines _with_ a firewall between
them do _not_ work "properly" that your problem lies with the firewall
config. But how would they establish an initial connection? With app
specific info/documentation and packets sniffed from the wire you
should be able to figure out what is "wrong".
It's not really clear just how these connections are intended to behave
in their 30 minute cycles. New connection/tear down every 30 minutes
or an on ongoing connection that is used to exchange messages every 30
minutes?
Note that "keep alive" is something of a misnomer. It would be more
accurate, perhaps, to think of them as "are you alive" probes that are
meant to confirm reachability after the tcp_keepalive_time has expired.
In other words, "if you don't respond, I'm closing this connection."
TCP connections remain open till _explicitly_ closed. TCP keep alive
timers are not part of the TCP specs/RFCs per se, though "Host
Requirements" does note app timers (timeouts) possible use/misuse.
See:
http://ipsysctl-tutorial.frozentux.n...al.html#AEN375
and
Stevens, "TCP/IP Illustrated, Vol 1", chapter 23, TCP Keepalive Timer.
http://www.faqs.org/rfcs/rfc1122.html
http://www.faqs.org/rfcs/rfc1123.html
hth,
prg
Similar Threads
Linear Mode
