Re: [Qemu-devel] PATCH: enabling TCP keepalives - v3

["Daniel P. Berrange" <berrange@redhat.com>]

On Fri, May 01, 2009 at 06:49:33AM -0600, David Ahern wrote:
> 
> 
> Richard W.M. Jones wrote:
> > On Thu, Apr 30, 2009 at 01:40:42PM -0600, David Ahern wrote:
> >> Did not see a response to the last version.
> >>
> >> This patch enables TCP keepalives on VNC connections and TCP-based char
> >> devices.
> >>
> >> Default parameters have keep alive probes sent after 60-seconds of idle
> >> time. Probes are sent every 12 seconds with the connection resetting
> >> after 5 failed probes (ie., connection is closed if no response received
> >> in 60-seconds).
> > 
> > IMHO this should be optional, and firmly default to _OFF_.  Brief
> > network outages shouldn't result in connections failing all over the
> > place.  In addition, does this negatively impact migration?
> 
> It's not a matter of connections failing; it's a matter of cleaning them
> up for a variety of reasons. Besides the VPN example which motivated
> this patch (i.e, VPN connection drops and when re-established you get a
> differnt IP), there are a lot of networks with very aggressive firewalls
> (e.g., 60-minute timers). Without some sort of keepalive mechanisms
> those firewalls will close the holes and the connections will hang.

You don't neccessarily always get a different IP for VPN connections,
as administrators may well choose to give users a fixed IP for their
VPN client. I'm not entirely against keepalives, but I thing making
it drop the connection after a mere 60 seconds is way too quick, if this
is enabled by default. I'd be more inclined to just have it use the
kernel defaults for timeouts

Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|