From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1M19W0-0003Y3-2r for qemu-devel@nongnu.org; Mon, 04 May 2009 21:32:12 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1M19Vv-0003WO-3E for qemu-devel@nongnu.org; Mon, 04 May 2009 21:32:11 -0400 Received: from [199.232.76.173] (port=38038 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1M19Vu-0003WH-Qa for qemu-devel@nongnu.org; Mon, 04 May 2009 21:32:06 -0400 Received: from mail2.shareable.org ([80.68.89.115]:34712) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1M19Vu-00051z-8A for qemu-devel@nongnu.org; Mon, 04 May 2009 21:32:06 -0400 Date: Tue, 5 May 2009 02:31:58 +0100 From: Jamie Lokier Subject: Re: [Qemu-devel] PATCH: enabling TCP keepalives - v3 Message-ID: <20090505013158.GB12731@shareable.org> References: <49F9FEBA.6050901@gmail.com> <20090501113204.GA10763@amd.home.annexia.org> <49FAEFDD.2070002@gmail.com> <20090501152312.GH13308@redhat.com> <49FB1979.1070706@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <49FB1979.1070706@gmail.com> List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: David Ahern Cc: qemu-devel@nongnu.org, Paul Brook , "Richard W.M. Jones" David Ahern wrote: > > You don't neccessarily always get a different IP for VPN connections, > > as administrators may well choose to give users a fixed IP for their > > VPN client. I'm not entirely against keepalives, but I thing making > > Agreed, you don't always get a different IP on reconnects, but in my > case you do. Also, VPN users have no control over that; they just > see/cause dead connections. Sometimes I use a VPN to keep connections going when the underlying network changes. E.g. when suspend the laptop at work, taking it home, resuming, my personal VPN means some connections (such as SSH sessions) are not broken despite a short commute with the laptop off, and waking up on a different network :-) This is also handy when switching between a house network and a mobile 3G network, or between wireless networks. SSH sessions continue working because of the stable VPN on top. For this I don't care about the encryption aspect so much as the VPN's ability to maintain a stable IP despite the underlying network changing. So it does get used that way. > The parameters I put in cause a drop after 2 minutes of no response -- > 60 seconds of idle (no data through the socket) followed by 60 seconds > of failed probes. The default parameters for linux are harsh: 7 hours of > idle time before the first keepalive is sent. Is 7 hours a problem worth overriding the kernel defaults for? How many old VNC sessions are likely to get accumulated in that time? 2 minutes is a bit fast for a truly idle session, but as I said in another response, if you have data sent by either end, then the session will be broken by the lack of response in about 2 minutes anyway - without keepalives. -- Jamie