qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
From: John Haxby <john.haxby@oracle.com>
To: Avi Kivity <avi@redhat.com>
Cc: David Ahern <dsahern@gmail.com>,
	qemu-devel@nongnu.org, "Richard W.M. Jones" <rjones@redhat.com>
Subject: Re: [Qemu-devel] PATCH: enabling TCP keepalives - v3
Date: Fri, 01 May 2009 17:11:40 +0100	[thread overview]
Message-ID: <49FB1F3C.8080805@oracle.com> (raw)
In-Reply-To: <49FB1AC3.2040804@redhat.com>

Avi Kivity wrote:
> Daniel P. Berrange wrote:
>> You don't neccessarily always get a different IP for VPN connections,
>> as administrators may well choose to give users a fixed IP for their
>> VPN client. I'm not entirely against keepalives, but I thing making
>> it drop the connection after a mere 60 seconds is way too quick, if this
>> is enabled by default. I'd be more inclined to just have it use the
>> kernel defaults for timeouts
>>   
>
> That's around two hours.
>
> I understand the wariness when it comes to dropping connections, but 
> vnc is a reconnectable protocol; it isn't like you lose any data.  If 
> the connection drops for two minutes it is useless anyway.
>
Two hours is typically too long and 60 seconds is overly aggressive.  
Connection tracking devices often have a 10 minute timeout for idle 
connections -- the connection will magically evaporate after 600s of 
idle time.

In my experience, VPN connections usually last hours if there's a 
keepalive of some sort keeping them going.  It doesn't matter what the 
keepalive is, just so long as there's _some_ traffic keeping it ticking 
over.  Usually it's enough to set the default keepalive time (sysctl -w 
net.ipv4.tcp_keepalive_time=540, for example) -- in some cases 
keepalives don't make it through the network and you need some sort of 
application ping, but that's comparatively unusual.

 From a Linux perspective, I'd be inclined to just enable keepalives on 
the connection and let the user set the default keepalive interval if 
it's needed.

For those people that have seriously dodgy VPN connections that no 
amount of keepalive will keep up, they need some alternative.   Probably 
starting with a new VPN :-)

jch

  reply	other threads:[~2009-05-01 16:12 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-04-30 19:40 [Qemu-devel] PATCH: enabling TCP keepalives - v3 David Ahern
2009-05-01 11:32 ` Richard W.M. Jones
2009-05-01 12:23   ` Jamie Lokier
2009-05-01 12:49   ` David Ahern
2009-05-01 15:23     ` Daniel P. Berrange
2009-05-01 15:47       ` David Ahern
2009-05-01 17:21         ` Richard W.M. Jones
2009-05-05  1:31         ` Jamie Lokier
2009-05-05  2:59           ` David Ahern
2009-05-01 15:52       ` Avi Kivity
2009-05-01 16:11         ` John Haxby [this message]
2009-05-05  1:35           ` Jamie Lokier
2009-05-01 14:43 ` Anthony Liguori
2009-05-01 14:47   ` David Ahern
2009-05-01 14:51     ` Anthony Liguori
2009-05-01 15:16       ` Paul Brook
2009-05-01 15:57         ` Anthony Liguori
2009-05-01 16:04           ` Paul Brook
2009-05-01 16:11             ` David Ahern

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=49FB1F3C.8080805@oracle.com \
    --to=john.haxby@oracle.com \
    --cc=avi@redhat.com \
    --cc=dsahern@gmail.com \
    --cc=qemu-devel@nongnu.org \
    --cc=rjones@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).