Yep, that’s the workaround I’ve deployed, more frequent refreshes and this helps since fw state info does not timeout. I had a pretty long refresh time set before (1h) but since I have Routinator refresh timer setup 1h it doesn’t really matter if I decrease the RTR refresh timer.
From looking at the code it seems support for tcp keepalives was removed in 0.10.0 since it disappeared from tokio(?). And since it used the system default 75s rather the configured 60, it probably didn’t work in 0.8.2 either. I would argue the default should be to use the system default setting rather than no keepalives, though. Thanks, —BC > On 30 Aug 2021, at 19:42, Tony Tauber <ttau...@1-4-5.net> wrote: > > In some early lab testing I did, I noticed that RTR sessions were often > resetting every 10 minutes. > The reason I discerned was there was an intervening firewall which must've > had a 10 minute auto-flush of stale state info. > Rather than trying to fight a losing battle with firewall folks (also with > possible collateral effects), I found it easier to configure the client to > refresh more often. > For example, on Cisco IOS-XR, the "refresh-time 300" parameter (5-minute > refresh) helped my situation. > > I haven't yet gotten Routinator v0.10.0 deployed so not sure about what we're > seeing, but architecturally maybe it's weird for the server (vs. client) to > send the keepalives? > > Tony > > On Fri, Aug 27, 2021 at 4:19 PM Björn Karlsson via RPKI > <rpki@lists.nlnetlabs.nl <mailto:rpki@lists.nlnetlabs.nl>> wrote: > Hello, > > Did something change with the handling of tcp keepalives between version > 0.8.2 and 0.10.0? > > I recently upgraded one of two servers to 0.10.0 and after the upgrade I > don’t see keepalives which I do from the 0.8.2 server (and previously, before > the upgrade, from the upgraded server). > > Same configuration for both servers, default: > > rtr-tcp-keepalive = 60 > > When I check with tcpdump there are no keepalives from the 0.10.0 server but > roughly 75s (system default) from the 0.8.2 version. Also, doing a show tcp > packet-trace on the Cisco shows the same. > > I’m trying to debug a problem where the session to the 0.10.0 server is reset > roughly once per hour (which is the refresh time). Since the session is > through a firewall I suspect I need the keepalives.. > > Thanks, > > —BC > > > -- > RPKI mailing list > RPKI@lists.nlnetlabs.nl <mailto:RPKI@lists.nlnetlabs.nl> > https://lists.nlnetlabs.nl/mailman/listinfo/rpki > <https://lists.nlnetlabs.nl/mailman/listinfo/rpki>
-- RPKI mailing list RPKI@lists.nlnetlabs.nl https://lists.nlnetlabs.nl/mailman/listinfo/rpki
