Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: iptables/backups/sound files fixed

2005-11-21 15:18:46
Subject: Re: iptables/backups/sound files fixed
From: Glenn English <ghe AT slsware DOT com>
To: amanda-users <amanda-users AT amanda DOT org>, alsa list <alsa-user AT lists.sourceforge DOT net>, debian list <debian-user AT lists.debian DOT org>
Date: Mon, 21 Nov 2005 12:52:52 -0700 
On Sun, 2005-11-20 at 19:36 +0100, Paul Bijnens wrote:

> > Turns out the problem was the iptables packet filter on the amanda
> > client. iptables has a timeout for idle TCP connections that was
> > breaking the connection to the server before the initial estimate of the
> > backup size was done (because it took so long to go through the huge
> > DLE).
> > 
> > The solution is to decrease the time between keepalive packets:
> > 
> > 'echo 90 > /proc/sys/net/ipv4/tcp_keepalive_time'

> I don't think this will help, because the estimates are exchanged
> using UDP traffic.
> 
> The backups are send over a TCP connection, but there you'll rarely
> need to increase some timeout.
> 
> Are you realy 100% sure that it was this setting that made your
> backups succeed?

The setting did it, but my understanding of why is wrong. 

As I said to Paul off list, I put the default value back and watched
last night's backup.

The three ~12GB estimates came in, and the timeouts happened during the
data transfers (Connection reset by peer). I don't understand this.
iptables times out and breaks a TCP connection on time, even if 100% of
the bandwidth of that connection is being used?? I doubt it

I set the timeout to 90 and reran a backup by hand. The data transfers
are working. 

In other words, increasing iptables' TCP timeout seems to be necessary
for amanda backups of huge DLEs, but I don't understand why.

...

It says in the amanda dox ( http://www.amanda.org/docs/portusage.html )

> AMANDA also uses TCP connections for transmitting the backup image,
> messages and (optionally) the index list from a client back to the
> dumper process on the tape server. A process called sendbackup is
> started by amandad on the client. It creates two (or three, if
> indexing is enabled) TCP sockets and sends their port numbers back to
> dumper in a UDP message. Then dumper creates and binds TCP sockets on
> its side and connects to the waiting sendbackup.

This sounds a lot like FTP to me. Maybe it's the messages connection
that's timing out.


-- 
Glenn English
ghe AT slsware DOT com
GPG ID: D0D7FF20
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: iptables/backups/sound files fixed, Paul Bijnens
Next by Date:  Re: iptables/backups/sound files fixed, Paul Bijnens
Previous by Thread:  Re: iptables/backups/sound files fixed, Paul Bijnens
Next by Thread:  Re: iptables/backups/sound files fixed, Paul Bijnens
Indexes:  [Date] [Thread] [Top] [All Lists]