|
Re: [Networker] connection reset errors, keepalive registry tweak.
2008-11-18 08:24:43
Idle sessions in themselves aren't bad. Once the TCP session is closed by the
applications, the sessions will end. It's only on sessions that aren't sending
data (idle) that firewalls close due to limited resources. Without a firewall,
idle sessions are always kept open and are normal. Once the backup finishes,
there won't be any idle sessions open.
-----Original Message-----
From: EMC NetWorker discussion [mailto:NETWORKER AT LISTSERV.TEMPLE DOT EDU] On
Behalf Of Jóhannes Karl Karlsson
Sent: Tuesday, November 18, 2008 8:16 AM
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Subject: Re: [Networker] connection reset errors, keepalive registry tweak.
Thanks!
What about KeepAliveInterval? Have you been using that as well? Microsoft
explanation: " Determines how often TCP repeats keep-alive transmissions when
no response is received"
I'd rather not configure the KeepAliveTime registry setting on the backup
clients If possible. It could affect some other services and put extra load on
the backup client keeping idle sessions open that don't need to be open.
And: If you configure the KeepAliveTime to be less thant the most restrictive
firewall rule: What will eventually close idle sessions then? Will the sessions
just pile up?
-----Original Message-----
From: EMC NetWorker discussion [mailto:NETWORKER AT LISTSERV.TEMPLE DOT EDU] On
Behalf Of Francis Swasey
Sent: 18. nóvember 2008 12:27
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Subject: Re: [Networker] connection reset errors, keepalive registry tweak.
The examples are correct, the support person was wrong. You set the
KeepAliveTime value to the interval between keepalive packets being
transmitted. It has to be a bit less than the most restrictive
firewall/gateway you pass through. I've seen times when firewalls were
set to 20 minute timeouts -- so, I've set my own keepalive's to 18
minutes.
Frank
On 11/18/08 6:11 AM, Jóhannes Karl Karlsson wrote:
> Has anyone here been using the KeepAliveTime registry setting?
>
>
>
> I'm getting misleading information about how to configure this setting as
> mentioned in this solution
>
>
>
> https://solutions.emc.com/nsepn/webapps/stqv768481dmts46655278/emcsolutionview.asp?id=esg60759
>
>
>
>
>
> Should the time configured be the time you want the idle TCP connections to
> stay alive or the interval you want KeepAlive packets to be sent? I need to
> know wheter I should configure this to be 1 hour or 10 hours (which is the
> time it takes to complete the backup).
>
>
>
> >From the "Configuring Network Firewalls for a NetWorker Server guide" (P/N
> >300-005-739) on powerlink they say:
>
>
>
> "The following examples set value of the OS TCP Keep Alive to 57 minutes to
> be below default 60 minute timeout on most firewalls"
>
> And then shows an example where KeepAliveTime is configured to 57 minutes so
> the firewall won't disconnect after 60 minutes.
>
>
>
> But from the support person I talked to yesterday at EMC, I could not
> understand otherwise than I should set the total time I want the idle TCP
> connections to stay alive, which is 10 hours ( in milli secs) in our case.
> That did not solve our problems.
>
>
>
> Is it necessary to configure the KeepAliveTime both on the backup client as
> well as the backup server?
>
>
>
>
>
>
>
> From: Francis Swasey [mailto:Frank.Swasey AT uvm DOT edu]
> Sent: 17. nóvember 2008 15:32
> To: EMC NetWorker discussion; Jóhannes Karl Karlsson
> Subject: Re: [Networker] connection reset errors, keepalive registry tweak.
>
>
>
> Hi,
> The thing to remember about the way NetWorker sends data from the client to
> the server is that it is a form of FTP. There is a control connection and a
> data connection. It is likely the control connection that is timing out
> because there is absolutely no traffic on that connection while the saveset
> is being sent to the backup server on the data connection.
>
> I've had to apply keepalive changes to my solaris and linux servers (I
> haven't had to modify any clients) so their control connections do not die
> during those backups that take hours.
>
> Frank
>
> On 11/17/08 9:55 AM, Johannes Karl Karlsson wrote:
>
> Hi.
>
> We're dealing with a problem backing up big files over 100mb Cisco VPN
> tunnel (encripted). We get "Connection reset by peer" when doing a manual
> backup from the client after the backup has been running for 10hours. The
> file is 100GB.
>
> EMC is telling us to tweak the registry on the Backup server and the client
> (both Server 2003 SP2, Legato 7.4.2), as per:
>
> https://solutions.emc.com/nsepn/webapps/stqv768481dmts46655278/emcsolutionvi
> ew.asp?id=esg60759
>
> That is create this key for both the client and ther server
>
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\keepal
> ivetime
>
> and specify for how many m seconds to keep idle session alive.
>
> What I'm wonderig about is whether this could affect something else on the
> client (Exchange 2007) in a negative way? Or is it a safe operation with
> security in mind?
>
> How are you troubleshooting timeout problems? Any utilities that are useful?
>
> To sign off this list, send email to listserv AT listserv.temple DOT edu and
> type "signoff networker" in the body of the email. Please write to
> networker-request AT listserv.temple DOT edu if you have any problems with
> this list. You can access the archives at
> http://listserv.temple.edu/archives/networker.html or
> via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
>
>
>
>
>
>
>
--
Frank Swasey | http://www.uvm.edu/~fcs
Sr Systems Administrator | Always remember: You are UNIQUE,
University of Vermont | just like everyone else.
"I am not young enough to know everything." - Oscar Wilde (1854-1900)
To sign off this list, send email to listserv AT listserv.temple DOT edu and
type "signoff networker" in the body of the email. Please write to
networker-request AT listserv.temple DOT edu if you have any problems with this
list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
To sign off this list, send email to listserv AT listserv.temple DOT edu and
type "signoff networker" in the body of the email. Please write to
networker-request AT listserv.temple DOT edu if you have any problems with this
list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
To sign off this list, send email to listserv AT listserv.temple DOT edu and
type "signoff networker" in the body of the email. Please write to
networker-request AT listserv.temple DOT edu if you have any problems with this
list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Networker] connection reset errors, keepalive registry tweak., Johannes Karl Karlsson
- Re: [Networker] connection reset errors, keepalive registry tweak., Francis Swasey
- Re: [Networker] connection reset errors, keepalive registry tweak., Jóhannes Karl Karlsson
- Re: [Networker] connection reset errors, keepalive registry tweak., Matthew Huff
- Re: [Networker] connection reset errors, keepalive registry tweak., Francis Swasey
- Re: [Networker] connection reset errors, keepalive registry tweak., Jóhannes Karl Karlsson
- Re: [Networker] connection reset errors, keepalive registry tweak.,
Matthew Huff <=
- Re: [Networker] connection reset errors, keepalive registry tweak., Yaron Zabary
- Re: [Networker] connection reset errors, keepalive registry tweak., Yaron Zabary
|
|
|
