Networker

Re: [Networker] connection reset errors, keepalive registry tweak.

2008-11-18 07:31:19
Subject: Re: [Networker] connection reset errors, keepalive registry tweak.
From: Francis Swasey <Frank.Swasey AT UVM DOT EDU>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Tue, 18 Nov 2008 07:27:25 -0500
The examples are correct, the support person was wrong. You set the KeepAliveTime value to the interval between keepalive packets being transmitted. It has to be a bit less than the most restrictive firewall/gateway you pass through. I've seen times when firewalls were set to 20 minute timeouts -- so, I've set my own keepalive's to 18 minutes.
Frank

On 11/18/08 6:11 AM, Jóhannes Karl Karlsson wrote:
Has anyone here been using the KeepAliveTime registry setting?

I'm getting misleading information about how to configure this setting as 
mentioned in this solution

https://solutions.emc.com/nsepn/webapps/stqv768481dmts46655278/emcsolutionview.asp?id=esg60759

Should the time configured be the time you want the idle TCP connections to 
stay alive or the interval  you want KeepAlive packets to be sent? I need to 
know wheter I should configure this to be 1 hour or 10 hours (which is the time 
it takes to complete the backup).

>From the "Configuring Network Firewalls for a NetWorker Server guide" (P/N 
300-005-739) on powerlink they say:

"The following examples set value of the OS TCP Keep Alive to 57 minutes to be below 
default 60 minute timeout on most firewalls"

And then shows an example where KeepAliveTime is configured to 57 minutes so 
the firewall won't disconnect after 60 minutes.

But from the support person I talked to yesterday at EMC, I could not 
understand otherwise than I should set the total time I want the idle TCP 
connections to stay alive, which is 10 hours ( in milli secs) in our case. That 
did not solve our problems.

Is it necessary to configure the KeepAliveTime both on the backup client as 
well as the backup server?

From: Francis Swasey [mailto:Frank.Swasey AT uvm DOT edu] Sent: 17. nóvember 2008 15:32
To: EMC NetWorker discussion; Jóhannes Karl Karlsson
Subject: Re: [Networker] connection reset errors, keepalive registry tweak.

Hi,
  The thing to remember about the way NetWorker sends data from the client to 
the server is that it is a form of FTP.  There is a control connection and a 
data connection.  It is likely the control connection that is timing out 
because there is absolutely no traffic on that connection while the saveset is 
being sent to the backup server on the data connection.

  I've had to apply keepalive changes to my solaris and linux servers (I 
haven't had to modify any clients) so their control connections do not die 
during those backups that take hours.

Frank

On 11/17/08 9:55 AM, Johannes Karl Karlsson wrote:
Hi.
We're dealing with a problem backing up big files over 100mb Cisco VPN tunnel (encripted). We get "Connection reset by peer" when doing a manual backup from the client after the backup has been running for 10hours. The file is 100GB. EMC is telling us to tweak the registry on the Backup server and the client (both Server 2003 SP2, Legato 7.4.2), as per: https://solutions.emc.com/nsepn/webapps/stqv768481dmts46655278/emcsolutionvi
ew.asp?id=esg60759
That is create this key for both the client and ther server HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\keepal
ivetime
and specify for how many m seconds to keep idle session alive. What I'm wonderig about is whether this could affect something else on the client (Exchange 2007) in a negative way? Or is it a safe operation with security in mind? How are you troubleshooting timeout problems? Any utilities that are useful? To sign off this list, send email to listserv AT listserv.temple DOT edu and type "signoff networker" in the body of the email. Please write to networker-request AT listserv.temple DOT edu if you have any problems with this list. You can access the archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER





--
Frank Swasey                    | http://www.uvm.edu/~fcs
Sr Systems Administrator        | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
 "I am not young enough to know everything." - Oscar Wilde (1854-1900)


To sign off this list, send email to listserv AT listserv.temple DOT edu and type 
"signoff networker" in the body of the email. Please write to networker-request 
AT listserv.temple DOT edu if you have any problems with this list. You can access the 
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER