[Techtalk] Re: Techtalk digest, Vol 1 #429 - 1 msg

Raven, corporate courtesan raven at oneeyedcrow.net
Mon Apr 8 18:20:07 EST 2002 

Heya --

Quoth Malcolm Tredinnick (Sun, Apr 07, 2002 at 09:35:51AM +1000):
> My understanding from reading this and the last post is that nothing is
> wrong. An attempt at an explanation follows:

	Yeah -- that does look like a normal ssh setup and teardown.  I
agree with Malcolm's take on what's going on.
 
> KeepAlive is probably slightly misnamed in ssh. It really functions as a
> "detect if I'm dead and terminate" and does actually keep your session
> alive. :-( The option exists so that you know _immediately_ if there is
> a hiccough in the middle of the route between your end points. How it
> does this without actually keeping the link active is beyond my ken, but
> the behaviour being talked about in this thread is pretty common and not
> considered unusual (apparently).

	A keepalive is just a particular sort of packet sent over a
connection at a known interval -- every 1 second, or some such.  If you
don't recieve a keepalive every second and you know the other side's
meant to be sending them, you know something bad has happened to it and
the connection has died.  Usually most protocols that do keepalives will
allow you to miss three or so before they declare the connection dead,
in case of temporary network problems or something.  I don't know the
particulars for ssh keepalives as to what's missing enough to be dead,
but I think the keepalive packets are sent fairly rarely -- every 5
minutes or something like that, and 15 minutes to declared death of
connection on the server end.

	One of the big reasons for keepalives is for the benefit of the
server.  If the server doesn't have a way of detecting dead connections,
it will eventually end up with a lot of old, dead connections sitting
there, using up ports and a bit of memory.  Keepalive lets the server
go, "Oh, you client, you're not there anymore.  Reclaiming port 39427."
This is especially nice for situations where the client couldn't or
didn't close the connection gracefully, and so the server can know the
connection has died even without a "hey, I'm disconnecting now" from the
client.

	This sort of problem can also be caused by stateful firewalls
sometimes.  If they don't see data crossing a connection for long
enough, they can remove it as an active connection from their list, and
any new packets in that session are dropped, and the connection dies.
Malcolm's solutions should fix it, if this is the problem.

Cheers,
Raven

Ben says "WAR IS PEACE FREEDOM IS SLAVERY BACKSPACE IS DELETE"

More information about the Techtalk mailing list