If you are running Carrier-grade NAT on your equipment, please make sure your TCP established connection idle-timeout isn't too short. Otherwise TCP keepalives will get dropped, killing open connections (e.g SSH). Test if your NAT setup (or firewall) violates RFC5382‘s REQ-5 (2 hours 4 minutes) using this tool i wrote: https://github.com/AndersTrier/NAT-TCP-test.
I wrote a more thorough description of the issue here, and also described how it may kill idle SSH sessions.
No comments:
Post a Comment