Gert Doering wrote:

>Hi,
>
>On Wed, Feb 02, 2005 at 09:40:30PM +1100, Daniel Carosone wrote:
>  
>
>>On Wed, Feb 02, 2005 at 09:44:39AM +0100, Gert Doering wrote:
>>    
>>
>>>TCP will not *really* save you here.  If the idle period is long enough,
>>>and the NAT device is stupid enough, it might very well time out your
>>>TCP NAT table entry (without telling the endpoints, of course).
>>>      
>>>
>>That's what TCP keepalives are for.  NTP is handy (or annoying,
>>depending on your perspective) for keeping links non-idle, too.
>>    
>>
>
>TCP keepalives are usually sent once per hour or so (did some googling:
>default on most unixes seems to be 2 hours), which is enough to clean 
>up "dead" TCP connections, but usually not enough to keep open over-eager 
>NAT routers.
>  
>
That's just a default.  Usually you can override the default with a 
setsockopt call, or an ioctl call, depending on the O/S.

However, I've found in many cases that TCP keepalive is simply broken 
(not  in NetBSD, but broken anywhere along the path is broken for the 
entire path).

>(This is the reason why, for example, OpenSSH contains a protocol-level
>keepalive mechanism, which sends packets much more frequently).
>
>gert
>
>
>  
>