| Subject | Re: [firebird-support]Staying alive |
|---|---|
| Author | John vd Waeter |
| Post date | 2008-11-10T12:41:31Z |
Paul Hope wrote:
Are all connections done via VPN? If all sites but one have trouble
keeping their connections, I'd say the problem is at that site.
I follow your accumulation of guesses, sounds reasonable, except for
that the server sends keepalive-packets to the client. However, if all
other sites have no problems (and use VPN also) then I would guess the
VPN functions in the router at that particular site behave different
from the VPN-stuff at the other sites...
And yes, maybe it operates within standards and all the other sites are
more tolerant to connections with no traffic.
Another possibility is the ISP to which this particalur site connects.
They sometimes use stateful firewalls (one of my customers ISP did, took
a while to figure that out). In these firewalls packets from the
internet to the client are passed through if they are related to a
former established connection. Those packets are dropped if the
connection is reset OR after a certain period with no traffic has
expired. They are not considered "related" anymore.
Keepalive packets from server to client would not arrive anymore, so
client can not confirm them, server gets no response from client and
drops connection.
Do you have more customers that connect via the same ISP as the
problem-site does? If yes and they don't have trouble, it rules out a
possible firewall-problem.
At last, regarding the ping delay (success only after 2nd or 3d ping)...
At other sites that use VPN, does this ping-delay also occur? If not,
I'd try to change the router and see if that helps....
regards,
John
> ..and now it works on the second site and the system people havn't changedHi Paul,
> anything. I can see the VPN icon flashing its little lights every minute
> and however long I leave it inactive it works fine when I try to talk to the
> database.
>
> However on the first site which uses a route set up in the router I dont
> have the VPN icon to watch. I've discovered a 'VPN Connection Management'
> tool in the router which shows uptime, packets transmitted etc. After an
> idle period the connection drops, if I then ping the remote server it
> usually times out on the first 2 or 3 attempts and succeeds on the remaining
> 2 or 3. The router screen then shows the number of packets transmitted = to
> the number of pings that succeeded. I am guessing that after the connection
> drops the FB client issues its next keep alive packet, this fails (like the
> first ping) and it flags the connection as lost. Further database activity
> then fails.
>
> If I reconnect this succeeds but I cant tell if it has tried more than once
> to establish the connection, I assume it has.
>
> So if my accumulation of guesses are correct then the quation becomes - does
> the stay client stay alive try more than once, or just try once and give up
> and could this be the problem?
Are all connections done via VPN? If all sites but one have trouble
keeping their connections, I'd say the problem is at that site.
I follow your accumulation of guesses, sounds reasonable, except for
that the server sends keepalive-packets to the client. However, if all
other sites have no problems (and use VPN also) then I would guess the
VPN functions in the router at that particular site behave different
from the VPN-stuff at the other sites...
And yes, maybe it operates within standards and all the other sites are
more tolerant to connections with no traffic.
Another possibility is the ISP to which this particalur site connects.
They sometimes use stateful firewalls (one of my customers ISP did, took
a while to figure that out). In these firewalls packets from the
internet to the client are passed through if they are related to a
former established connection. Those packets are dropped if the
connection is reset OR after a certain period with no traffic has
expired. They are not considered "related" anymore.
Keepalive packets from server to client would not arrive anymore, so
client can not confirm them, server gets no response from client and
drops connection.
Do you have more customers that connect via the same ISP as the
problem-site does? If yes and they don't have trouble, it rules out a
possible firewall-problem.
At last, regarding the ping delay (success only after 2nd or 3d ping)...
At other sites that use VPN, does this ping-delay also occur? If not,
I'd try to change the router and see if that helps....
regards,
John