| Subject | RE: [firebird-support]Staying alive |
|---|---|
| Author | Paul Hope |
| Post date | 2008-11-12T11:24:03Z |
Thanks Helen and John
Its good to understand the keep alive packets come from the server. I
changed the router settings to both directions instead of just dial out and
the connection stays up (not that I might need to do this but it did allow
me to continuously monitor the traffic). While monitoring the number of
packets exchanged I can see that no packets are being received at 1 minute
intervals (with a VPN I can the lights flash every minute). I have
forwarded Johns comments on stateful firewalls to the customer ISP to see if
they can help.
They are the only customer with router to router connection and the only one
on that ISP. The others all use VPNs and we have no problem with them.
Hopefully something will come from the ISP. I'll let you know ;-)
Regards
Paul
Its good to understand the keep alive packets come from the server. I
changed the router settings to both directions instead of just dial out and
the connection stays up (not that I might need to do this but it did allow
me to continuously monitor the traffic). While monitoring the number of
packets exchanged I can see that no packets are being received at 1 minute
intervals (with a VPN I can the lights flash every minute). I have
forwarded Johns comments on stateful firewalls to the customer ISP to see if
they can help.
They are the only customer with router to router connection and the only one
on that ISP. The others all use VPNs and we have no problem with them.
Hopefully something will come from the ISP. I'll let you know ;-)
Regards
Paul
> -----Original Message-----
> From: firebird-support@yahoogroups.com
> [mailto:firebird-support@yahoogroups.com] On Behalf Of John vd Waeter
> Sent: 10 November 2008 12:42
> To: firebird-support@yahoogroups.com
> Subject: Re: [firebird-support]Staying alive
>
> Paul Hope wrote:
>
> > ..and now it works on the second site and the system people havn't
> > changed anything. I can see the VPN icon flashing its
> little lights
> > every minute and however long I leave it inactive it works
> fine when I
> > try to talk to the database.
> >
> > However on the first site which uses a route set up in the router I
> > dont have the VPN icon to watch. I've discovered a 'VPN
> Connection Management'
> > tool in the router which shows uptime, packets transmitted
> etc. After
> > an idle period the connection drops, if I then ping the
> remote server
> > it usually times out on the first 2 or 3 attempts and
> succeeds on the
> > remaining
> > 2 or 3. The router screen then shows the number of packets
> > transmitted = to the number of pings that succeeded. I am guessing
> > that after the connection drops the FB client issues its next keep
> > alive packet, this fails (like the first ping) and it flags the
> > connection as lost. Further database activity then fails.
> >
> > If I reconnect this succeeds but I cant tell if it has
> tried more than
> > once to establish the connection, I assume it has.
> >
> > So if my accumulation of guesses are correct then the
> quation becomes
> > - does the stay client stay alive try more than once, or
> just try once
> > and give up and could this be the problem?
>
> Hi Paul,
>
> Are all connections done via VPN? If all sites but one have
> trouble keeping their connections, I'd say the problem is at
> that site.
>
> I follow your accumulation of guesses, sounds reasonable,
> except for that the server sends keepalive-packets to the
> client. However, if all other sites have no problems (and use
> VPN also) then I would guess the VPN functions in the router
> at that particular site behave different from the VPN-stuff
> at the other sites...
>
> And yes, maybe it operates within standards and all the other
> sites are more tolerant to connections with no traffic.
>
> Another possibility is the ISP to which this particalur site connects.
>
> They sometimes use stateful firewalls (one of my customers
> ISP did, took a while to figure that out). In these firewalls
> packets from the internet to the client are passed through if
> they are related to a former established connection. Those
> packets are dropped if the connection is reset OR after a
> certain period with no traffic has expired. They are not
> considered "related" anymore.
> Keepalive packets from server to client would not arrive
> anymore, so client can not confirm them, server gets no
> response from client and drops connection.
>
> Do you have more customers that connect via the same ISP as
> the problem-site does? If yes and they don't have trouble, it
> rules out a possible firewall-problem.
>
> At last, regarding the ping delay (success only after 2nd or
> 3d ping)...
> At other sites that use VPN, does this ping-delay also occur?
> If not, I'd try to change the router and see if that helps....
>
>
> regards,
> John
>
>
> ------------------------------------
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> Visit http://www.firebirdsql.org and click the Resources item
> on the main (top) menu. Try Knowledgebase and FAQ links !
>
> Also search the knowledgebases at http://www.ibphoenix.com
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> Yahoo! Groups Links
>
>
>