Modify

Opened 8 years ago

Closed 6 years ago

Last modified 4 years ago

#5777 closed enhancement (invalid)

Please increase the value of net.ipv4.netfilter.ip_conntrack_tcp_timeout_established

Reported by: jch@… Owned by: developers
Priority: normal Milestone: Barrier Breaker 14.07
Component: packages Version:
Keywords: Cc:

Description

In /etc/sysctl.conf, I see

  net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600

This should be at least

  net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=7440

According to RFC 5382, Section 5:

   REQ-5:  If a NAT cannot determine whether the endpoints of a TCP
      connection are active, it MAY abandon the session if it has been
      idle for some time.  In such cases, the value of the "established
      connection idle-timeout" MUST NOT be less than 2 hours 4 minutes.
      The value of the "transitory connection idle-timeout" MUST NOT be
      less than 4 minutes.
      a) The value of the NAT idle-timeouts MAY be configurable.

Attachments (0)

Change History (6)

comment:1 Changed 8 years ago by thepeople

  • Resolution set to wontfix
  • Status changed from new to closed

We will not increase the value, we have this set lower because of the low amount of memory on most of the devices we run on. A increase in this value will consume more resources that we do now, which in some cases is already to much.

comment:2 Changed 7 years ago by anonymous

This is ridiculous and breaks normal networking. Linux defaults to 7200 seconds for TCP keepalives, meaning two Linux machines will have their connections cut short every hour going through an Openwrt router. There is of course also the standard. This policy decision is making Openwrt the MSIE of router firmware.

comment:3 Changed 6 years ago by anonymous

  • Resolution wontfix deleted
  • Status changed from closed to reopened

Indeed, I set mine to 7200 and don't see any problems with connections being kept too long...

Furthermore it's always interesting to follow RFC!

comment:4 Changed 6 years ago by jow

  • Resolution set to invalid
  • Status changed from reopened to closed

Doesn't change the fact that it stresses low memory devices.

comment:5 Changed 4 years ago by Siosm

Changing default values for valid is reasons is great, but I can not find a place where this setting and the reasoning behind it is documented (except for this bug report, but we don't even have an estimation of the amount of memory this could cost if kept at the default value, and in which situations).

Changes that goes against RFC recommendations should be documented, at least to give more details on when, why and in which conditions the change was necessary.

Moreover, they should be presented at some point during the installation documentation when the administrator should be able to make a decision about those settings.

comment:6 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.