Reputation: 23
Will keep-alive useful to use with load balancer and firewalls
I have client and server component. Server may be installed behind the firewall or load balancer. Many sites/forums suggested to use TCP keep-alive feature to avoid connection termination due to inactivity. The question is whether the keep-alive message from client will actually reach to server? I tried to simulate the deployment using tcptrace utility and found that the keep-alive messages does not reach to server still the client was getting ACK for keep alive message. I am not sure whether LB/FW work in same manner.
Is the keep-alive good option to avoid connection termination due to inactivity over socket in case of firewall and load balancer?
Upvotes: 2
Views: 2764
Answers (1)
Reputation: 3089
The answer is, of course: "it depends".
Many firewalls and load balancers maintain separate frontend and backend TCP connections, e.g.:
client <-- TCP --> firewall/balancer <-- TCP --> server
For situations like this, using TCP keepalive will not work as you'd expect. Why not? The TCP keepalive works for that TCP session only, and the keepalive probe packets are more like "administrative overhead" packets that data-bearing packets. This means that a) using TCP keepalive on the client end only means keeping the TCP connection to the firewall/balancer alive, and b) the firewall/balancer does not "forward" those keepalive probe packets across to the backend connection.
So is using TCP keepalive useful? Yes. There are other types of proxies which work at lower layers in the OSI stack, and which do forward those packets; using TCP keepalive is good for keeping your idle connection alive through those types of network intermediaries.
If your client/server application uses a long-lived, possibly idle TCP connection through firewalls/balancers, the best way to ensure that that connection is not torn down (sometimes politely, e.g. with a RST packet sent by the firewall/balancer, sometimes silently) is to use a "ping" or "heartbeat" message at the application layer. (Think of this as an "application keepalive".) This is just some kind of message that is sent e.g. from the client to the server. A simple and effective technique is to have the client periodically send some bytes to the server, which the server echoes back to the client. The client knows which bytes it sent, and when it receives those same bytes back from the server, it knows that everything in the network path is still working as expected.
Hope this helps!
Upvotes: 1
Related Questions
- Advantage of using HAProxy AND Keepalived vs just Keepalived
- How to keep TCP connections alive on AWS network loadbalancer
- HTTP KeepAlive can be as a substitute for TCP KeepAlive?
- Keep-alive: dead peers detection
- What is the typical usage of TCP keepalive?
- Pros and Cons of Keep-Alive from Web Server Side
- How to keep HAProxy TCP connection alive?
- http keep-alive in the modern age
- Should I send Keep alive packets when I use a TCP connection?
- Possible to enable Keep-alive with a load balancer?