platform like Celerra will "ping" back the client every minute to make sure the client is still there, if the client is not there after so many re-tries the session is closed. This activity will keep firewall sessions alive, now on Isilon (at least on 6.5), this "ping" back process is done every 2 hours (default value). If you have firewalls that close inactive sessions after 30 minutes you can see how that could lead to the problem you are describing. I open an Excel spreadsheet and go away to lunch. In 30 minutes my firewall kills the session because there has not been any activity. I come back from lunch and when i tried to work on my spreadsheet it says that the file is locked and i end up having to save into a temporary file etc. Two hours later Isilon decides to "ping" back to see if you are still there but gets nothing because firewall killed that session 1.5 hours ago. When i captured traffic between Celerra and my clients and saw that Celerra was pinging back every 1 minute ( i know very chatty), i decided to lower the "ping" time on Isilon to 5 minutes. So isilon will "ping" the client every 5 minutes and ask him "are you there?", client would say "yes i am still here", this process would keep the firewall session alive and everyone was happy
The current setting can be reviewed with the following command
isi_for_array -s 'sysctl net.inet.tcp.keepidle'
To set the value -- isi_sysctl_cluster net.inet.tcp.keepidle=300000 (5 minutes, value in milliseconds)
The next sysctl that would be of interest is the ping interval with is currently set at 75000 (75 Seconds). The cluster will send 8 pings at a 75 second interval resulting in a 5 minute window for the client to respond.
To view the setting -- isi_for_array -s 'sysctl net.inet.tcp.keepintvl'
Yes there are firewalls on the local client workstation and on the network as well. But I know on the network end firewalls are available, but they are set to Any/Any.
Thank you very much for this info. I believe we're on the right track. There is a firewall in between the Isilon and clients that has a timeout that is shorter than that of the 2 hour default on the Isilon. Currently looking into changing times to see what would work out best without it being too chatty.
dynamox
9 Legend
•
20.4K Posts
0
June 2nd, 2014 11:00
platform like Celerra will "ping" back the client every minute to make sure the client is still there, if the client is not there after so many re-tries the session is closed. This activity will keep firewall sessions alive, now on Isilon (at least on 6.5), this "ping" back process is done every 2 hours (default value). If you have firewalls that close inactive sessions after 30 minutes you can see how that could lead to the problem you are describing. I open an Excel spreadsheet and go away to lunch. In 30 minutes my firewall kills the session because there has not been any activity. I come back from lunch and when i tried to work on my spreadsheet it says that the file is locked and i end up having to save into a temporary file etc. Two hours later Isilon decides to "ping" back to see if you are still there but gets nothing because firewall killed that session 1.5 hours ago. When i captured traffic between Celerra and my clients and saw that Celerra was pinging back every 1 minute ( i know very chatty), i decided to lower the "ping" time on Isilon to 5 minutes. So isilon will "ping" the client every 5 minutes and ask him "are you there?", client would say "yes i am still here", this process would keep the firewall session alive and everyone was happy
The current setting can be reviewed with the following command
isi_for_array -s 'sysctl net.inet.tcp.keepidle'
To set the value -- isi_sysctl_cluster net.inet.tcp.keepidle=300000 (5 minutes, value in milliseconds)
The next sysctl that would be of interest is the ping interval with is currently set at 75000 (75 Seconds). The cluster will send 8 pings at a 75 second interval resulting in a 5 minute window for the client to respond.
To view the setting -- isi_for_array -s 'sysctl net.inet.tcp.keepintvl'
dynamox
9 Legend
•
20.4K Posts
0
June 2nd, 2014 03:00
is there a firewall between users/isilon , or local firewall ?
MideSTO
6 Posts
0
June 2nd, 2014 08:00
Yes there are firewalls on the local client workstation and on the network as well. But I know on the network end firewalls are available, but they are set to Any/Any.
russ_stevenson_
25 Posts
0
June 2nd, 2014 09:00
You may wish to check this KB out from Microsoft, it maybe relevant here.
http://support.microsoft.com/kb/942146
MideSTO
6 Posts
0
June 2nd, 2014 15:00
Thank you very much for this info. I believe we're on the right track. There is a firewall in between the Isilon and clients that has a timeout that is shorter than that of the 2 hour default on the Isilon. Currently looking into changing times to see what would work out best without it being too chatty.
umichklewis
3 Apprentice
•
1.2K Posts
1
March 12th, 2018 08:00
Try TCPKeepAlive:
[nasadmin@vnxtest ~]$ server_param server_2 -facility cifs -info tcpkeepalive
server_2 :
name = tcpkeepalive
facility_name = cifs
default_value = 0xff01030a
current_value = 0xff01030a
configured_value =
user_action = restart Service
change_effective = restart Service
range = (0x00000000,0xffffffff)
description = TCP timeout for CIFS