With exec-timeout command we can set to disconnect idle sessions after the time specified in this command.By default the timeout is 10 minutes.
But when we use service tcp-keepalives in/out command,then the sessions hung sessions will get disconnected afetr 5 minutes of idle connections(i.e. every one minute keepalive will be sent to the remote host for 5 times).
My understanding is that first the router will wait for the exec-timeout to complete.If even after the exec-timeout the session is still showing established(in show users command in router) then keep alive will be sent to remote host every minute(5 times) and if there is no response the session will be disconnected.Please correct me if I am wrong.
And what exactly is the difference in tcp-keepalives in and out command.Is that keepalives in means if someone telnets the router from outside and keepalive out means router will telnet the remote host.
I am sorry if u get confused---
Actually I tried to find out from many places but the above doubts could not get cleared. Can you please help...
The difference between exec-timeout and service tcp-keepalive is that the exec-timeout is looking for activity initiated by the user while service tcp-keepalive is looking more at the machine to machine level of communication. In essence if there is a failure of communication between machines then both the tcp-keepalive and the exec-timeout should fail. But if there is machine to machine communication but no user activity then the exec-timeout will fail.
Your understanding is correct that keepalive in is to detect problems with sessions initiated from other machines that are inbound to this router. And keepalive out is to detect problems with sessions that are initiated from this machine to other machines. This link may have information that is helpful:
Thanks a lot for the quick response.Now I am bit clear about the difference.
I am still not clear about the following:-
If exec-timeout is set to 10 minutes and tcp keep alive is set to 5 minutes(i.e. sending keepalives every minute 5 times),then whether the idle network connection will get timed out in 5 minutes only without waiting for exec-timeout period OR First the exec-timeout will be considered and if the connection is idle for 10 minutes then tcp keepalive will start for another 5 minutes(to drop the connections if it is not got disconnected with exec-timeout value)
Thanks Rick for explanation. It was new to me.
Sukhwinder, Based on Rick's explanation What I understand is that the idle telnet session to this router will die out in exec-timeout duration & other idle tcp sessions through the device will timeout as per keepalive duration.
Someone correct me if I'm wrong.
Yes I understand that.
What my query was that if the TCP keep alive period comes before the exec-timeout period then which will be affected first.Whether always exec-timeout will be taken first and then if any session does not get disconnected with exec-timeout then tcp keepalive period will start(5 times) and then that session will be disconnected(for example Hung sessions).
If keepalive time(5 minutes) is coming before exec-timeout(10 minutes),then will itmean that the session will be disconnected after 5 minutes instaed of waiting for 10 minutes.
I have not tested this particular issue so I can not answer from experience (which is usually the best approach). But my understanding of the documentation is that each timer operates independently. So if the tcp keepalive is set at 5 minutes and the exec-timeout is 10 minutes and if the remote device stops responding to keepalives and does not send any user input, then the tcp keepalive will terminate the session before the exec-timeout does.
I do not believe that the tcp keepalive will wait for the exec-timeout.
Will it mean that the moment we logged into the router it will start sending keepalives to the machine from where we logged in to the router.
If yes what I understood is that when we set exec-timeout to 10 minutes and tcp keepalive to 5 minutes,
then if the session is idle(but the remote machine is still active)the router will keep on sending keepalives on this idle session and the machine will keep answering to keepalives(althogh the session is actulally idle) .And if after 10 minutes also machine is replying to keepalives then the session will get disconnected (because of exec-timeout value).
One thing more Will the TCP keepalive disconnect the session if the session got hung and cound not get disconnected even after exec-timeout vlaue.
Yes it does mean that if you initiate a TCP session to the router (like telnet) that tcp keepalive will begin to send keepalive messages to the machine from where you logged in.
As long as the remote machine is able to respond to the keepalive messages then the keepalive function will not terminate the session. This is separate from the exec-timeout which is tracking whether there was user activity in the session.
I am not sure that I fully understand the last part of your question:
"Will the TCP keepalive disconnect the session if the session got hung and cound not get disconnected even after exec-timeout vlaue"
I believe that you are asking that if the exec-timeout is attempting to terminate the session but is not able to do so then the keepalive will terminate the session. In what way would exec-timeout not be able to terminate the session?
As BVS Said, its interesting INFO.
Thanks to RICK for his great Answers.
Guru Prasad R
Thanks for the clarity----
I have seen sometimes that whenever I am logging into the switches(using telnet) sometimes(very rare) the telnet session will hang (after exec-timeout vlaue is expired).Then the only thing to close that session is to restart my machine.Please note that tcp keepalive is not enabled in my switches.That's why I was doubting that this may be due to missing of tcp keepalive command.
One thing more----
Please clarify whether the following is true:-
whether we are enabling tcp-keepalive in or out(i.e. telneting to or from the router respectedly),always router will send keepalive to the remote machine..
I am not sure whether I correctly understand your question here. So let me answer it this way: when you enable keepalive in the router is tracking some machine that has initiated a connection to the router and the router will send keepalive messages to the source of the connection. When you enable keepalive out the router is tracking a machine to which the router has initiated a connection and the router will send keepalive messages to the destination of the connection.
If that was not the correct understanding of your question then please clarify.