Don't you love it when you attempt to Telnet or SSH from a Cisco device to an unreachable IP address? You're guaranteed wait time is 30 seconds...and there's no CTRL-SHIFT-6 breaking out of it. Here's a command-of-the day for you:
Router(config)#ip tcp synwait-time 5
This reduces the time the router waits for a reply SYN-ACK message to 5 seconds (from 30 seconds default) for all TCP sessions (including Telnet/SSH) coming from the router.
While I'm sure there could be an argument made that some networks may be delayed enough to have more than I five second delay from a SYN to a SYN-ACK...I'd say...fix your network.
Now that we know what the command does, what are the possible negative impacts of this command ? The default TCP timeout is thirty seconds and shortening this to five seconds could impact any TCP connection. Consider routing protocols such as BGP, Multicast routing and so on. For example, allowing only five seconds for a three way handshake on a BGP connection just might be a problem in certain SP networks.
In slow networks such as satellite, low speed async or even frame relay, for five seconds to be too short under certain conditions. You should identify this and change the timer to perhaps ten or fifteen seconds. But for most networks today, if you can’t get a three way handshake in five seconds then its not going to work.
Consider an BGP neighbour connection that uses TCP, if the connection cannot be established within the configured interval, the connection will be terminated. Its just possible that a heavily loaded BGP peer, using authentication might need more than five seconds so you should keep this in mind.
Best Regards,
Deepak Arora
No comments:
Post a Comment