ntls tcp_keepalive set

Home >	LunaSH Command Reference Guide > LunaSH Commands > ntls > ntls tcp_keepalive set

ntls tcp_keepalive set

Configure the NTLS TCP keep alive settings.

TCPKeepAlive

TCPKeepAlive is a TCP stack option, available at the LunaClient, and at the SafeNet Network HSM appliance. For SafeNet purposes, it is controlled via an entry in the Chrystoki.conf /crystoki.ini file on the LunaClient, and in an equivalent file on SafeNet Network HSM. For SafeNet HSM 6.1 and newer, a fresh client software installation includes an entry "TCPKeepAlive=1" in the "LunaSA Client" section of the configuration file Chrystoki.conf (Linux/UNIX) or crystoki.ini (Windows). Config files and certificates are normally preserved through an uninstall, unless you explicitly delete them.

As such, if you update (install) LunaClient software where you previously had an older LunaClient that did not have a TCPKeepAlive entry, one is added and set to "1" (enabled), by default. In the case of update, if TCPKeepAlive is already defined in the configuration file, then your existing setting (enabled or disabled) is preserved.

On the SafeNet Network HSM appliance, where you do not have direct access to the file system, the TCPKeepAlive= setting is controlled by the lunash:> ntls TCPKeepAlive set command.

The settings at the appliance and the client are independent. This allows a level of assurance, in case (for example) a firewall setting blocks in one direction.

Syntax

ntls tcp_keepalive set -idle <seconds> -interval <seconds> -probes <number>

Parameter	Shortcut	Description
-idle	-id	Specifies the TCP keep alive idle timer, in seconds. This is the initial wait until a keepalive is issued. Recommended value is 200. Range: 10 to 10,000 Default: 10
-interval	-in	Specifies the TCP keep alive interval time, in seconds. This is the duration between any two successive keep alive transmissions. Recommended value is 150. Range: 10 to 360 Default: 10
-probes	-p	Specifies the number of retries to attempt if a transmission is not acknowledged. Recommended is 15. Range: 1 to 30 Default: 2

Parameter

Shortcut

Description

-idle

-id

Specifies the TCP keep alive idle timer, in seconds. This is the initial wait until a keepalive is issued. Recommended value is 200.

Range: 10 to 10,000

Default: 10

-interval

-in

Specifies the TCP keep alive interval time, in seconds. This is the duration between any two successive keep alive transmissions. Recommended value is 150.

Range: 10 to 360

Default: 10

-probes

-p

Specifies the number of retries to attempt if a transmission is not acknowledged. Recommended is 15.

Range: 1 to 30

Default: 2

Note: The default values, that apply if you don't specify individual parameters, are starting points that work well in common High Availability situations, until you configure for your particular network conditions (latency, etc.).

The recommended values are conservative, and address a common situation where a flurry of network activity might allow the probe count to be reached before the acknowledgment packets are able to return to the HSM appliance, which could cause the appliance to reset the connection.

Example

lunash:>ntls tcp_keepalive set -idle 200 -interval 150 -probes 15

NOTICE: The NTLS service must be restarted for new settings to take effect.

Command Result : 0 (Success)