Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tcp keep alive configuration #1694

Closed
srikanthsubbaramu opened this issue Jan 29, 2025 · 4 comments
Closed

Tcp keep alive configuration #1694

srikanthsubbaramu opened this issue Jan 29, 2025 · 4 comments
Labels
is:question Issue is actually a question.

Comments

@srikanthsubbaramu
Copy link

Hi Michal,

I am trying to go through documentation for setting keep alive for a connection such that it is persistent. I was going through documentation and in ietf-netconf-server yang i see below
[root@cucp-smo-gnb-1-cucp-3-cm-agent-0 /]# sysrepoctl -l
Sysrepo repository: /opt/sysrepo

Module Name | Revision | Flags | Startup Owner | Startup Perms | Running Perms | Submodules | Features


NF_Information | 2024-08-26 | I | root:root | 600 | 600 | |

_3gpp-5g-common-yang-types | 2023-09-18 | I | root:root | 600 | 600 | |

_3gpp-5gc-nrm-configurable5qiset | 2023-09-18 | I | root:root | 600 | 600 | |

_3gpp-5gc-nrm-ecmconnectioninfo | 2024-01-29 | I | root:root | 600 | 600 | |

_3gpp-common-files | 2023-09-18 | I | root:root | 600 | 600 | |

_3gpp-common-fm | 2024-01-18 | I | root:root | 600 | 600 | |

_3gpp-common-managed-element | 2024-01-30 | I | root:root | 600 | 600 | |

_3gpp-common-managed-function | 2023-09-18 | I | root:root | 600 | 600 | |

_3gpp-common-measurements | 2023-11-18 | I | root:root | 600 | 600 | |

_3gpp-common-subnetwork | 2024-01-30 | I | root:root | 600 | 600 | |

_3gpp-common-subscription-control | 2024-01-18 | I | root:root | 600 | 600 | |

_3gpp-common-top | 2023-09-18 | I | root:root | 600 | 600 | |

_3gpp-common-trace | 2024-01-29 | I | root:root | 600 | 600 | |

_3gpp-common-yang-extensions | 2023-09-18 | I | root:root | 600 | 600 | |

_3gpp-common-yang-types | 2023-11-06 | I | root:root | 600 | 600 | |

_3gpp-nr-nrm-externalgnbcucpfunction | 2023-09-18 | I | root:root | 600 | 600 | |

_3gpp-nr-nrm-externalnrcellcu | 2023-09-18 | I | root:root | 600 | 600 | |

_3gpp-nr-nrm-gnbcucpfunction | 2024-01-12 | I | root:root | 600 | 600 | |

_3gpp-nr-nrm-nrcellcu | 2023-09-18 | I | root:root | 600 | 600 | |

_3gpp-nr-nrm-nrcellrelation | 2023-09-18 | I | root:root | 600 | 600 | |

_3gpp-nr-nrm-nrfreqrelation | 2023-09-18 | I | root:root | 600 | 600 | |

_3gpp-nr-nrm-nrfrequency | 2023-09-18 | I | root:root | 600 | 600 | |

_3gpp-nr-nrm-nrnetwork | 2023-09-18 | I | root:root | 600 | 600 | | ExternalsUnderNRNetwork

_ran-common-managed-element-deviation | 2024-09-23 | I | root:root | 600 | 600 | |

_ran-common-nrnetwork-deviation | | I | root:root | 600 | 600 | |

_ran-common-subnetwork-deviation | | I | root:root | 600 | 600 | |

_ran-externalgnbcucpfunction-deviation | | I | root:root | 600 | 600 | |

_ran-externalnrcellcu-deviation | | I | root:root | 600 | 600 | |

_ran-ietf-ip | 2024-09-23 | I | root:root | 600 | 600 | |

_ran-nr-nrm-FiveQiDscpMappingSet | 2024-09-23 | I | root:root | 600 | 600 | |

_ran-nr-nrm-gnbcucp-deviation | | I | root:root | 600 | 600 | |

_ran-nr-nrm-gnbcucp-ep | 2024-07-16 | I | root:root | 600 | 600 | |

_ran-nr-nrm-gnbcucpfunction | | I | root:root | 600 | 600 | |

_ran-nr-nrm-nrcellcu | | I | root:root | 600 | 600 | |

_ran-nr-nrm-nrcellcu-deviation | | I | root:root | 600 | 600 | |

_ran-nrfrequency-deviation | | I | root:root | 600 | 600 | |

cmAgent | | I | root:root | 600 | 600 | |

iana-crypt-hash | 2014-04-04 | I | root:root | 600 | 600 | | crypt-hash-md5 crypt-hash-sha-256 crypt-hash-sha-512
iana-if-type | 2017-01-19 | I | root:root | 600 | 600 | |

iana-ssh-encryption-algs | 2022-06-16 | I | root:root | 600 | 600 | |

iana-ssh-key-exchange-algs | 2022-06-16 | I | root:root | 600 | 600 | |

iana-ssh-mac-algs | 2022-06-16 | I | root:root | 600 | 600 | |

iana-ssh-public-key-algs | 2022-06-16 | I | root:root | 600 | 600 | |

iana-tls-cipher-suite-algs | 2022-06-16 | I | root:root | 600 | 600 | |

ietf-crypto-types | 2023-12-28 | I | root:root | 600 | 600 | | cleartext-passwords cleartext-private-keys
ietf-datastores | 2018-02-14 | I | root:root | 444 | 444 | |

ietf-factory-default | 2020-08-31 | I | root:root | 600 | 600 | | factory-default-datastore

ietf-inet-types | 2013-07-15 | I | root:root | 444 | 444 | |

ietf-interfaces | 2018-02-20 | I | root:root | 600 | 600 | |

ietf-ip | 2018-02-22 | I | root:root | 600 | 600 | |

ietf-keystore | 2023-12-28 | I | root:root | 600 | 600 | | central-keystore-supported inline-definitions-supported asymmetric-keys
ietf-netconf | 2013-09-29 | I | root:root | 600 | 600 | | writable-running candidate confirmed-commit rollback-on-error validate startup url xpath
ietf-netconf-acm | 2018-02-14 | I | root:root | 600 | 600 | |

ietf-netconf-monitoring | 2010-10-04 | I | root:root | 600 | 600 | |

ietf-netconf-nmda | 2019-01-07 | I | root:root | 600 | 600 | | origin with-defaults

ietf-netconf-notifications | 2012-02-06 | I | root:root | 644 | 644 | |

ietf-netconf-server | 2023-12-28 | I | root:root | 600 | 600 | | ssh-listen tls-listen ssh-call-home tls-call-home central-netconf-server-supported
ietf-netconf-with-defaults | 2011-06-01 | I | root:root | 444 | 444 | |

ietf-network-instance | 2019-01-21 | I | root:root | 600 | 600 | |

ietf-origin | 2018-02-14 | I | root:root | 444 | 444 | |

ietf-restconf | 2017-01-26 | i | | | | |

ietf-ssh-common | 2023-12-28 | I | root:root | 600 | 600 | | transport-params

ietf-ssh-server | 2023-12-28 | I | root:root | 600 | 600 | | local-users-supported local-user-auth-publickey local-user-auth-password local-user-auth-none
ietf-subscribed-notifications | 2019-09-09 | I | root:root | 600 | 600 | | encode-xml replay subtree xpath

ietf-tcp-client | 2023-12-28 | I | root:root | 600 | 600 | | local-binding-supported tcp-client-keepalives
ietf-tcp-common | 2023-12-28 | I | root:root | 600 | 600 | | keepalives-supported

ietf-tcp-server | 2023-12-28 | I | root:root | 600 | 600 | | tcp-server-keepalives

ietf-tls-common | 2023-12-28 | I | root:root | 600 | 600 | | tls10 tls11 tls12 tls13 hello-params
ietf-tls-server | 2023-12-28 | I | root:root | 600 | 600 | | server-ident-x509-cert client-auth-supported client-auth-x509-cert
ietf-truststore | 2023-12-28 | I | root:root | 600 | 600 | | central-truststore-supported inline-definitions-supported certificates public-keys
ietf-x509-cert-to-name | 2014-12-10 | I | root:root | 600 | 600 | |

ietf-yang-library | 2019-01-04 | I | root:root | 644 | 644 | |

ietf-yang-metadata | 2016-08-05 | i | | | | |

ietf-yang-patch | 2017-02-22 | i | | | | |

ietf-yang-push | 2019-09-09 | I | root:root | 600 | 600 | | on-change

ietf-yang-schema-mount | 2019-01-14 | I | root:root | 644 | 644 | |

ietf-yang-structure-ext | 2020-06-17 | i | | | | |

ietf-yang-types | 2013-07-15 | I | root:root | 444 | 444 | |

libnetconf2-netconf-server | 2024-01-15 | I | root:root | 600 | 600 | |

nc-notifications | 2008-07-14 | I | root:root | 600 | 600 | |

notifications | 2008-07-14 | I | root:root | 600 | 600 | |

o-ran-cu-security-handling | 2021-07-04 | I | root:root | 600 | 600 | |

o-ran-cucountgroup | 2023-03-17 | I | root:root | 600 | 600 | |

o-ran-pdcp | 2023-11-14 | I | root:root | 600 | 600 | |

ortseam-classtype | 2024-08-08 | i | | | | |

sysrepo-factory-default | 2024-05-02 | I | root:root | 600 | 600 | |

sysrepo-monitoring | 2023-08-11 | I | root:root | 600 | 600 | |

sysrepo-plugind | 2022-08-26 | I | root:root | 644 | 644 | |

yang | 2022-06-16 | I | root:root | 444 | 444 | |

Flags meaning: I - Installed/i - Imported; R - Replay support

Keep alives are enabled. so when i try to disable idle_timeout in listen container from ietc-netconf-server.yang
ietf-netconf-server@2023-12-28.yang
grouping netconf-server-app-grouping {
description
"A reusable grouping for configuring a NETCONF server
application that supports both 'listen' and 'call-home'
protocol stacks for a multiplicity of connections.";
container listen {
if-feature "ssh-listen or tls-listen";
presence
"Indicates that server-listening ports have been configured.
This statement is present so the mandatory descendant
nodes do not imply that this node must be configured.";
description
"Configures listen behavior";
leaf idle-timeout {
type uint16;
units "seconds";
default "180"; // three minutes
description
"Specifies the maximum number of seconds that a NETCONF
session may remain idle. A NETCONF session will be
dropped if it is idle for an interval longer than this
number of seconds. If set to zero, then the server
will never drop a session because it is idle.";

}

But if i set this , i see netopeer2-cli authenticate failing
[root@gnb100-gnb-1-cucp-1-cm-agent-0 /]# ./sr_set_item_example /ietf-netconf-server:netconf-server/listen/idle-timeout 0
Application will set "/ietf-netconf-server:netconf-server/listen/idle-timeout" to "0".
[root@gnb100-gnb-1-cucp-1-cm-agent-0 /]# netopeer2-cli

connect
nc ERROR: SSH channel write failed.
nc ERROR: SSH channel unexpectedly closed.
nc ERROR: Failed to send the RPC.
nc ERROR: Invalid session to send RPCs.
nc ERROR: Invalid session, discarding.
nc ERROR: Invalid session to send RPCs.
nc ERROR: Failed to send the RPC.
nc ERROR: Invalid session, discarding.
cmd_connect: Connecting to the localhost:830 as user "root" failed.
exit

[INF]: LN: Call Home client "default-client-tls" timeout of 5 seconds expired, reconnecting.
[INF]: LN: Trying to connect via IPv4 to 127.0.0.1:4335.
[INF]: LN: getsockopt() error (Connection refused).
[INF]: LN: Accepted a connection on 0.0.0.0:830 from 127.0.0.1:39964.
[INF]: LN: Received an SSH message "request-service" of subtype "ssh-userauth".
[INF]: LN: Received an SSH message "request-auth" of subtype "none".
[INF]: LN: Received an SSH message "request-auth" of subtype "publickey".
[INF]: LN: Received an SSH message "request-auth" of subtype "publickey".
[INF]: LN: User "root" authenticated.
[INF]: LN: Received an SSH message "request-channel-open" of subtype "session".
[INF]: LN: Received an SSH message "request-channel" of subtype "subsystem".
[ERR]: LN: Session 3: Client timeout elapsed.

Can you please provide me guidance what is the right way to get a session persistent?

Thanks,
Srikanth

@michalvasko
Copy link
Member

If you immediately see the timeout elapsed error, it is a bug (in libssh) and a workaround was committed to libnetconf2, what version are you using?

@michalvasko michalvasko added the is:question Issue is actually a question. label Jan 30, 2025
@srikanthsubbaramu
Copy link
Author

we are currently using libnetconf2 v3.3.3 and libssh 0.10.6.

@michalvasko
Copy link
Member

Yep, fixed in libnetconf2 v3.4.0 or later, libssh has not fixed the bug yet.

@srikanthsubbaramu
Copy link
Author

Thank you Michal

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
is:question Issue is actually a question.
Projects
None yet
Development

No branches or pull requests

2 participants