Solved: vCNS Edge Gateway - session timeout

MLindberg · ‎12-11-2014

Hi

I have tried to find some technical documentation about session timeouts in the vCNS Edge Gateways 5.5, but I have only managed to find a release note saying that it is possible to change the global TCP session timeout.

Can anybody provide me with the timeout´s that is set in a Edge Gateway 5.5 and 5.6, like the below settings from a NSX Edge

{
"firewall" : {

"globalConfig" : {
"ipGenericTimeout" : 120,

"icmp6Timeout" : 10,

"tcpPickOngoingConnections" : false,

"tcpAllowOutOfWindowPackets" : false,

"tcpTimeoutEstablished" : 3600,

"disableFirewall" : false,

"dropInvalidTraffic" : true,

"tcpTimeoutClose" : 30,

"icmpTimeout" : 10,
"udpTimeout" : 60,
"tcpTimeoutOpen" : 30,

"tcpSendResetForClosedVsePorts" : true,

"logInvalidTraffic" : false

},

MLindberg · ‎02-09-2015

I got this reply from VMware

VMware KB: Method to query and/or configure the timeout via Representational State Transfer (REST) A...

Copy/paste from the KB :

The following are the default settings that can be changed using rest api calls however these settings will be reset once the edge is redeployed.

Default Settings

Protocol / State

(version3.0)

'Inactivity Timeout '(Seconds)

(version 4.0)

Inactivity Timeout (Seconds)

TCP Open

(SYN-SENT, SYN-RCVD states)

30

TCP Established

3600

TCP Close (TIME-WAIT, FIN_WAIT states)

20

30

UDP

30

60

ICMP/ICMPv6

10

All Other Protocols

120

[edit] Configuration - Supported Versions

Release Version

API Version

Configuration Persistence across "Redeploy'/Upgrade".

<= 5.1.2

Not supported

--

5.1.3 (Spock, Minor Release)

api/3.0

No

5.5.1

api/3.0

No

NSX 6.0

api/4.0

Yes

[edit] Query/Configuration

The connection inactivity timeout settings can be queried and configurable REST API during runtime.

[edit] API/3.0

Query - Connection Inactivity Timeouts:

Query operation is supported on this version.

Configure - Connection Inactivity Timeouts:

In API 3.0, connection inactivity timeouts can be configured thorugh "systemcontrol" section. Each of the listed paramters below are optional.

The configured parameters are persisted across "Redeploy" operation from vShield manager.

URL : /api/3.0/edges/{edgeId}/systemcontrol/config

Method: PUT

Input representation:

<property>sysctl.net.netfilter.nf_conntrack_tcp_timeout_syn_sent=30</property>

<property>sysctl.net.netfilter.nf_conntrack_tcp_timeout_syn_recv=30</property>

<property>sysctl.net.netfilter.nf_conntrack_tcp_timeout_established=3600</property>

<property>sysctl.net.netfilter.nf_conntrack_tcp_timeout_close=20</property>

<property>sysctl.net.netfilter.nf_conntrack_tcp_timeout_close_wait=60</property>

<property>sysctl.net.netfilter.nf_conntrack_tcp_timeout_fin_wait=20</property>

<property>sysctl.net.netfilter.nf_conntrack_tcp_timeout_time_wait=20</property>

<property>sysctl.net.netfilter.nf_conntrack_tcp_timeout_last_ack=30</property>

<property>sysctl.net.netfilter.nf_conntrack_udp_timeout=30</property>

<property>sysctl.net.netfilter.nf_conntrack_udp_timeout_stream=30</property>

<property>sysctl.net.netfilter.nf_conntrack_icmp_timeout=10</property>

<property>sysctl.net.netfilter.nf_conntrack_generic_timeout=120</property>

</systemControl>

Output representation:

None

HTTP Result Codes:

204 NO CONTENT

[edit] API/4.0

Query Connection Inactivity Timeouts:

URL : /api/4.0/edges/{edgeId}/firewall/config/global

Method: GET

Input representation:

No payload

Output representation

...

</globalConfig>

HTTP Result Codes:

200 OK

Configure Connection Inactivity Timeouts:

URL : api/4.0/edges/{edgeId}/firewall/config/global

Method: PUT

Input representation:

...

...

</globalConfig>

Output representation:

No Payload

HTTP Result Codes:

204 NO CONTENT

View solution in original post

gairaldi · ‎02-09-2015

hey ,did u manage to figure this out ?

MLindberg · ‎02-09-2015