On Jun 20, 2010, at 22:01 , Kevin Grittner wrote:
> "Joshua D. Drake" wrote:
>
>> Can someone tell me what we are going to do about firewalls that
>> impose their own rules outside of the control of the DBA?
>
> Has anyone actually seen a firewall configured for something so
> stupid as to allow *almost* all the various packets involved in using
> a TCP connection, but which suppressed just keepalive packets? That
> seems to be what you're suggesting is the risk; it's an outlandish
> enough suggestion that I think the burden of proof is on you to show
> that it happens often enough to make this a worthless change.
Yeah, especially since there is no such thing as a special "keepalive" packet in TCP. Keepalive simply sends packets
withzero bytes of payload every once in a while if the connection is otherwise inactive. If those aren't acknowledged
(likeevery other packet would be) by the peer, the connection is assumed to be broken. On a reasonably active
connection,keepalive neither causes additional transmissions, nor altered transmissions.
Keepalive is therefore extremely unlikely to break things - in the very worst case, a (really, really stupid) firewall
mightdecide to drop packets with zero bytes of payload, causing inactive connections to abort after a while. AFAIK
walreceiverwill simply reconnect in this case.
Plus, the postmaster enables keepalive on all incoming connections *already*, so any problems ought to have caused
bugreportsabout dropped client connections.
best regards,
Florian Pflug