You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by "CONANT,PATRICK (HP-FtCollins,ex1)" <pa...@hp.com> on 2004/03/10 16:58:19 UTC

JK Connector & SYN packet for established connection

I'm running into an issue with our JK communications being interrupted by
our firewall.   Any help would be appreciated...

Our firewall is reporting that the JK Connector is sending SYN packets for
connections that are already established.  The firewall is configured to
drop connections that are inactive for over 1/2 hour, but the connections
associated with the invalid SYN packets are generally only ~3-5 minutes old.
The folks maintaining the firewall claim that the JK communications are
non-RFC compliant and the connections are being dropped as a result.  This
is happening hundreds of times per day.

This is a high-traffic load-balanced website handling hundreds of thousands
of requests per day.  We get up to 400 AJP Listener threads active on each
of our Tomcat servers at any given time.  The server hardware configuration
looks like this:
* Two IIS Servers w/ JK ISAPI plugin located in the DMZ
* Nokia firewall software
* Foundry load balancer within our internal network
* Three Tomcat 4.0 servers within our internal network

Our workers.properties file is pretty simple:
worker.list=frontend
worker.frontend.host=XXXXX.XXX.hp.com
worker.frontend.type=ajp13
worker.frontend.port=8007

Any suggestions would be appreciated.

Thanks,
Pat Conant


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: JK Connector & SYN packet for established connection

Posted by David Rees <dr...@greenhydrant.com>.

CONANT,PATRICK (HP-FtCollins,ex1) wrote, On 3/10/2004 7:58 AM:
> 
> Our workers.properties file is pretty simple:
> worker.list=frontend
> worker.frontend.host=XXXXX.XXX.hp.com
> worker.frontend.type=ajp13
> worker.frontend.port=8007

Try setting the socket_keepalive and socket_timeout options and see if 
that helps:
worker.frontend.socket_keepalive=1
worker.frontend.socket_timeout=300

-Dave

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org