# SxxxPxx 1123 UAT Testing 1. Gather node / pod sysctl config ``` sysctl net.netfilter.nf_conntrack_tcp_be_liberal ``` 2. Scale App down to 1, modify the node sysctl setting ``` On node sysctl -w net.netfilter.nf_conntrack_tcp_be_liberal=1 ``` Restart pod, check sysctl config inside pod again. ## check config inside pod ``` oc debug node/<node_name> NAME=<pod-name> NAMESPACE=<pod-namespace> pod_id=$(chroot /host crictl pods --namespace ${NAMESPACE} --name ${NAME} -q) ns_path="/host/$(chroot /host bash -c "crictl inspectp $pod_id | jq '.info.runtimeSpec.linux.namespaces[]|select(.type==\"network\").path' -r")" nsenter $nsenter_parameters -- sysctl net.netfilter.nf_conntrack_tcp_be_liberal ``` ## Check tcp timeout ``` sh-5.1# cat /proc/sys/net/ipv4/tcp_keepalive_time 7200 net.ipv4.tcp_keepalive_time = 7200 net.ipv4.tcp_keepalive_probes = 9 net.ipv4.tcp_keepalive_intvl = 75 sysctl net.ipv4.tcp_keepalive_time sysctl net.ipv4.tcp_keepalive_probes sysctl net.ipv4.tcp_keepalive_intvl ``` Results in the following behavior: Trigger a keepalive probe every 7200 seconds (2 hours) after the last received packet 最後一次收到TCP封包後隔7200秒傳送tcp keepalive probe If the connection is idle and the remote host does not reply, probe the remote host every 75 seconds 如果remote host無回應，且連線處於閒置狀態,每隔75秒傳送一次probe Close the connection after 9 failed probes 9次probe失敗後關閉連線 https://access.redhat.com/solutions/19029