A vendor is requesting to allow persistent tcp (not port 80) connection between a server in the DMZ and the internal network. I don't have much experience with this setting. Can anyone shed some light on disadvantages of allowing persistent connection? Guidance is much apprciated.
Asked
Active
Viewed 613 times
1 Answers
1
I would ask this question to the vendor to see why they want it, and have the explain it to make sure you know what they are talking about. I am not quite sure, but it sounds like they mean enabling the optional keep alive TCP feature. Keep-Alive can serve a couple of purposes that I can think of right now:
- Identify a connection that has gone dead and make sure it gets closed in a timely fashion and that the application knows it is gone. This is probably the reason they want it.
- Keep a session open as long as the other end responded to the probes. This can save a little overhead because you don't have has many session opens and closes (Hand-Shake and FIN). More overhead can be saved if the protocol on top has a fair amount of open close work to do as well.
This is a debated topic, as mentioned in TCP/IP Illustrated Volume 1, many feel keep alive should be handled by the application layer, not the transport layer.
Kyle Brandt
- 83,619
- 74
- 305
- 448