[LON-CAPA-admin] State table timeout and resource browsing

Guy Albertelli II guy at albertelli.com
Fri Oct 31 15:48:35 EST 2003

Hi Todd,

> Lately, we've been having problems accessing off-campus domains when
> trying to browse resources, etc.  We have also had a recent change in our
> campus networking environment.  A firewall has been put in place.  As of
> right now, the firewall is not supposed to be limiting access at all.
> However, the firewall does keep a state table, and if there are no
> transactions for one hour, the state table times out and silently drops
> the offending connection.

This would be bad.

Currently the daemons hold open a connection to each machine in the

If these connections get destroyed it can take up to 5 minutes when
some makes a query down one of them before lonc will timeout the

> Anyway, my question is this:  does the inter-domain communication scheme
> work in such a way that this 60-minute timeout would have disastrous
> effects?


> If we have to, we can request to be outside the firewall, but I'd
> appreciate some developer insights.

Getting rid of the firewall would be best but until then maybe you
could try to keep the connections active? (There is a do nothing
command in the lonc/d protocal ping and pong. A modified version of
loncontrol could be run every 5-10 minutes by cron and send these
commands down the wire)

guy at albertelli.com  LON-CAPA Developer  0-7-5-3-

More information about the LON-CAPA-admin mailing list