|
|
|
|
|
|
by dspillett
1988 days ago
|
|
|
The app-level keep alive will work for a while, probably a long while, but could still fail if there are enough connections using the method and the CGNAT routed has too few source addresses to map thing to. If the router needs to find some ports to use for new connections, and there are no apparently idle connections to throw out, it has few choices: 1. Just stop making new connections until some ports are freed. That'll make people happy... 2. Kill the connections that have least recently seen activity even if they have sent/received packets within the usual timeout. 3. Kill the longest running connections that aren't from a whitelist of target ports like 80 & 443 (P2P and VPN systems will just reconnect, the user will hopefully see no more than a short blip SSH will not fair so well). |
|
|