IOS: Setting the TCP Timeout on IOS
August 14, 2008 by Greg Ferro · 1 Comment
IOS Manual
To set a period of time the Cisco IOS software waits while attempting to establish a TCP connection before it times out, use the ip tcp synwait-time command in global configuration mode. To restore the default time, use the no form of this command.
ip tcp synwait-time seconds
no ip tcp synwait-time seconds
So this is global timer that affects every TCP session that the control plane on your router creates. Now that could have some far reaching impacts on a live networks.
Negative Impacts
Now that we know what the command does, what are the possible negative impacts of this command ? The default TCP timeout is thirty seconds and shortening this to five seconds could impact any TCP connection. Consider routing protocols such as BGP, Multicast routing and so on. For example, allowing only five seconds for a three way handshake on a BGP connection just might be a problem in certain SP networks.
In slow networks such as satellite, low speed async or even frame relay, for five seconds to be too short under certain conditions. You should identify this and change the timer to perhaps ten or fifteen seconds. But for most networks today, if you can’t get a three way handshake in five seconds then its not going to work.
Consider an BGP neighbour connection that uses TCP, if the connection cannot be established within the configured interval, the connection will be terminated. Its just possible that a heavily loaded BGP peer, using authentication might need more than five seconds so you should keep this in mind.
Why you want this configured ?
By default, when you telnet to another device that doesn’t respond, it takes thirty seconds for the connection to timeout. All that time you are sitting waiting for something to happen, or send the break sequence (ctrl-shift-6, x) to get it to end.
By setting the interval to five seconds, you save yourself mindlessly looking at the IOS console thus improving your sanity.
- Serial Console on OSX
- IOS: Reverse SSH console access — Part 2
- IOS: enable and .… disable ?
- IOS: Setting the TCP timeout on IOS
- IOS:CLI Tip — terminal full help
- OS X:Terminal break for Serial Console on OS X
- Changing the break character in Cisco IOS
- IOS CLI: show run linenum
- IOS: Setting Terminal Window Length
- IOS: Clearing an interface configuration
- IOS: Console, Terminal, Monitor, VTY — what is what ?
- IOS: “terminal monitor” on, off — logging to your terminal
- The poor man’s IOS Traffic Generator
- Setting the Defaults for PUTTY
- Putty — Recommended Default Settings for a Network Engineer
- Putty, the Command Line and NO clicky clicky
- Review: goSerial — Console Break for Network Devices on OSX
Please rate this post:
Why Rate Posts?
(No Ratings Yet)
Loading ...Probably Related Posts on the Same Topic
- Serial Console on OSX
- IOS: Reverse SSH console access — Part 2
- IOS: enable and .… disable ?
- IOS: Setting the TCP timeout on IOS
- IOS:CLI Tip — terminal full help
- OS X:Terminal break for Serial Console on OS X
- Changing the break character in Cisco IOS
- IOS CLI: show run linenum
- IOS: Setting Terminal Window Length
- IOS: Clearing an interface configuration
- IOS: Console, Terminal, Monitor, VTY — what is what ?
- IOS: “terminal monitor” on, off — logging to your terminal
- The poor man’s IOS Traffic Generator
- Setting the Defaults for PUTTY
- Putty — Recommended Default Settings for a Network Engineer
- Putty, the Command Line and NO clicky clicky
- Review: goSerial — Console Break for Network Devices on OSX
- Serial Console on OSX
- IOS: Reverse SSH console access — Part 2
- IOS: enable and .… disable ?
- IOS: Setting the TCP timeout on IOS
- IOS:CLI Tip — terminal full help
- OS X:Terminal break for Serial Console on OS X
- Changing the break character in Cisco IOS
- IOS CLI: show run linenum
- IOS: Setting Terminal Window Length
- IOS: Clearing an interface configuration
- IOS: Console, Terminal, Monitor, VTY — what is what ?
- IOS: “terminal monitor” on, off — logging to your terminal
- The poor man’s IOS Traffic Generator
- Setting the Defaults for PUTTY
- Putty — Recommended Default Settings for a Network Engineer
- Putty, the Command Line and NO clicky clicky
- Review: goSerial — Console Break for Network Devices on OSX
Changing the Break Character in Cisco IOS
Does pressing “Ctrl-Shift-6 & x” bother you ? It bugs the hell the out of me.
Read the full articleConfiguring Windows 2003 / XP SP2 to Use IOS NTP Server
In certain networks, it is difficult to get the time on your servers to be exactly the same as the NTP time on your network equipment. In this case, you want to force the Windows servers to use the same NTP Network time source as your routers and switches. But Microsoft Windows doesn’t understand NTP by default, it has its own ‘way’ of setting up NTP so you need a little tweak to make it compatible.
…
Using the Wrong Date Formatting and the Global Problem — ISO8601
When working in a global company, a major problem is the way that some countries use the wrong date formatting. Say hello to ISO8601, standard for date formats. …
IOS: Console, Terminal, Monitor, VTY — What Is What ?
Sometimes when I talking with other engineers about connecting a console or terminal to a router, they don’t use the right terms. So, here is an article that covers the conventions for the terms console, monitor and terminal.
Read the full article
Hello Greg,
In addition to the negative impacts you said. I’ll add the specific bug case where the feature of CRL checking until 12.4(20)T is affected by the synwait timer.
Indeed, if the server hosting the CRL is temporarily down then you have to wait the synwait time before the IPSEC certificate check continue his work.
See you
Francois