Azure VM TCP idle timeout

Question

_{Friday, November 13, 2015 11:55 AM}

I have a problem with setting up a FTP Server on a Azure VM. In normal using the server runs great. Problem are coming with large file transfer over passive FTP connection.

Setup

FTP-Server software is a FileZilla Server. Azure VM endpoint, Windows Firewall and Filezilla are configurated to use port 10000-10009 for passive connections. The client is a 3rd party device.

Problem

On large file transfers with a duration over 4min the connection gets an idle timeout.

I found a Microsoft blog entry where is written:

"When FTP is transferring large files, the elapsed time for transfer may exceed 4 minutes, especially if the VM size is A0. Any time the file transfer exceeds 4 minutes, the Azure SLB will time out the idle TCP/21 connection, which causes issues with cleanly finishing up the FTP transfer once all the data has been transferred. [..] Basically, FTP uses TCP/21 to set everything up and begin the transfer of data. The transfer of data happens on another port. The TCP/21 connection goes idle for the duration of the transfer on the other port. When the transfer is complete, FTP tries to send data on the TCP/21 connection to finish up the transfer, but the SLB sends a TCP reset instead."

Now... for my 3rd party client is it not possible to set it up to send a TCP keepalive command to avoid idle timeout.

Question

How can I tell the Azure VM to not close idel TCP connection after 4min?

I even don't understand why this is happens because this violates the TCP specifications (RFC 5382 makes this especially clear its 2h 4m in normal). In other words, Azure that is dropping idle connections too early cannot be used for long FTP transfers.

Please help!

Regards

Steffen

All replies (3)

_{Friday, November 13, 2015 6:01 PM ✅Answered | 1 vote}

Hi,

Thanks for posting here.

I suggest you to refer the below article for Idle timeout suggestions.

https://azure.microsoft.com/en-us/blog/new-configurable-idle-timeout-for-azure-load-balancer/

http://www.iis.net/configreference/system.applicationhost/sites/sitedefaults/ftpserver/connections

hope this helps.

Girish Prajwal

_{Saturday, May 20, 2017 9:07 AM}

TCP settings for Azure VMs

Azure VMs communicate with the public Internet by using NAT (Network Address Translation). NAT devices assign a public IP address and port to an Azure VM, allowing that VM to establish a socket for communication with other devices. If packets stop flowing through that socket after a specific time, the NAT device kills the mapping, and the socket is free to be used by other VMs.

This is a common NAT behavior, which can cause communication issues on TCP based applications that expect a socket to be maintained beyond a time-out period. There are two idle timeout settings to consider, for sessions in a established connection state:

• inbound through the Azure load balancer. This timeout defaults to 4 minutes, and can be adjusted up to 30 minutes.
• outbound using SNAT (Source NAT). This timeout is set to 4 minutes, and cannot be adjusted.

To ensure connections are not lost beyond the timeout limit, you should make sure either your application keeps the session alive, or you can configure the underlying operating system to do so. The settings to be used are different for Linux and Windows systems, as shown below.

For Linux, you should change the kernel variables below. net.ipv4.tcp_keepalive_time = 120 net.ipv4.tcp_keepalive_intvl = 30 net.ipv4.tcp_keepalive_probes = 8

For Windows, you should change the registry values below. KeepAliveInterval = 30 KeepAliveTime = 120 TcpMaxDataRetransmissions = 8

The settings above ensure a keep alive packet is sent after 2 minutes (120 seconds) of idle time, and then sent every 30 seconds. And if 8 of those packets fail, the session is dropped.

Source: https://github.com/Microsoft/azure-docs/blob/master/includes/guidance-tcp-session-timeout-include.md

_{Friday, January 11, 2019 10:33 PM}

Where are these registry values for Windows?