IBM Verify

IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  WebSocket connection ~1000ms timeout

    Posted Wed June 10, 2020 07:32 AM

    ISAM 9.0.7

    We find that WebSocket connections get a timeout somewhere between 500ms - 1000ms, and would like help finding out which config is causing the timeout. We have a solution that runs behind WebSEAL and this solution requires a connection to be open for at least 5 seconds.

     

    We have the following values ​​in config for affected Reverse Proxy instance:

    [WebSocket]

    max-worker-threads = 500

    idle-worker-threads = 50

    # jct-read-inactive-timeout = 120

    clt-read-inactive-timeout = 120

    jct-write-blocked-timeout = 20

    clt-write-blocked-timeout = 20

     

    For the [server] stanza, we first had default values:

    client-connect-timeout = 120

    persistent-con-timeout = 5

    intra-connection-timeout = 60

     

    With these default values, WebSocket connection works as long as the server sends 'KeepAlive' messages to all clients every 500ms. If we send messages every 1000ms then we get timeout eventually, and with messages every 2000ms we get timeout immediately. The conclusion is that there is a kind of socket / timeout setting in WebSeal that strikes around 1000ms, but which we have not so far managed to identify.

     

    We have also tried this setting:

    persistent-con-timeout = 0

    - and then WebSocket connection fails as expected, but then we at least know that the setting is 'picked up'. We have also tried overriding persistent-con-timeout under [junction:/<junction-name>] stanza, without any effect..



    ------------------------------
    Rune Forberg
    ------------------------------


  • 2.  RE: WebSocket connection ~1000ms timeout

    Posted Thu June 11, 2020 10:22 AM
    Hi Rune,

    Is there a specific reason to have the # jct-read-inactive-timeout = 120 commented out?
    Have you tried setting this parameter to an explicit value jct-read-inactive-timeout = 120,  (or at least something higher than the > 5 seconds required by the back-end websocket app?

    Regards,
    Hans

    ------------------------------
    HANS VANDEWEGHE
    ------------------------------

    Original Message


  • 3.  RE: WebSocket connection ~1000ms timeout

    Posted Thu June 11, 2020 04:02 PM
    Hi Hans,

    thanks for pointing this out! I am actually not sure why it had been commented out, but assumed it was for a reason. I checked the documentation and realized that is is actually required and will probably not default to 120s when commented out. 

    I was able to re-create the error locally on my docker isam 9.0.6.0 instance by commenting it out here as well, so I am quite confident it will work out in out test / prod environments as well. 

    Thanks again for your quick response! :)

    Regards,
    Rune

    ------------------------------
    Rune Forberg
    ------------------------------

    Original Message


  • 4.  RE: WebSocket connection ~1000ms timeout

    Posted Fri June 12, 2020 01:38 AM
    Edited by HANS VANDEWEGHE Fri June 12, 2020 02:31 AM
    Hi Rune,

    Glad to hear it works on your local test environment.
    I'll make some inquiries as to whether the default 120s should work, even when the parameter is commented out. 
    I would have expected that to default value would be used, as soon as websockets are enabled - but from what you've tested, it does not look like it does that.

    EDIT:
    Apologies about the confusion, it is indeed documented that this is a required setting. (not optional)

    Usage

    This stanza entry is required.

    https://www.ibm.com/support/knowledgecenter/en/SSPREK_9.0.7/com.ibm.isam.doc/wrp_stza_ref/reference/ref_jct_read_inactive_timeout.html

    Regards,
    Hans


    ------------------------------
    HANS VANDEWEGHE
    ------------------------------

    Original Message