Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX] Understanding 'client-alive-count-max' and 'client-alive-interval' knobs

0

0

Article ID: KB35717 KB Last Updated: 13 May 2020Version: 1.0
Summary:

This article describes how the two knobs, 'client-alive-count-max' and 'client-alive-interval' function together when used on a Junos device.

Note: The knobs 'client-alive-count-max' and 'client-alive-interval' was introduced in Junos OS release 11.2

Solution:

Hierarchy level: [edit system services ssh]

client-alive-interval​;
client-alive-count-max;

client-alive-interval  - This allows us to configure the number of seconds the server will wait before sending a null packet to the client to keep the connection active.
client-alive-count-max - This allows us to configure maximum number of times the alive message is sent to the client before the session is terminated.

Below is an example detailing what can be achieved when both the knobs are used together:

set system services ssh client-alive-count-max 5
set system services ssh client-alive-interval 60

The ssh session will be terminated after 5*60 = 300 seconds
=================================================================================================

#1 After 60s has elapsed since the last signal from the client, the server sends the 1st message:

Server: Are you alive?
Client: Yes, I am!

#2 After 120s has elapsed since the last signal from the client, the server sends the 2nd message.
#3 After 180s has elapsed since the last signal from the client, the server sends the 3rd message.
#4 After 240s has elapsed since the last signal from the client, the server sends the 4th message.
#5 After 300s has elapsed since the last signal from the client, the server sends the 5th message.

After these attempts, the server shuts down the ssh connection to the particular client that has remained inactive.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search