we currently have the problem with a customer who kills all outbound open TCP connections that are dangling without TCP replies for 90s. This apparently kills the connection between the customers Ziti Edge Tunnel and the Ziti Router/Controller.
Is there a way for services to specify some sort of ping to the routers every 30 seconds or so, so that the connections aren’t killed?
What is defined as a TCP reply? I see from my locally running tunneler that there are TCP keep-alive packets that send every 10s and I see application data that has an accompanied ACK every 60 seconds as it is.
Is there some specific type of tcp reply you're looking for?
You mentioned that it kills them after 90s but both of these things happen much earlier than 90s?
Have you tried a bash for loop and curl'ing / requesting actual data to some tunneled service and ensured that it prevents the connection from being dropped?
Ziti Edge Tunnel pings Edge routers every 60 seconds (via latency probes) -- it looks like application data in TLS stream. If those connections are killed there might be something else going on