# puppet-enterprise
- b
bastelfreak
08/16/2022, 8:17 PMwe had idle timeout at 5 minutes and keep alive at 30 minutes. idle timout was increased today to 16 minutes (to be higher than the timeout in the broker). I will check if this changed anything tomorrow morning - b
bastelfreak
08/16/2022, 8:18 PMand we had no sticky connections. that got enabled today as well, based on src ip. but we still saw errors afterwards (but maybe less) - b
bastelfreak
08/16/2022, 8:19 PMlowering keep-alive shouldn't be required since the pxp-agent sends that on it's own - v
vchepkov
08/16/2022, 8:19 PMAre you sure? - v
vchepkov
08/16/2022, 8:19 PMnot in my experience - b
bastelfreak
08/16/2022, 8:19 PMwhich statement do you mean? the pxp-agent own keep alive? - v
vchepkov
08/16/2022, 8:20 PMyes - b
bastelfreak
08/16/2022, 8:22 PMhttps://github.com/puppetlabs/pxp-agent/blob/main/CHANGELOG.md#150The default ping-interval is now 2 minutes.
- b
bastelfreak
08/16/2022, 8:23 PMI want to verify that with tcpdump tomorrow (but that requires approval from security team...) - n
nlew
08/16/2022, 8:24 PMThe agent won’t retry its connection until several (maybe 3?) consecutive pings are missed. So if some network device drops the connection, the agent won’t notice for a while and will just be offline - n
nlew
08/16/2022, 8:25 PMAhhh I just figured out what this is referring to! “Timed out waiting for provisional response”, that means orchestrator sent the request to run a task but never got back a response. - n
nlew
08/16/2022, 8:26 PMAnd that implies the broker thinks the agent is connected (otherwise it would just fail immediately and tell you the agent isn’t connected). That’s still more evidence suggesting the connection is being silently dropped. Each side thinks they’re still connected but they’re not. - b
bastelfreak
08/16/2022, 8:26 PMahh - b
bastelfreak
08/16/2022, 8:26 PMso the pxp-agent receives a job with the correct id and executes it. so it also thinks it's still connected I guess - b
bastelfreak
08/16/2022, 8:27 PMI don't have the logfile by hand at the moment, I think it even logged that it reported a successful status back - n
nlew
08/16/2022, 8:27 PMActually that means the connection isn’t totally dropped, it’s just dropping packets in one direction - n
nlew
08/16/2022, 8:27 PMOr it’s delivering those packets very slowly - n
nlew
08/16/2022, 8:29 PMhttps://support.f5.com/csp/article/K14814 potentially?? That’s out of my area of expertise, and quite an old article/issue - n
nlew
08/16/2022, 8:29 PMhttps://support.f5.com/csp/article/K14814 potentially?? That’s out of my area of expertise, and quite an old article/issue - b
bastelfreak
08/16/2022, 8:30 PMnow if I would know anything about f5, that would help a lot - b
bastelfreak
08/16/2022, 8:30 PMor having at least read only access to the config, that would be a good start - b
bastelfreak
08/16/2022, 8:31 PMmhm I think it's a tcp profile in our case - v
vchepkov
08/16/2022, 8:32 PMright, you need to see what type of load balancing they created - b
bastelfreak
08/16/2022, 8:32 PMif we don't break up tls it's tcp-profile? - v
vchepkov
08/16/2022, 8:33 PMI use Performance (Layer 4), so it's something related to it - v
vchepkov
08/16/2022, 8:33 PMreassembled-fastL4, I think - b
bastelfreak
08/16/2022, 8:36 PMlet me check, I think I've screenshot from the f5 config somewhere - b
bastelfreak
08/16/2022, 8:39 PMyes it's a tcp profile - n
nlew
08/16/2022, 8:39 PMThere are quite a few websocket-related bugs on the F5 website 😐 I wonder whether any of those cause problems, but I don’t have a good way to test it - n
nlew
08/16/2022, 8:40 PMThough it looks like they’re all problems when using an HTTP profile, which isn’t possible with pxp