The parameters "idle-timeout" and "hello-timeout" are used to configure netconfd-pro server timeout values.

  • idle-timeout: number of seconds the management session can be idle since the last RPC operation (or session start if there has not been any RPC operations), or the session will be dropped
  • hello-timeoutnumber of seconds the server will wait for a <hello> message from the client before dropping the session

Also, a session will never be considered idle while a notification subscription is active.

It is strongly suggested that this parameter not be disabled, since a denial-of-service attack

will be possible if sessions are allowed to remain in the 'idle wait' state forever.

A finite number of SSH and NETCONF sessions are supported, so if an attacker simply

opened lots of SSH connections to the netconf subsystem, the server would quickly run out of available sessions.

This parameter will affect a <confirmed-commit> operation!

Make sure this timeout interval is larger than the value of the <confirm-timeout> parameter used in the confirmed commit procedure.

Otherwise, it is possible that the session will be terminated before the confirm-timeout interval has expired, effectively replacing that timer with this one.