[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Proxy engine problem persists

On 7/26/06, Hugo Monteiro <hugo.monteiro@fct.unl.pt> wrote:
Hello all,

some days ago i've posted an issue about the proxy engine not recovering
from droped connections from a firewall. From a conversation i had with
a technician of the firewall in question (checkpoint), the firewall is
set to "forget" about idle connections with more than 30 minutes of
inactivity. He also told me that the software that connects through the
firewall should in the first place try to use the existing connection
(either dead or alive) and then send a SYN in the case of unsuccess, so
that a new connection can be established.
I do not know the connection retry code in openldap, but i'd like to
know if that's what's being done or if the current code does address
this kind of problem. In my point of veiw, there isn't much use in a
proxy engine if it can't deal with this kind of issue.
For those who didn't read about my earlier post, i'm using the latest
stable version in the proxy server, with back_ldap, back_meta and no
overlays whatsoever.
I've also set the kernel's tcp_keepalive parameters to values so that it
would maintain the connection alive and could do a fast recover in case
of lost connections.
All those efforts have failed. Could someone please point me to some

Thank you in advance.

Hugo Monteiro.

Try to shorten the TCP KEEPALIVE on your server.  Or generate some
bogus traffic every few minutes. (shouldn't you be monitoring anyway?)