[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Proxy engine problem persists

To: matthew sporleder <msporleder@gmail.com>
Subject: Re: Proxy engine problem persists
From: Hugo Monteiro <hugo.monteiro@fct.unl.pt>
Date: Wed, 26 Jul 2006 15:53:01 +0100
Cc: openldap-software@OpenLDAP.org
In-reply-to: <b0459d5c0607260745s7524697bp97afb5497ad2dc7e@mail.gmail.com>
References: <1153908077.8251.18.camel@localhost.localdomain> <b0459d5c0607260738r672944dbg3925765c0cc7059b@mail.gmail.com> <1153925061.8251.49.camel@localhost.localdomain> <b0459d5c0607260745s7524697bp97afb5497ad2dc7e@mail.gmail.com>

On Qua, 2006-07-26 at 10:45 -0400, matthew sporleder wrote:
> On 7/26/06, Hugo Monteiro <hugo.monteiro@fct.unl.pt> wrote:
> > On Qua, 2006-07-26 at 10:38 -0400, matthew sporleder wrote:
> > > On 7/26/06, Hugo Monteiro <hugo.monteiro@fct.unl.pt> wrote:
> > > > Hello all,
> > > >
> > > > some days ago i've posted an issue about the proxy engine not recovering
> > > > from droped connections from a firewall. From a conversation i had with
> > > > a technician of the firewall in question (checkpoint), the firewall is
> > > > set to "forget" about idle connections with more than 30 minutes of
> > > > inactivity. He also told me that the software that connects through the
> > > > firewall should in the first place try to use the existing connection
> > > > (either dead or alive) and then send a SYN in the case of unsuccess, so
> > > > that a new connection can be established.
> > > > I do not know the connection retry code in openldap, but i'd like to
> > > > know if that's what's being done or if the current code does address
> > > > this kind of problem. In my point of veiw, there isn't much use in a
> > > > proxy engine if it can't deal with this kind of issue.
> > > > For those who didn't read about my earlier post, i'm using the latest
> > > > stable version in the proxy server, with back_ldap, back_meta and no
> > > > overlays whatsoever.
> > > > I've also set the kernel's tcp_keepalive parameters to values so that it
> > > > would maintain the connection alive and could do a fast recover in case
> > > > of lost connections.
> > > > All those efforts have failed. Could someone please point me to some
> > > > directions?
> > > >
> > > > Thank you in advance.
> > > >
> > > > Hugo Monteiro.
> > > >
> > >
> > >
> > > Try to shorten the TCP KEEPALIVE on your server.  Or generate some
> > > bogus traffic every few minutes. (shouldn't you be monitoring anyway?)
> > >
> >
> > I have done that, i have a cronjob that makes a lookup every 10 minutes.
> > But that's an had-oc solution and should in no way substitute a real fix
> > in the openldap software, if needed.
> >
> > Hugo Monteiro.
> >
> > --
> 
> Did you choose to ignore the suggestion of tcp keepalive?  It was in CAPS.
> 

Didn't, but if you look at the inicial message closely, you can read:

"I've also set the kernel's tcp_keepalive parameters to values so that
it the connection alive and could do a fast recover in case of lost
connections"

Also i take this chance to repost those settings:

tcp_keepalive_intvl=5
tcp_keepalive_probes=3
tcp_keepalive_time=600

Hope this helps,

Hugo Monteiro.


-- 
ci.fct.unl.pt:~# cat .signature

Hugo Monteiro
Email    : hugo.monteiro@fct.unl.pt
Telefone : +351 212948300 Ext.15307

Centro de Informática
Faculdade de Ciências e Tecnologia da
                   Universidade Nova de Lisboa
Quinta da Torre   2829-516 Caparica   Portugal
Telefone: +351 212948596   Fax: +351 212948548
www.ci.fct.unl.pt             apoio@fct.unl.pt

ci.fct.unl.pt:~# _

References:
- Proxy engine problem persists
  - From: Hugo Monteiro <hugo.monteiro@fct.unl.pt>
- Re: Proxy engine problem persists
  - From: "matthew sporleder" <msporleder@gmail.com>
- Re: Proxy engine problem persists
  - From: Hugo Monteiro <hugo.monteiro@fct.unl.pt>
- Re: Proxy engine problem persists
  - From: "matthew sporleder" <msporleder@gmail.com>

Prev by Date: Re: Proxy engine problem persists
Next by Date: Re: Proxy engine problem persists
Index(es):
- Chronological
- Thread