[Date Prev][Date Next] [Chronological] [Thread] [Top]

back-ldap and CLOSE_WAIT



Hello list,

I have an ldap server acting as proxy, through back-ldap, to another ldap server which holds the data.

These servers are in distinct networks and connections are all routed through a firewall.

Both proxy and backend servers are running openldap version 2.4.17 (from debian testing/sid).

Everything is working fine except that from time to time the proxy server has trouble responding requests. These anomalies happen not very often and for very short periods of time, usually from a couple of seconds to ten seconds. Although things keep working, it's rather annoying for the end user to have its interaction with a system delayed or denied, even if for such short periods.

Both system loads, from the proxy and the backend server, appear to be fine and i have no reason to believe that it's a matter of system resources shortness.

I can observe though a rather large number of connections (usually from 1k to 2k), from the proxy server to the backend server, in CLOSE_WAIT state. Both servers have set an idletimeout value of 30 seconds and i was to expect that the unused connections would seize to exist after that period of time.

Basically i want to know if this number of connections is normal, taking in consideration that most queries and performed anonymously and i'm quite positive that there aren't more than a couple hundred of authenticated binds simultaneously.

What steps can i take to reduce this behavior?

Thank you all in advance,

Hugo Monteiro.

--
fct.unl.pt:~# cat .signature

Hugo Monteiro
Email	 : hugo.monteiro@fct.unl.pt
Telefone : +351 212948300 Ext.15307
Web      : http://hmonteiro.net

Divisão de Informática
Faculdade de Ciências e Tecnologia da
		   Universidade Nova de Lisboa
Quinta da Torre   2829-516 Caparica   Portugal
Telefone: +351 212948596   Fax: +351 212948548
www.fct.unl.pt                apoio@fct.unl.pt

fct.unl.pt:~# _