FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 09-22-2010, 08:57 AM
Jim Tyrrell
 
Default Connections not closing

Hi,

I have an issue with our Fedora Consumers running 1.2.0 on Fedora 10 in
that they don't seem to be closing old connections and so the open
connections are building up until performance is impacted and eventually
we run out of file handles.

Looking at one consumer netstat is showing 711 Established connections
to port 389 from a Radius server, and the console is also reporting over
700 "Open Connections". Yet on the Radius server I see 3 Established
connections which is what I would expect. It seems each time the Radius
server restarts (which it does often to pickup config changes) then the
old connections timeout on the Radius server but remain Established on
the Fedora side. We do see the same behaviour from other services such
as mail and web servers but Radius is the worst due to it restarting
regularly.

On the console I have currently configured an Idle Timeout of 300
seconds and added timeout config to the Fedora OS:

tcp_keepalive_time = 600
tcp_keepalive_intvl = 75
tcp_keepalive_probes = 9

Why are these connections not timing out after the Idle time? At the
moment I am having to regularly restart the directory service in order
to clear the connections down.

Thanks.

Jim.
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 09-22-2010, 09:00 AM
Gerrard Geldenhuis
 
Default Connections not closing

> I have an issue with our Fedora Consumers running 1.2.0 on Fedora 10 in
> that they don't seem to be closing old connections and so the open
> connections are building up until performance is impacted and
> eventually
> we run out of file handles.
>
... cut
>
> tcp_keepalive_time = 600
> tcp_keepalive_intvl = 75
> tcp_keepalive_probes = 9
>
> Why are these connections not timing out after the Idle time? At the
> moment I am having to regularly restart the directory service in order
> to clear the connections down.
>

Hi Jim,
I have not yet run into such issues ... which is not to say I won't. Our tcp_keepalive_time is set to 300, whether that will make a difference is difficult to say but worth a try I would say.

Best Regards

__________________________________________________ ______________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.

__________________________________________________ ______________________
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 09-22-2010, 01:50 PM
Andrey Ivanov
 
Default Connections not closing

Hi,

you may have a (software/hadrware) firewall or switch/load balancer issue between ldap server and other servers. Some firewalls and switches don't let the RSET packets pass correctly. I've seen such a thing once between a database server and the web server. It was a hardware firewall (and switch) problem.


If it's not a frewall/switch problem you should also reduce nsslapd-idletimeout of cn=config

A part of our sysctl.conf file on 389 server is very similar to yours, so the problem is not in the kernel config:


# The total session drop time will be (net.ipv4.tcp_keepalive_time + net.ipv4.tcp_keepalive_probes*net.ipv4.tcp_keepali ve_intvl)
# Time of session inactivity when the kernel will start to send probe packets
net.ipv4.tcp_keepalive_time = 1200


# How long the kernel waits in between probes
net.ipv4.tcp_keepalive_intvl = 30

We have three 389DS v1.2.6 on x86_64 servers, each one having ~100 parallel sessions, ~50000 connections and more than million searches per day,* and absolutely no problem with lingering tcp connecs. Among the services using the LDAP we have also FreeRadius...




2010/9/22 Jim Tyrrell <jim@scusting.com>






On the console I have currently configured an Idle Timeout of 300

seconds and added timeout config to the Fedora OS:



tcp_keepalive_time = 600

tcp_keepalive_intvl = 75

tcp_keepalive_probes = 9



Why are these connections not timing out after the Idle time? * At the

moment I am having to regularly restart the directory service in order

to clear the connections down.



Thanks.



Jim.

--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 11:06 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org