Discussion:
back-ldap and CLOSE_WAIT
Hugo Monteiro
2010-04-14 13:29:16 UTC
Permalink
Hello list,

I have an ldap server acting as proxy, through back-ldap, to another
ldap server which holds the data.

These servers are in distinct networks and connections are all routed
through a firewall.

Both proxy and backend servers are running openldap version 2.4.17 (from
debian testing/sid).

Everything is working fine except that from time to time the proxy
server has trouble responding requests. These anomalies happen not very
often and for very short periods of time, usually from a couple of
seconds to ten seconds. Although things keep working, it's rather
annoying for the end user to have its interaction with a system delayed
or denied, even if for such short periods.

Both system loads, from the proxy and the backend server, appear to be
fine and i have no reason to believe that it's a matter of system
resources shortness.

I can observe though a rather large number of connections (usually from
1k to 2k), from the proxy server to the backend server, in CLOSE_WAIT
state. Both servers have set an idletimeout value of 30 seconds and i
was to expect that the unused connections would seize to exist after
that period of time.

Basically i want to know if this number of connections is normal, taking
in consideration that most queries and performed anonymously and i'm
quite positive that there aren't more than a couple hundred of
authenticated binds simultaneously.

What steps can i take to reduce this behavior?

Thank you all in advance,

Hugo Monteiro.
--
fct.unl.pt:~# cat .signature

Hugo Monteiro
Email : ***@fct.unl.pt
Telefone : +351 212948300 Ext.15307
Web : http://hmonteiro.net

Divisão de Informática
Faculdade de Ciências e Tecnologia da
Universidade Nova de Lisboa
Quinta da Torre 2829-516 Caparica Portugal
Telefone: +351 212948596 Fax: +351 212948548
www.fct.unl.pt ***@fct.unl.pt

fct.unl.pt:~# _
Loading...