On Qua, 2006-07-26 at 10:38 -0400, matthew sporleder wrote:
> On 7/26/06, Hugo Monteiro <hugo.monteiro@fct.unl.pt> wrote:
> > Hello all,
> >
> > some days ago i've posted an issue about the proxy engine not recovering
> > from droped connections from a firewall. From a conversation i had with
> > a technician of the firewall in question (checkpoint), the firewall is
> > set to "forget" about idle connections with more than 30 minutes of
> > inactivity. He also told me that the software that connects through the
> > firewall should in the first place try to use the existing connection
> > (either dead or alive) and then send a SYN in the case of unsuccess, so
> > that a new connection can be established.
> > I do not know the connection retry code in openldap, but i'd like to
> > know if that's what's being done or if the current code does address
> > this kind of problem. In my point of veiw, there isn't much use in a
> > proxy engine if it can't deal with this kind of issue.
> > For those who didn't read about my earlier post, i'm using the latest
> > stable version in the proxy server, with back_ldap, back_meta and no
> > overlays whatsoever.
> > I've also set the kernel's tcp_keepalive parameters to values so that it
> > would maintain the connection alive and could do a fast recover in case
> > of lost connections.
> > All those efforts have failed. Could someone please point me to some
> > directions?
> >
> > Thank you in advance.
> >
> > Hugo Monteiro.
> >
>
>
> Try to shorten the TCP KEEPALIVE on your server. Or generate some
> bogus traffic every few minutes. (shouldn't you be monitoring anyway?)
>
I have done that, i have a cronjob that makes a lookup every 10 minutes.
But that's an had-oc solution and should in no way substitute a real fix
in the openldap software, if needed.
Hugo Monteiro.
--