TIBCO Adapter(TM) for LDAP fail to handle requests when accessing LDAP Server through Hardware Load Balancer (CSS)
Article ID: KB0085813
Updated On:
| Products | Versions |
|---|---|
| TIBCO ActiveMatrix BusinessWorks Plug-in for LDAP | - |
| Not Applicable | - |
Description
Resolution:
Description:
==========
When accessing LDAP Server through Hardware Load Balancer (CSS), if there's no any operation during a period of idle time, LDAP Connections would turn into invalid and LDAP Adapter would fail to handle the next coming requests until the reconnection finishes.
Environment:
===========
TIBCO Adapter(TM) for LDAP 5.4.0
All the LDAP Server types supported
Hardware Load Balancer (CSS)
Symptoms:
=========
LDAP Adapter Service will fail to handle requests if there's no any operation during a period of idle time, but the subsequent request would be working fine.
Cause:
======
When using Hardware Load Balancer (CSS) in the middle of LDAP Adapter and LDAP Server, all the connections between LDAP Adapter and LDAP Server are established and managed by CSS. By default, the CSS tend to drop the long-lived idle connections, but in the contrary, it is essential for LDAP Adapter to make sure the connections always available at runtime.
As the connections would be cleaned up by CSS during a period of idle time, LDAP Adapter would definitely try to reconnect to LDAP Server after the first coming request failed by connection issues.
Resolution:
=========
In order to prevent LDAP Connections from cleaning up by Hardware Load Balancer (CSS), it is necessary to make the following configuration at CSS end: -
LDAP Connections are represented as flows in CSS. A flow is the transfer of a sequence of related packets over a TCP or UDP connection between a source (client) and a destination (server) through the CSS.
In some instances it may not be desirable for the CSS to clean up idle TCP flows. For example, during a connection to a database server that must permanently remain active even when no data passes through the connection. If you observe the CSS dropping long-lived idle connections that need to be maintained you can configure the following TCP flow commands:
>> "flow permanent" command - Creates permanent TCP or UDP ports that are not reclaimed.
>> "flow-timeout-multiplier" command - Configures flow inactivity timeout values for TCP and UDP flows on a per content rule and per source group basis.
TIBCO Adapter for LDAP needs to have a permanent active flow map configured. Since the "flow permanent" command is a global setting, the "flow-timeout-multiplier" command is recommended, because this one can be used on a per content rule basis and does not affect anything else. In order to create a permanent flow mapping the "flow-timeout-multiplier" has to be set to zero, which has the same effect as the global command. It is not recommended to use this setting for UDP flows, which is of no concern to us as we use TCP.
To verify the setting change, the following command can be used - "show flow-timeout configured".
References:
==========
Please refer to CISCO CSS Content Load-Balancing Configuration Guide -> Content Load-Balancing Overview for more details on the configuration mentioned in Resolution section.
Description:
==========
When accessing LDAP Server through Hardware Load Balancer (CSS), if there's no any operation during a period of idle time, LDAP Connections would turn into invalid and LDAP Adapter would fail to handle the next coming requests until the reconnection finishes.
Environment:
===========
TIBCO Adapter(TM) for LDAP 5.4.0
All the LDAP Server types supported
Hardware Load Balancer (CSS)
Symptoms:
=========
LDAP Adapter Service will fail to handle requests if there's no any operation during a period of idle time, but the subsequent request would be working fine.
Cause:
======
When using Hardware Load Balancer (CSS) in the middle of LDAP Adapter and LDAP Server, all the connections between LDAP Adapter and LDAP Server are established and managed by CSS. By default, the CSS tend to drop the long-lived idle connections, but in the contrary, it is essential for LDAP Adapter to make sure the connections always available at runtime.
As the connections would be cleaned up by CSS during a period of idle time, LDAP Adapter would definitely try to reconnect to LDAP Server after the first coming request failed by connection issues.
Resolution:
=========
In order to prevent LDAP Connections from cleaning up by Hardware Load Balancer (CSS), it is necessary to make the following configuration at CSS end: -
LDAP Connections are represented as flows in CSS. A flow is the transfer of a sequence of related packets over a TCP or UDP connection between a source (client) and a destination (server) through the CSS.
In some instances it may not be desirable for the CSS to clean up idle TCP flows. For example, during a connection to a database server that must permanently remain active even when no data passes through the connection. If you observe the CSS dropping long-lived idle connections that need to be maintained you can configure the following TCP flow commands:
>> "flow permanent" command - Creates permanent TCP or UDP ports that are not reclaimed.
>> "flow-timeout-multiplier" command - Configures flow inactivity timeout values for TCP and UDP flows on a per content rule and per source group basis.
TIBCO Adapter for LDAP needs to have a permanent active flow map configured. Since the "flow permanent" command is a global setting, the "flow-timeout-multiplier" command is recommended, because this one can be used on a per content rule basis and does not affect anything else. In order to create a permanent flow mapping the "flow-timeout-multiplier" has to be set to zero, which has the same effect as the global command. It is not recommended to use this setting for UDP flows, which is of no concern to us as we use TCP.
To verify the setting change, the following command can be used - "show flow-timeout configured".
References:
==========
Please refer to CISCO CSS Content Load-Balancing Configuration Guide -> Content Load-Balancing Overview for more details on the configuration mentioned in Resolution section.
Issue/Introduction
TIBCO Adapter(TM) for LDAP fail to handle requests when accessing LDAP Server through Hardware Load Balancer (CSS)
Feedback
Yes
No
Powered by
