grouper-users - Re: [grouper-users] LDAP timeouts after Java upgrade
Subject: Grouper Users - Open Discussion List
List archive
- From: Christopher Bongaarts <>
- To:
- Subject: Re: [grouper-users] LDAP timeouts after Java upgrade
- Date: Thu, 21 May 2020 10:13:14 -0500
- Dkim-filter: OpenDKIM Filter v2.11.0 mta-p8.oit.umn.edu 49SY6719x5z9vq5k
- Dmarc-filter: OpenDMARC Filter v1.3.2 mta-p8.oit.umn.edu 49SY6719x5z9vq5k
- Organization: University of Minnesota
On 5/20/2020 8:50 PM, Baron Fujimoto wrote:
Our F5 admins have provided the folling additional information regarding the configuration of our load balancer fronting the LDAP cluster:
F5 is configured with nPath (aka DSR, Direct Server Return)
Packets paths (where client=CAS, Server=LDAP):
- Client -> F5 -> Server
- Return packet is Server -> Client
- bypasses F5, so F5 doesn't see full 3-way TCP handshake (SYN, SYN-ACK, ACK)
- F5 sees SYN, ACK from client to server, but not SYN-ACK from server to client (sent via DSR)
F5 relies on idle timeout to server's Virtual IP (VIP)
- Timeout value = 51 seconds
The Idle timeout was selected based on recommendations in the following reference:
- https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-12-1-0/4.html
That seems like it might be a workable timeout for HTTP, but not for a persistent LDAP connection; I'd expect it to need to be much higher...
--
%% Christopher A. Bongaarts %% %%
%% OIT - Identity Management %% http://umn.edu/~cab %%
%% University of Minnesota %% +1 (612) 625-1809 %%
- Re: [grouper-users] LDAP timeouts after Java upgrade, Baron Fujimoto, 05/06/2020
- Re: [grouper-users] LDAP timeouts after Java upgrade, Baron Fujimoto, 05/19/2020
- Re: [grouper-users] LDAP timeouts after Java upgrade, Oulman,James F, 05/19/2020
- Re: [grouper-users] LDAP timeouts after Java upgrade, Baron Fujimoto, 05/21/2020
- Re: [grouper-users] LDAP timeouts after Java upgrade, Christopher Bongaarts, 05/21/2020
- Re: [grouper-users] LDAP timeouts after Java upgrade, Baron Fujimoto, 05/21/2020
- Re: [grouper-users] LDAP timeouts after Java upgrade, Oulman,James F, 05/19/2020
- Re: [grouper-users] LDAP timeouts after Java upgrade, Baron Fujimoto, 05/19/2020
Archive powered by MHonArc 2.6.19.