Joe thanks for the reply! Tim Mooney's post was the one I was referring to. In his post here http://archive.linuxvirtualserver.org/html/lvs-users/2007-09/msg00036.html you can see his output and how he has a high number of inactive connections, where as mine is the opposite. I am using TLS, but nothing is going through ldaps://, that is port 636. Read-only is what I'm after here too. Good thinking on the TCPdump. I may give that a shot. Actually I have a virtual http server set up as well using DR, and its working great - shows lots of inactive connections (like it should).
Thanks! On Tue, Aug 26, 2008 at 5:16 PM, Joseph Mack NA3T <[EMAIL PROTECTED]> wrote: > On Tue, 26 Aug 2008, Bryan Aldridge wrote: > >> Hi, >> >> I found some cases of others using LDAP with LVS-DR with >> good results on the list here, and initially I was having >> good results as well. > > I looked back about a year and didn't find anything. Can you > point me to the posting? The only one I know is the > read-only LDAP server by Tim Mooney. > >> Then one day I learned that the connections being made to >> LDAP through LVS were never expiring or timing out. > > have no idea what that's about. You may have to tcpdump a > single connect-disconnect through LVS and then without LVS, > to see what's happening. I assume this same setup works for > another single port service like http? > > It looks like the connection is hung waiting for something > to happen before it can be terminated. Is something else > requiring a connection, identd? ldaps? > >> All connections were "Active Connections" unlike the example in the >> post I saw in the archives. Also, running a >> >> netstat -ao | grep -c "ldap" >> >> on both the realservers shows upwards of a thousand connections! > > this is a new one on me. > >> At this point, the real servers begin dropping all further >> incoming LDAP connections until that number comes down. >> (I simply get a ldap_result: Can't contact LDAP server >> (-1)) > > I got a similar error with failover dhcpd servers once. I > never figured out what was going on. I didn't look with > netstat though. > > Joe > -- > Joseph Mack NA3T EME(B,D), FM05lw North Carolina > jmack (at) wm7d (dot) net - azimuthal equidistant map > generator at http://www.wm7d.net/azproj.shtml > Homepage http://www.austintek.com/ It's GNU/Linux! > > _______________________________________________ > LinuxVirtualServer.org mailing list - [email protected] > Send requests to [EMAIL PROTECTED] > or go to http://lists.graemef.net/mailman/listinfo/lvs-users > _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
