Le 15/10/2018 à 10:05, Lothar Haeger a écrit : > Emmanuel Lécharny wrote: > >> - the clients start a connection, and never close it > > "Smart" firewalls and VPNs often drop connections they consider "idle" without > notifying client nor server. Definitely a case to handle on both sides, since > there's little hope to fix all existing firewalls and all firewall developer's > brains, ever.
If a VPN or a FW drops some connections, those connections will be closed when the TCP timeout will be reached (depending on teh OS configuration). This is often set to 7200s on a linux box, ie 2h. If you conduct a load test where the client does not properly close the connection, you are likely to have quickly thousands of pending NioSession, which will be closed when teh timeout is reached. That also mean you have to be ready for such a scenario, and that means pouring memory on your server... That being said, there is a mechanism that could be used to dectect quickly if a session is not anymore valid: we can check its idling status. There are at least 3 problems with this approach : - Persistent Search and Replication connection shud bypass it - if the idling timeout is set too low, you could perfeclty disconnect session that are supposed to be valid - it's CPU expensive, as we check each session for its idling status every second. If you have thousands of them, then it's quickly becoming really CPU consuming... -- Emmanuel Lecharny Symas.com directory.apache.org
pEpkey.asc
Description: application/pgp-keys
