Novell Home

LDAP and HTTP load balancing and failover for iChain

Novell Cool Solutions: Tip

Digg This - Slashdot This

Posted: 20 May 2002
 

Version: iChain 2.0, 2.1

For full details and updates regarding this tip, see TID-10069756.

LDAP load balancing: Note that the FAQ below specifically handles AUTHENTICATION LDAP requests. ACLCheck and Form Fill are very similar however.

  1. Does iChain simply rotate through the LDAP server list in a round robin fashion when sending LDAP requests?
  2. Yes.

    For attribute authentication however (e.g. email=abcd@novell.com) it will round robin to a server. On that same server it will all of the search bases for a matching user and then try to bind to that user.

    For DN authentication it will round robin to each server for each CONTEXT (e.g. ou=context1).

  3. If one LDAP server stops responding, does iChain take it out of the rotation? If so, how long does iChain wait before it decides the server is down?
  4. If a server is already marked as down failover goes to the next available server. 2.0 FP3+ any LDAP server error will take the server out of the rotation immediately and tries with the next available server. The exception is if all of the servers are down on server will stay up and keep trying. Health check is every 15 minutes until the server will be brought back again into the list.

    2.1 - any LDAP server error will take the server out of the rotation immediately and tries with the next available server. The downed servers are checked every 15 SECONDS (not minutes) to see if they are up. If all servers are up the health check is done every 2 minutes so that an idle iChain box will have a better chance of knowing if the servers are down.

  5. How often will it try to re-establish communication with the problem server?
  6. There's a health check thread that runs periodically that checks the state of the LDAP servers and tries to reconnect if the server state is set to DOWN. The periodic check is performed every 15 minutes for both iChain 2.0 and iChain 2.1.

  7. Does LDAP load balancing/failover for ACLCHECK and OLAC behave the same way assuming at least two LDAP servers are specified in the access control settings?
  8. They are very similar but OLAC does not have a health check process. If the LDAP call returns a server error it fails over to the next server.

HTTP Load balancing and failover:

Assuming a web server accelerator is configured with at least two web server addresses...
This code has a list of connections to the web servers. If the connection is down for some reason it fails over.

  1. Does iChain rotate through the web server list in a round robin fashion to fill requests?
  2. Yes. There's a simple list of accelerator addresses and port numbers that get rotated everytime a connection is made. This list can be viewed through the proxy console (if you look closely, you'll see that the web server list jumps on a regular basis with the top one being the one that we are talking too). When a Web server that we are load balancing with goes down, it's flags as down and removed from the list.

  3. If one web server stops responding, will iChain take it out of the rotation? If so, how long does iChain wait before it decides the server is down?
  4. Yes it is out of the rotation because the connection is down. The server gets taken out of the list based on 2 factors - the remove Web server reset the TCP connection (service no longer available), or our request to open the connection simply times out through a lack of response. In the second case, it looks like we'll retransmit 4 times before timing out the session and flagging the Web server as down. There's a configurable connection establishment timeout parameter in the GUI that allows you to specify a max timeout too.

  5. How often does it check to see if its back up?
  6. When the Web server is flagged as down, we have a background process that checks every 60 secs to see if the Web server is available again or not.

  7. Does the "load balance at session level" parameter affect the round robin or failover behavior?
  8. If all of the servers are up it should not change a bit. If this flag is enabled, the appliance will use the same Web server for all fills during that particular session. Load balancing will still take place as described above but not for every packet. Basically, round robin or failover will behave very similarly to before.

For full details and updates regarding this tip, see TID-10069756.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell