Novell Home

My Favorites

Close

Please to see your favorites.

LDAP and HTTP load balancing and failover FAQ for iChain

(Last modified: 10Jun2003)

This document (10069756) is provided subject to the disclaimer at the end of this document.

goal

LDAP and HTTP load balancing and failover FAQ for iChain

fact

iChain 2.x

LDAP load balancing: Note that the FAQ below specifically handles AUTHENTICATION LDAP requests. ACLCheck and Form Fill are very similar however.

1. Does iChain simply rotate through the LDAP server list in a round robin fashion when sending LDAP requests?

Yes.

For attribute authentication however (e.g. email=abcd@novell.com) it will round robin to a server.  On that same server it will all of the search bases for a matching user and then try to bind to that user.  

For DN authentication it will round robin to each server for each CONTEXT (e.g. ou=context1).  


2. If one LDAP server stops responding, does iChain take it out of the rotation? If so, how long does iChain wait before it decides the server is down?

If a server is already marked as down failover goes to the next available server.  
2.0 FP3+ any LDAP server error will take the server out of the rotation immediately and tries with the next available server.  The exception is if all of the servers are down on  server will stay up and keep trying.  Health check is every 15 minutes until the server will be brought back again into the list.  

2.1 - any LDAP server error will take the server out of the rotation immediately and tries with the next available server.  The downed servers are checked every 15 SECONDS (not minutes) to see if they are up.  If all servers are up the health check is done every 2 minutes (every 5 minutes in iChain 2.2) so that an idle iChain box will have a better chance of knowing if the servers are down.


3. How often will it try to re-establish communication with the problem server?

There's a health check thread that runs periodically  that checks the state of the LDAP servers and tries to reconnect if the server state is set to DOWN. The periodic check is performed every 15 minutes for both iChain 2.0 and iChain 2.1.


4. Does LDAP load balancing/failover for ACLCHECK and OLAC behave the same way assuming at least two LDAP servers are specified in the access control settings?

They are very similar but OLAC does not have a health check process.  If the LDAP call returns a server error it fails over to the next server.


HTTP Load balancing and failover:

Assuming a web server accelerator is configured with at least two web server addresses...
This code has a list of connections to the web servers.  If the connection is down for some reason it fails over.  

1. Does iChain rotate through the web server list in a round robin fashion to
fill requests?

Yes . There's a simple list of accelerator addresses and port numbers that get rotated every time a connection is made. This list can be viewed through the proxy console (if you look closely, you'll see that the web server list jumps on a regular basis with the top one being the one that we are talking too). When a Web server that we are load balancing with goes down, it's flags as down and removed from the list.

2. If one web server stops responding, will iChain take it out of the rotation? If so, how long does iChain wait before it decides the server is down?

Yes it is out of the rotation because the connection is down.  The server gets taken out of the list based on 2 factors - the remove Web server reset the TCP connection (service no longer available), or our request to open the connection simply times out through a lack of response. In the second case, it looks like we'll retransmit 4 times before timing out the session and flagging the Web server as down.
There's a configurable connection establishment timeout parameter in the GUI that allows you to specify a max timeout too.

3. How often does it check to see if its back up?

When the Web server is flagged as down, we have a background process that checks every 60 secs to see if the Web server is available again or not.

4. Does the "load balance at session level" parameter affect the round robin  or failover behavior?

If all of the servers are up it should not change a bit.  If this flag is enabled, the appliance will use the same Web server for all fills during that particular session. Load balancing will still take place as described above but not for every packet. Basically, round robin or failover will behave very similarly to before.
.

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

  • Document ID:
  • 10069756
  • Solution ID: NOVL75793
  • Creation Date: 03Apr2002
  • Modified Date: 10Jun2003
    • NovellBeta

      Connectivity Products

      NetWare

Did this document solve your problem? Provide Feedback