[389-users] Re: Database and OS tuning. (open files)

actually thats 5 minutes for the first probe then 75 seconds on
subsequent failed probes up to 9 failures so it's actually 900 seconds
i usually set it to
time = 120
intv = 30
probes = 4
keep in mind this just gets rid of Zombie connections. if the first
probe after 300 seconds of the connection being idle is successful it
waits another 300 seconds this is network bandwidth equivalent to 1
ping per probe. this bandwidth is very small keep in mind every
instance of Windows 10 on your network uses far more bandwidth to
verify they have internet access.

On Wed, Sep 1, 2021 at 11:05 PM Michael Starling
<mlstarling31@hotmail.com> wrote:
>
>
>
> ________________________________
> From: William Brown <william.brown@suse.com>
> Sent: Wednesday, September 1, 2021 7:20 PM
> To: 389-users@lists.fedoraproject.org <389-users@lists.fedoraproject.org>
> Subject: [389-users] Re: Database and OS tuning. (open files)
>
>
>
> > On 2 Sep 2021, at 00:50, Michael Starling <mlstarling31@hotmail.com> wrote:
> >
> > Thank you, Paul.
> >
> > This is our current setting. Looks like we are at 5 minutes so we should be ok.
> >
> > net.ipv4.tcp_keepalive_intvl = 75
> > net.ipv4.tcp_keepalive_probes = 9
> > net.ipv4.tcp_keepalive_time = 300
>
> There are also a number of IO tuning options for connection life inside LDAP you can tune to help discard and cycle out stale connections quicker.
>
> https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/configuration_command_and_file_reference/core_server_configuration_reference#cnconfig-nsslapd_ioblocktimeout_IO_Block_Time_Out
>
> If we receive a partial message, how long to wait for the remaining components to be recieved.
>
> https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/configuration_command_and_file_reference/core_server_configuration_reference#cnconfig-nsslapd_idletimeout_Default_Idle_Timeout
>
> If a client is idle with no messages being received, how long before we disconnect them.
>
> https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/configuration_command_and_file_reference/core_server_configuration_reference#cnconfig-nsslapd_conntablesize
>
> Maximum number of connections. IIRC this might be automatically set from FD's in the system, but if not you may need to set this to probably 80% of your FD limit frlom the systemd service tunings you have provided.
>
> Hope that helps,
>
> --
> Sincerely,
>
> William Brown
>
> Senior Software Engineer, Identity and Access Management
> SUSE Labs, Australia
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
>
>
> Thanks William.
>
> I've made some changes tonight. Let's see if it helps.
>
> Mike
>
>
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure