Hi Jaehwan, Why the nb of established connections (to the server) is a concern ?
The vast majority of the connections are client connections. Replication connections, especially in ring topology, would account for a small fraction of them. The added hosts generates a replication traffic, over the replication connections, and would put some cpu load on the destination server. ATM I do not see how it would impact the capacity of the destination server to accept new connections. The response time of destination server may increase (because of replicated updates), could it impact clients to open new connections ?
By the way what version of 389ds, are you running ? best regards thierry On 1/5/24 04:38, Jaehwan Kim via FreeIPA-users wrote:
Hello. I recently encoutered a poblem that nubmer of concurrent connecitons are decreased in FreeIPA servers. [Architecutre - replication topology] My replication topology which is circular (ring-shaped), consists of 13 FreeIPA servers. These 13 servers are grouped as 3 clusters, of which members are 5, 4, 4 respectively. NLBs(network load balancers) to share request from clients for ipa login, kerberos authenticaion, ldap connections, are assinged to each cluster. Therefore 3 NLBs have 5, 4, 4 FreeIPA servers as their nlb backend pool, repectively. This architecture has been worked successfully for 2 years, but recently I encountered a problem that 867 host_add per hours to one cluster results in "# of concurrent connections decrement" for all clusters. Command to get # of concurrent connections is dsconf -D "cn=Directory Manager" ldap://server.example.com monitor server | grep currentconnections: About 2K connections are observed for each servers, by this command. I also found that if servers which replication info isn't transfered to, this symptom doesn't happen, even though those are in the same replication topology ring. Hence, I guess that "# of concurrent connections decrement" symptom is related to replcation. I tried to tune the parameters like dtablesize = 65535, repl-release-timeout = 120, nnsslapd-threadnumber = authomatic thread tuning, db and entry cache auto-sizing (nsslapd-cache-autosize = 80, with failure. I want to ask help to solve this symptom, if posible. Thank you. JHK -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
-- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
