This note is taking ldap connection for example. We use can the same method for other type of connections
Below example is to show ldap connections are interrupted by firewall. Application side has no idea what happen ,thus spinning on ldap search.
apps% netstat -ap | grep ldap| grep 24512
(Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.)
tcp 0 0 test.us.test.com:24512 bigip-testldap-stage.us.:ldap ESTABLISHED 27714/java
And I worked with LDAP engineer to get the corresponding netstat output on the ldap server:
ldap$ netstat -ap | grep 24512
(Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.)
tcp 0 0 ldap.us.test.com:ldap test.us.test.com:24512 ESTABLISHED 1442/oidldapd
So the connection was established on both sides and thus login to WebLogic Admin had no issue.
After around 30mins. Did the same netstat test and only apps server had showed an output while the connection on the ldap server was already gone/closed.
apps% netstat -ap | grep ldap| grep 24512
(Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.)
tcp 0 0 test.us.test.com::24512 bigip-testldap-stage.us.:ldap ESTABLISHED 27714/java
ldap$ netstat -ap | grep 24512
(Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.)
...nothing
So the connections are interrupted by firewall.
In this case, I got the spinning (Ldap stuck) issue trying to logon to the WebLogic Admin console.
The solution is simple. Add a regular test to make connections alive.
No comments:
Post a Comment