Directory Proxy Server continuously monitors data sources to determine whether they are alive and to detect failed connections. This section describes how Directory Proxy Server monitors data sources, and what action is taken when data sources fail.
Directory Proxy Server performs the following tests to monitor the health of a data source:
Listens for errors on the traffic between Directory Proxy Server and the data source
Periodically establishes a dedicated connection to the data source if there is no traffic from that data source for a specified time interval
Periodically pings each existing connection to each data source to prevent that connection from being closed and to detect closed connections
These tests are described in the following sections.
When this type of monitoring is configured, Directory Proxy Server listens for errors on the traffic between itself and the data source. If Directory Proxy Server detects that a client operation fails, the proxy tests the data source related to the failure.
This type of monitoring is called reactive monitoring because Directory Proxy Server reacts to an error, but otherwise performs no active testing of the data sources.
Directory Proxy Server can be configured to perform this type of reactive monitoring only, without performing the monitoring described in Monitoring Data Sources by Periodically Establishing Dedicated Connections and Monitoring Data Sources by Testing Established Connections. When only reactive monitoring is configured, the monitoring less complete but does not cause additional traffic.
When this type of monitoring is configured, Directory Proxy Server establishes a dedicated connection to a data source when no requests made to the data source or responses given by the data source for a specified time period. By periodically establishing a dedicated connection to a data source, Directory Proxy Server monitors whether the data source is working.
This type of monitoring is more complete than Monitoring a Data Source by Listening for Errors because Directory Proxy Server does not wait to detect a failure before it tests the data source. However, this type of monitoring is less complete than Monitoring Data Sources by Testing Established Connections, because the proxy does not test whether the existing connections to a data source are working.
This type of monitoring can be used in addition to Monitoring Data Sources by Testing Established Connections.
When this type of monitoring is configured, Directory Proxy Server tests each connection to each data source at regular intervals. In this way, the proxy prevents connections from being dropped because of inactivity, and detects closed connections.
This type of monitoring can be used in addition to Monitoring Data Sources by Periodically Establishing Dedicated Connections.
Directory Proxy Server can be configured to test connections in the following scenarios:
Pooled connections that are not used for a period of time
Connections for persistent searches that are not active for a period of time
Connections between a client and Directory Proxy Server operating in tunneling mode
Testing established connections consumes system resources, but it provides good security for connections. If you are using the Active Directory product, you must use this method of monitoring because the Active Directory product closes inactive connections.
To test an established connection, Directory Proxy Server issues a search request with the following parameters:
Search base DN
Connection time out
Search time out
If a connection is found to be down, Directory Proxy Server polls the connection at a specified interval to detect its recovery. You can configure this interval by setting the down-monitoring-interval property. For more information, see To Monitor a Data Source by Testing Established Connections in Sun Directory Server Enterprise Edition 7.0 Administration Guide.
Directory Proxy Server monitors data sources by using a search filter. Data sources that return a result that satisfies the filter are considered to be working.
When Directory Proxy Server detects an error on a connection, the proxy closes the connection and tries to reestablish the connection immediately. If the proxy can reestablish the connection, it considers the data source to be up and running. If the proxy cannot reestablish the connection, it flags the data source as unavailable. Directory Proxy Server stops distributing requests to the data source and closes all other connections to the data source.
If a request fails because of a failed connection or a failed data source, Directory Proxy Server replays the request over another connection to the same data source or replays the request to another data source. If the request is replayed to another data source, the load balancing algorithm determines which data source is used.
If there are no data sources to which Directory Proxy Server can replay the request, the proxy returns an error to the client.
Replaying the request enables the failure to be transparent to the client. Requests are replayed for the following operations:
Requests are not replayed for write operations because Directory Proxy Server cannot be sure whether the operation was performed before the connection failure occurred.
When a data source recovers after a being unavailable, Directory Proxy Server returns the data source to the list of candidate data sources. The work that was being carried out by the other candidate data sources is redistributed to include this data source, according to the load balancing algorithm.
When the failed data source recovers, Directory Proxy Server recommences monitoring the traffic between the data sources and their clients.