|Sun Java(TM) System Directory Proxy Server 5.2 2005Q1 Administration Guide|
Optimal performance of a service based on Directory Proxy Server requires system tuning. For information about how to tune your system, see the following sections:
Setting the Maximum Number of Concurrent Connections
The maximum number of concurrent connections to Directory Proxy Server is set by the file descriptor parameter, rlim_fd_max,in the /etc/system file.
If the rlim_fd_max parameter is not present in the /etc/system file, the maximum number of concurrent connections to Directory Proxy Server is 1024.
The maximum value of the rlim_fd_max parameter is 4096. Increasing the value of the rlim_fd_max parameter above 4096 can affect the stability of the system.
To Set the Maximum Number of Concurrent Connections to Directory Proxy Server
The TCP/IP implementation in a Solaris kernel is by default not correctly tuned for Internet or Intranet services. Tune the following parameters to fit the network topology of your installation environment.
Table 3-1 TCP Tuning Parameters
Specifies the number of milliseconds that a TCP connection is held in the kernel's table after it has been closed.
If the value is above 30000 (30 seconds) and the directory is being used in a LAN, MAN, or under a single network administration, reduce the value of this parameter. To the value of this parameter, add a line like this to the /etc/init.d/inetinit file:
ndd -set /dev/tcp tcp_close_wait_interval 30000
This parameter is for Solaris 8 only.
Control the maximum backlog of connections that the kernel accepts on behalf of the Directory Proxy Server process.
If the directory is to be used by a large number of client hosts simultaneously, raise the value of these parameters to at least 1024. To raise the value of these parameters, add lines like these to the /etc/init.d/inetinit file:
ndd -set /dev/tcp tcp_conn_req_max_q0 1024
ndd -set /dev/tcp tcp_conn_req_max_q 1024
Specifies the interval in seconds between keep alive packets sent by Solaris for each open TCP connection.
Use this parameters to remove connections to clients that have become disconnected from the network.
Alternatively, remove idle connections by using the Specify timeout option on the Directory Proxy Server console configuration screen.
Inspect this value when you are performing server performance tests on a LAN or high-speed MAN or WAN. Do not change the value of this parameters for operations on the wide area Internet.
Controls the number of simultaneous connections that can be made to the server.
If the rlim_fd_max parameter is set to a value above 4096, the value of this parameter should be decreased. To decrease the value of this parameter, add a line like this to the /etc/init.d/inetinit file:
ndd -set /dev/tcp tcp_smallest_anon_port 8192
Inspect this parameter if clients are predominately using the Windows TCP/IP stack.
Controls the time in milliseconds that the Directory Proxy Server waits for an LDAP server to respond when establishing a new connection.
To decrease the value of this parameter, add a line like this to the /etc/init.d/inetinit file:
ndd -set /dev/tcp tcp_ip_abort_cinterval 10000
In some environments, it may also be necessary to change the tcp_ip_abort_interval and tcp_strong_iss tuning parameters.