[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openldap-technical
Subject:    Re: timeout and network-timeout values of zero for syncrepl in LAN replication
From:       Quanah Gibson-Mount <quanah () fast-mail ! org>
Date:       2024-04-16 20:14:46
Message-ID: 01703519BDFA2359653CBF8F () [192 ! 168 ! 1 ! 33]
[Download RAW message or body]



--On Monday, April 8, 2024 3:08 PM +0900 Christopher Paul 
<chris.paul@rexconsulting.net> wrote:

>
> Hello OpenLDAP-technical list,
>
> I'm curious about community perspectives on a specific LDAP replication
> timeout and network-timeout settings:
>
>
> Setting "timeout=0" or "network-timeout=0" within a syncrepl/olcSyncrepl
> definition for replication settings is not the best practice for LAN
> environments. These parameters, when set to zero, instruct syncrepl to
> wait indefinitely for connections and replication operations to conclude.
>
>
> Within a LAN context, establishing new connections should ideally occur
> in less than a second. Delays beyond a couple of seconds should kick in
> the retry logic. This suggests that a more fitting network-timeout range
> is between 1 to 5 seconds.
>
> Concerning the "timeout" parameter, the ideal range might be between 60
> to 120 seconds, to handle operations exceeding a minute, but again,
> kicking in retry logic if they exceed two minutes. I admit that my stance
> on the "timeout" setting is tentative, given that search operation
> duration hinges more on the provider's responsiveness rather than network
> speed alone.
>
> This approach ensures that LDAP replication remains both responsive and
> resilient, without compromising on efficiency or performance. Thoughts?

It's generally never been an issue in the networks I've been on.  Also with 
refreshAndPersist these settings are only for the initial connection.  If I 
was doing refreshOnly I'd definitely want to tweak them.  I'd make sure and 
set the tcp keepalive settings as well for sync replication, because the 
biggest grief I've had since moving to syncrepl around 2006 is with 
firewalls and other network devices.

There was someone I corresponded with many years ago who was doing syncrepl 
in an unstable network environment (their nodes were distributed across 
Mexico IIRC, and the links were not stable), and managed to get it solid 
when tweaking the parameters you mention.  If they're still active, it'd be 
interesting to hear their feedback.

--Quanah

[prev in list] [next in list] [prev in thread] [next in thread]