On 6/27/2018 3:29 PM, Ghiurea, Isabella wrote:
David to answer your Q ,
the idea is to have the www existing idle connections being
reused, so I think the access analyzer(logconv) advice to increase
the idle timeout ldap may be misleading in this case and we are
debating if we should turn off in and only cfg idle timeout
on www pool side .
I see. Definitely put the log analyzer recommendations through a sanity
filter : if connections are timing out , that doesn't necessarily mean
you should increase the timeout until they don't! It may mean (as it
does in this case) that they should be timed out because they're not
being used and probably won't be used in the near future.
I wouldn't recommend having an infinite connection idle timeout because
this can lead to leaked connections on the server side in situations
where the client never sends a FIN/RST or where some firewall eats the
FIN. TCP keepalive is usually enabled however on the server side, so
that would eventually kick in and kill any connection even with no
timeout configured.