My comments inline.
Using the same servers in the same order in the Failover groups 1 & 3 might not be a right configuration on our side. But using the same servers in different order in Failover groups 1 & 4 may be a okay i think.
Ujwol => Correct. As the idea is to load balance the request among all your available servers, it is best that you ensure the configuration allows that.
Can you please let me know if in any failover group if a server fails to connect, how much time it takes to failover to next server within the same failover group?
Ujwol => The failover is instant if it detects a connection error (LDAP error 81/91)
See below :
[12/11/2014][10:10:03.163][15305][3814390640][ LogMessage:ERROR:[sm-Ldap-02230] Error# '81' during search: 'error: Can't contact LDAP server' Search Query = '(uid=A15)'][10:10:03][SmDsLdapConnMgr.cpp:1180]
[12/11/2014][10:10:03.163][15305][3814390640][ LDAP search of (uid=A15) took 0 seconds and 715 microseconds][10:10:03][SmDsLdapConnMgr.cpp:1191][CSmDsLdapConn::SearchExts]
[12/11/2014][10:10:03.163][15305][3814390640][ Ldap Search failed, ErrorMsg is Can't contact LDAP server][10:10:03][SmDsLdapFunctionImpl.cpp:3119][CSmDsLdapProvider::SearchExts]
[12/11/2014][10:10:03.163][15305][3814390640][ Marked dir connection (seq: 3) CAldap002-1.mysite.com:2001 as Close Pending][10:10:03][SmDsLdapConnMgr.cpp:501][CSmDsLdapConnMgr::AddDeadHandleList]
[12/11/2014][10:10:03.163][15305][3814390640][ Marked dir connection (seq: 1) CAldap002-1.mysite.com:2001 as Close Pending][10:10:03][SmDsLdapConnMgr.cpp:501][CSmDsLdapConnMgr::AddDeadHandleList]
[12/11/2014][10:10:03.163][15305][3814390640][ Marked user connection (seq: 2) CAldap002-1.mysite.com:2001 as Close Pending][10:10:03][SmDsLdapConnMgr.cpp:501][CSmDsLdapConnMgr::AddDeadHandleList]
[12/11/2014][10:10:03.163][15305][3814390640][ LogMessage:INFO:[sm-Server-04380] Failing over to LDAP server 'CAldap001-1.mysite.com:2001' in LDAP server bank #1.][10:10:03][SmDsLdapFunctionImpl.cpp:2133]
[12/11/2014][10:10:03.163][15305][3814390640][ Rebind attempt on 'dir' connection to best LDAP server 'CAldap001-1.mysite.com:2001'][10:10:03][SmDsLdapFunctionImpl.cpp:2175][CSmDsLdapProvider::RebindServer]
If a directory/search thread detects an error with the LDAP connection, it will failover to the next server from the failover group. The ServerCheckerThread ( A thread which monitors LDAP server avaialbility periodically) is woken up early. If the directory instance is still up and working (the handle timed out, etc.), then the ServerCheckerThread will likely mark the directory instance as good again after it checks it, and then failback will occur.
Having said this, how long will it take to establish connection with the failover (new ) server depends on the response times of the LDAP server itself.
Few related KB for your reference :
Tech Tip - CA Single Sign-On: PolicyServer :: LDAPPingTimeout Explained
Tech Tip - CA Single Sign-On: Policy Server :: Policy Server Hung if LDAP User Directory is unresponsive/slowly performing.