Symantec Access Management

  • 1.  Recommended Value for http socket timeout

    Posted Mar 01, 2017 08:50 AM

    Hi Guys,

     

    Need quick help.

     

    Currently http_socket_timeout=3 min in CA Access Gateway(Apache). We are facing one timeout issue, checked that some request is taking around 7-8 minutes to process, so we raised this timeout to 10 minutes.

    Please suggest what should be the recommended value for http_socket_timeout?

     

    I think, if we increase it 10 min, it will impact the server performance.

     

     

    Regards,

    Rikash



  • 2.  Re: Recommended Value for http socket timeout
    Best Answer

    Posted Mar 03, 2017 04:57 PM

    Given that on Policy server the default idle timeout for socket is 10min, I think 10 min is good vlaue for it.



  • 3.  Re: Recommended Value for http socket timeout

    Posted Mar 08, 2017 04:24 AM

    thanks Ujwol.



  • 4.  Re: Recommended Value for http socket timeout

    Posted Mar 27, 2017 10:44 AM

    Hi Rikash-CG, Ujwol

     

    We are also facing similar issue in one application where reports get timeout due to 3 min timeout value.

     

    I have two question which of the following parameter value  in server.conf file I should increase to resolve it. and what would be impact on server performance after this change ?

     

    http_socket_timeout

    http_connection_timeout

     

    Please help me to figure out best solution on this.

     

    Regards

    Prashant



  • 5.  Re: Recommended Value for http socket timeout

    Posted Mar 27, 2017 11:01 AM

    Hi Prasant,

    The parameter is http_socket_timeout. I have increased it to 10 minutes, i have not faced any issue so far.

    Performance impact will depend on your environment size. If you increase socket timeout to 10 minutes, connection will be longer period so sufficient connection should be configured,

    you can check the total no. of connections in server.conf and also check current usage of connections executing netstat -an| findstr "ESTABLISHED", it will help you to tune the total no of connection.

     

    Regards,

    Rikash

     

     



  • 6.  Re: Recommended Value for http socket timeout

    Broadcom Employee
    Posted Mar 27, 2017 08:39 PM

    Hi Prasant

     

    The http_socket_timeout is generally the one you want to change. 

     

    The settings are descrtibed here : 

    Configure the Proxy Service Settings Manually - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation 

     

    but a bit more : 

     

     

    ParameterDiscussion
    http_socket_timeout

    It depends on how long it takes your backend server to start responding, normally requests are quite quick, but if you have slow requests then they will need to extend that setting.  

     

    It is important to note that it is not the entire time needed to return the resulting page, but only the time until the page is started to be returned.   For example if a request returnes a large video it will usually start streaming data quite quickly, even if it takes some time to complete. 

     

    The real problem are long database queries, where maybe it may take several min to complete the query before the backend returns any data.

    http_connection_timeout

    This one is simpler and tends to cause less trouble mostly set  to zero as per the manual: 

    Defines the time, in milliseconds, spent on host name translation and establishing the connection with the backend server when creating sockets.

     

     

    The problem with long http_socket_timeout values is that you need some appreciation of what happens when the system is under load, or when the backend server goes down.  

     

    If the backend server goes down then ALL your reqeusts can take the 10min time, (and then times three as it retries), and that can hold up your worker pool threads in both proxy-engine and httpd. 

     

    Here was a setup that would allow you to avoid that: 

    TechTip - Configure Agent Gateway/SPS to avoid one bad back-end taking down all AG/SPS traffic. 

     

    Cheers - Mark

    ----
    Mark O'Donohue
    Snr Principal Support Engineer - Global Customer Success