Symantec Access Management

Tech Tip : CA Single Sign-On : Policy Server responses are delayed because of packets lost on Policy Server UDP Ephemeral Port

  • 1.  Tech Tip : CA Single Sign-On : Policy Server responses are delayed because of packets lost on Policy Server UDP Ephemeral Port

    Broadcom Employee
    Posted Apr 06, 2018 10:31 AM

    Issue:

     

    We run a Policy Server, and we see its response time is getting slower after some time. Then the requests that are sent to Policy Server are handled with a delay of between 1 second to 5 or more seconds.

    Why do we see that behavior? How can we improve the performance?

    Environment:

     

    Policy Server R12.52 SP1

     

    Cause:

     

    The Policy Server Reactor checks the status of all threads. If a thread is available, then it gives the thread a request to process.

    Once a thread has finished to process a request, it send a "notify" flag to the Reactor. Receiving this "notify" flag, the Reactor polls again the threads status to list the one available.

    The thread sends that "notify" flag using a UDP packet to an ephemeral UDP port that the Policy Server sets randomly at starting time.

    The issue seen occurs when the thread sends an UDP packet to the Policy Server Reactor, so if the UDP packet is lost, then the Policy Server Reactor does not get the "notify" flag, and it keeps waiting until another packet arrives on that port, before looking again to the availability of the threads.
    The result is that the Reactor is waiting too long to detect the availability of threads, and give further requests.

    We enhanced the Policy Server in a way that only a few requests will have the delays to overcome this issue.

     

    Resolution:

     

    Upgrade Policy Server to R12.52 SP01 CR08:

    Defects Fixed in 12.52 SP1 CR08
    69481 DE140271 The Policy Server responses are delayed when it handles requests with a delay of at least one second.



    Additional Information:


    Policy Server Defects fixed in R12.52 SP1 CR08


    KB : KB000075004