Linux Access Gateway web server failover taking too long

  • 7000731
  • 23-Jun-2008
  • 26-Apr-2012


Novell Access Manager 3 Linux Access Gateway
Novell Access Manager 3 Support Pack 3 applied


Linux based Access Gateway (LAG) configured to accelerate internal web servers. 
One of the proxies protects a web server cluster which has two ip addresses configured. Both
ip addresses are added as the web server ip addresses. The setup is such that the
'Policy for Multiple Destination IP Addresses' is set to simple failover.

When one of the two addresses because unaccessible, and the switchover to the second IP address
takes place, it does so after approximately 175 seconds. There are a few timeout options available
in the Access Gateway configuration but none of these make any difference to the timeout settings e.g.
Retransmit Limit or Connection Handshake Timeout.


Change the /proc/sys/net/ipv4/tcp_syn_retries to 3. This changed the time to wait to about 3 seconds.

Additional Information

This setting is only in effect until the Access Gateway is restarted. To make permanent, edit the /etc/sysctl.conf file and add the following line to it:

net.ipv4.tcp_syn_retries = 3

Safe the file, reboot the LAG and then verify the setting stayed.