Forum Discussion

hc_andy_35682's avatar
hc_andy_35682
Icon for Nimbostratus rankNimbostratus
Oct 27, 2011

Load balancing on ldapbind port 3060

Hi There,

Is there some special way we need to set up the F5 LTM to load balance oracle ladpbind requests on port 3060?

 

I've set up a basic VIP (ldapbind.vip) to listen on TCP port 3060 and load balance across two nodes (host953 & host954) using cookie persistence.

 

These nodes in turn need to perform a ldapbind back via the VIP.

 

Below I can successfully bind to the nodes from the nodes themselves, but it fails when I try to bind via the VIP. Is there something I'm doing wrong???

 

-------------

 

[oraidm@host954] $ ldapbind -h host953 -p 3060 -D "cn=orcladmin"

 

bind successful

 

[oraidm@host954] $ ldapbind -h host954 -p 3060 -D "cn=orcladmin"

 

bind successful

 

[oraidm@host954] $ ldapbind -h ldapbind.vip -p 3060 -D "cn=orcladmin"

 

sgslufread: Hard error on read, OS error = 131

 

ldap_bind: Can't contact LDAP server

 

-------------

 

Thanks.

 

Andy

 

  • have you tried snat automap (under virtual server setting)?
  • > I've set up a basic VIP (ldapbind.vip) to listen on TCP port 3060 and

     

    > load balance across two nodes (host953 & host954) using cookie persistence.

     

     

    LDAP is not HTTP, so cookie persistence will not work! Do you really need persistence here?

     

     

    > [oraidm@host954] $ ldapbind -h ldapbind.vip -p 3060 -D "cn=orcladmin"

     

    > sgslufread: Hard error on read, OS error = 131

     

    > ldap_bind: Can't contact LDAP server

     

    1.) Does ldapbind.vip resolve to the correct IP on the LB? Maybe it's a different VS.

     

     

    2.) Apparently you can access the hosts directly from your client, so you will need SNAT for the VS, otherwise you will get asymetric routed packets.

     

     

    3.) As you mentioned cookie persistence, I assume you added a HTTP profile to the VS, otherwise you would get an error message when you active cookie persistence. Please remove the HTTP profile. LDAP is not HTTP. Just define a plain TCP based virtual server, possibly FastL4 for better performance, if you won't need an iRule.

     

     

    4.) if nothing of the above helps: Can you post the VS configuration ('b virtual VS_NAME list')?

     

     

    Hope that helps.

     

     

    Regards

     

    Kurt Knochner

     

     

  • LDAP is not HTTP, so cookie persistence will not work!good catch!