Security Software

Hi all,

I'm encountering a quite strange problem here. My topology consists of a replicated DS environment (two multi-masters, two slaves), which are contacted by two instances of messaging server. All is fine if I tell the MS to use localhost or whatever other physical IP address as LDAP server.

I then configured this F5 BIG-IP load balancer creating a virtual server for the LDAP service. It's a standard virtual server which balances between two real ldap servers, round-robininig (guess i've just coined a new word..) the connections.

Now, as I configure the MS to reference the balanced IP address, things start to get weird.
After a while, I can see lots (thousands) of established/timewait connections incoming on the ldap server side FROM the balancer IP, while with netstat I don't see so many of them that are FROM the ms and TO the balancer (well, MS and LDAP are on the same physical machine, but I analyzed the netstat output to make a point). When this occours, obviously the MS occasionaly don't work (timeouts to the ldap server and then drops the connection).

After further investigation, I've seen that this problem occours with ANY ldap client that spawns pools when it's started. I've other applications which accesses ldap directly and they have no problems. Another webapp that instead is configured with ldap pools, gives the same problem.

Did anyone configured Virtual servers on big-ip to balance ldap connections? If this is working for someone else maybe you could help me. I don't even exclude this can be a problem of the LDAP server itself.

The LDAP is Directory Server 5.2p4 , The MS is 6.2, the OS is redhat linux AS 3u8 and the balancer is a F5 BIG-IP LTM 1500.