Policy Server responses are delayed because of packets lost on Policy Server UDP Ephemeral Port

book

Article ID: 75004

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

We run a Policy Server, and we see its response time is getting slower after some time. Then the requests that are sent to Policy Server are handled with a delay of between 1 second to 5 or more seconds.

Why do we see that behavior? How can we improve the performance?
 

Cause

The Policy Server Reactor checks the status of all threads. If a thread is available, then it gives the thread a request to process.
 
Once a thread has finished to process a request, it send a "notify" flag to the Reactor. Receiving this "notify" flag, the Reactor polls again the threads status to list the one available.
 
The thread sends that "notify" flag using a UDP packet to an ephemeral UDP port that the Policy Server sets randomly at starting time.

The issue seen occurs when the thread sends an UDP packet to the Policy Server Reactor, so if the UDP packet is lost, then the Policy Server Reactor does not get the "notify" flag, and it keeps waiting until another packet arrives on that port, before looking again to the availability of the threads.
The result is that the Reactor is waiting too long to detect the availability of threads, and give further requests.

We enhanced the Policy Server in a way that only a few requests will have the delays to overcome this issue.

Environment

Policy Server R12.52 SP1

Resolution

Upgrade Policy Server to R12.52 SP01 CR08:

Defects Fixed in 12.52 SP1 CR08
 69481    DE140271    The Policy Server responses are delayed when it handles requests with a delay of at least one second.



 

Additional Information

Policy Server Defects fixed in R12.52 SP1 CR08