Policy Server responses are delayed because of packets lost on Policy Server UDP Ephemeral Port
Article ID: 75004
CA Single Sign On Secure Proxy Server (SiteMinder)CA Single Sign On SOA Security Manager (SiteMinder)CA Single Sign-On
We run a Policy Server, and we see its response time is getting slower after some time. Then the requests that are sent to Policy Server are handled with a delay of between 1 second to 5 or more seconds.
Why do we see that behavior? How can we improve the performance?
The Policy Server Reactor checks the status of all threads. If a thread is available, then it gives the thread a request to process.
Once a thread has finished to process a request, it send a "notify" flag to the Reactor. Receiving this "notify" flag, the Reactor polls again the threads status to list the one available.
The thread sends that "notify" flag using a UDP packet to an ephemeral UDP port that the Policy Server sets randomly at starting time.
The issue seen occurs when the thread sends an UDP packet to the Policy Server Reactor, so if the UDP packet is lost, then the Policy Server Reactor does not get the "notify" flag, and it keeps waiting until another packet arrives on that port, before looking again to the availability of the threads. The result is that the Reactor is waiting too long to detect the availability of threads, and give further requests.
We enhanced the Policy Server in a way that only a few requests will have the delays to overcome this issue.
Policy Server R12.52 SP1
Upgrade Policy Server to R12.52 SP01 CR08:
Defects Fixed in 12.52 SP1 CR08 69481 DE140271 The Policy Server responses are delayed when it handles requests with a delay of at least one second.