First of all, let us look at the content of server.xml file which is located at the folder "C:\Program Files\Deepnet Authentication Server\Tomcat\conf". There are 3 occurrences of Cluster.
<Cluster className="org.apache.catalina.cluster.tcp.SimpleTcpCluster" clusterLogName="clusterlog" clusterName="localhost" manager.className="org.apache.catalina.cluster.session.DeltaManager" manager.expireSessionsOnShutdown="false" manager.notifyListenersOnReplication="false" manager.notifySessionListenersOnReplication="false" manager.sendAllSessions="false" manager.sendAllSessionsSize="500" manager.sendAllSessionsWaitTime="20" manager.sendClusterDomainOnly="true">
<Membership className="org.apache.catalina.cluster.mcast.McastService" mcastAddr="228.1.1.4" mcastClusterDomain="das_cluster" mcastDropTime="30000" mcastFrequency="1000" mcastPort="24282" recoveryEnabled="true"/>
<Sender className="org.apache.catalina.cluster.tcp.ReplicationTransmitter" doProcessingStats="true" doTransmitterProcessingStats="true" doWaitAckStats="true" keepAliveMaxRequestCount="-1" keepAliveTimeout="80000" queueCheckLock="true" queueDoStats="true" queueTimeWait="true" recoverCounter="6" recoverTimeout="5000" replicationMode="fastasyncqueue"/>
<Receiver className="org.apache.catalina.cluster.tcp.ReplicationListener" compress="false" sendAck="true" tcpListenAddress="x.x.x.x" tcpListenPort="4000" tcpSelectorTimeout="100" tcpThreadCount="6"/>
<Valve className="org.apache.catalina.cluster.tcp.ReplicationValve" filter=".*\.gif;.*\.js;.*\.css;.*\.png;.*\.jpeg;.*\.jpg;.*\.htm;.*\.html;.*\.txt;" primaryIndicator="true"/>
<Valve className="org.apache.catalina.cluster.session.JvmRouteBinderValve"/>
<ClusterListener className="org.apache.catalina.cluster.session.ClusterSessionListener"/>
<ClusterListener className="org.apache.catalina.cluster.session.JvmRouteSessionIDBinderListener"/>
</Cluster>
What will this result in? With some traffic monitor, you will see a lot of connection attempts to IP "228.1.1.4" configured in server.xml (see above). Suspicious and scary, isn't it? I am not comfortable with that, although this address doesn't exist on Internet.
According to Deepnet Support, this tech(multicast) was adopted at the very beginning for deepnet authentication server cluster configuration, but they abandoned it as another approach was used to implement the cluster/load balancing.
So these settings are redundant, why not remove them!
- backup the file server.xml;
- open the file server.xml with your favourite editor;
- locate these pairs <Cluster ..>....</Cluster>, delete them;
- save the file;
- restart deepnet service "das";
Now it is nice and clean. Happy!
No comments:
Post a Comment