Security

 View Only
last person joined: 15 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass Tipsdb relative lag

This thread has been viewed 8 times

  • 1.  Clearpass Tipsdb relative lag

    Posted Nov 24, 2022 10:55 AM
    Hi,

    could someone explain the term "relative lag" please? It's in tipsdb.log measured in seconds with a best practice <600s. An Aruba TAC engineer explained it as roundtrip time but that's normally measured in ms. Searching for the term did not give me any networking related topics.

    thanks.

    ------------------------------
    Erik Eckhardt
    ACMX #1245, ACDX #968, ACCP, ACSP
    ------------------------------


  • 2.  RE: Clearpass Tipsdb relative lag

    EMPLOYEE
    Posted Nov 28, 2022 04:39 AM
    Erik,

    I had a look and the relative lag is some internal debug logging that shows up under the database debug logs and normally is not visible to end-users.

    It seems to be that the publisher regularly puts a timestamp in the database, which is replicated to the subscribers and then checked again by the publisher. In that way, the publisher can see how much time (in seconds) the database replication is lagging. I would say that if you have a delay of 600 seconds (10 minutes) that is really high already, because updates to the publisher will take 10 minutes to replicate to the subscriber in that way. I would say that it should be more in seconds range than minutes, but 10 minutes is too high for sure.

    If you see such high lags, it's important to investigate why that happens. Most logical would be to assume that the database replication traffic does not meet the requirements of 200ms round-trip-time or the link is overloaded or unreliable. A high relative lag on the database replication for me would be more a symptom than the problem itself.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message