[nsp] CSS Persistent conections
Tim D.
zsolutions@cogeco.ca
Mon, 19 Aug 2002 18:02:55 -0500
This is a multi-part message in MIME format.
------=_NextPart_000_0024_01C247AA.A4A62700
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
=20
Hello,
The problem I am having is that existing connections to a content =
rule are remaining persistent when I suspend the referenced services, =
even though I have 'no persistence' configured in the content rule. =
What I would like to happen is for existing connections to be reset when =
the services that reference that content rule are suspended, or not =
active. =20
My configuration is in a Global load balancing =
configuration, whereby name resolutions are given to clients based on =
service availability. If all the services on css1 fail, then client =
resolutions for mycompany.com will point to css2. This part of the =
configuration works fine. The web site is the same accross both css's, =
and every link on the page appends the dns suffix mycompany.com to the =
link. Since the TTL is set very low, when all servicess on css1 fails, =
the client should be able to click a link on the page, and the box will =
do a resolution which will produce the new VIP on css2. My problem is =
that *existing* tcp connections with css1 are not reset (or sent a tcp =
fin) when the services are suspended. These users continue to be =
connected to css1 because their local hosts do not do another name =
resolution seeing as how their connection state is still established =
with css1. =20
To attempt to rectify this problem I configured the global =
command 'persistence reset remap', and 'no persistence' in the content =
rule. This has not worked for me though. When I suspend the services, =
existing connections still continue on the content rule. When I stop =
the web service on the web machines the services transition to down on =
the css, but the existing connections do not use the new VIP, and =
instead show a 404 error. In fact, I don't even see the counters =
increment when I do a 'show dns-server stat'.
The content rule is on port 443, and has application ssl configured.
Any help or ideas greatly appreciated.
------=_NextPart_000_0024_01C247AA.A4A62700
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.3502.4856" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff><FONT face=3DArial size=3D2>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-FAMILY: Arial; FONT-SIZE: 10pt"> </SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-FAMILY: Arial; FONT-SIZE: 10pt">Hello,</SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-FAMILY: Arial; FONT-SIZE: 10pt"></SPAN></FONT><FONT =
face=3DArial=20
size=3D2><SPAN=20
style=3D"FONT-FAMILY: Arial; FONT-SIZE: =
10pt"> The=20
problem I am having is that existing connections to a content rule =
are=20
remaining persistent when I suspend the referenced services, even though =
I have=20
'no persistence' configured in the content rule. What I would like =
to=20
happen is for existing connections to be reset when the services that =
reference=20
that content rule are suspended, or not active. =
</SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-FAMILY: Arial; FONT-SIZE: 10pt"> </SPAN></FONT><FONT =
face=3DArial=20
size=3D2><SPAN=20
style=3D"FONT-FAMILY: Arial; FONT-SIZE: =
10pt"> =20
My configuration is in a Global load balancing configuration, whereby =
name=20
resolutions are given to clients based on service availability. If =
all the=20
services on css1 fail, then client resolutions for mycompany.com will =
point to=20
css2. This part of the configuration works fine. The web =
site is the=20
same accross both css's, and every link on the page appends the dns =
suffix=20
mycompany.com to the link. Since the TTL is set very low, when all =
servicess on css1 fails, the client should be able to click a link on =
the page,=20
and the box will do a resolution which will produce the new VIP on =
css2. =20
My problem is that *<B><SPAN style=3D"FONT-WEIGHT: =
bold">existing</SPAN></B>* tcp=20
connections with css1 are not reset (or sent a tcp fin) when the =
services are=20
suspended. These users continue to be connected to css1 because =
their=20
local hosts do not do another name resolution seeing as how their =
connection=20
state is still established with css1. </SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-FAMILY: Arial; FONT-SIZE: 10pt"> </SPAN></FONT><FONT =
face=3DArial=20
size=3D2><SPAN=20
style=3D"FONT-FAMILY: Arial; FONT-SIZE: =
10pt"> &=
nbsp;</SPAN></FONT><FONT=20
face=3DArial size=3D2><SPAN=20
style=3D"FONT-FAMILY: Arial; FONT-SIZE: 10pt"> </SPAN></FONT><FONT =
face=3DArial=20
size=3D2><SPAN style=3D"FONT-FAMILY: Arial; FONT-SIZE: 10pt">To attempt =
to rectify=20
this problem I configured the global command 'persistence reset remap', =
and 'no=20
persistence' in the content rule. This has not worked for me =
though. =20
When I suspend the services, existing connections still continue on the =
content=20
rule. When I stop the web service on the web machines the services =
transition to down on the css, but the existing =
connections do=20
not use the new VIP, and instead show a 404 error. In fact, I =
don't=20
even see the counters increment when I do a 'show dns-server=20
stat'.</SPAN></FONT></P>
<P class=3DMsoNormal>The content rule is on port 443, and has =
application ssl=20
configured.</P>
<P class=3DMsoNormal>Any help or ideas greatly appreciated.</P>
<P class=3DMsoNormal> </P></FONT></BODY></HTML>
------=_NextPart_000_0024_01C247AA.A4A62700--