[f-nsp] Re: SLB Question, Odd behavior
p.ramesh
p_ramesh at rocketmail.com
Mon Jan 17 22:56:07 EST 2005
1. You have symmetric configured. It has to be in
State 5(Active state) or in 3(Standby state). But it
is in state "1" which is not ok. You haven't
configured "sym-priority xx" - sh server virtual shows
"Priority=0". symmetric value has to be between
10-250.
2. One reason why ssl works and http fails could be
that http forward traffic goes through SI-A, return
traffic comes through SI-B. When you have Symmetric
configured, return traffic will fail because it is in
Standby state. If you have a chassis, then u can
configure "sym-act" under the VIP, so that both boxes
start processing traffic.
3Verify the default gateway for http servers. They
could be pointing to the SI that doesnot process the
traffic. Mirror in/out ports and see if forward and
return traffic flow through same SI.
4.Sometimes because of healthcheck, port state toggle,
go down and come up and repeating this. Verify log.
None of the above work, please send "sh server
virtual" and "sh server real" to fix it. Are u using a
chassis or stackable SI.
--ramesh
--- Emilia Lambros <emilial at hostworks.com.au> wrote:
> Can you please send a "show server real http <real
> server names>?
>
> Em
>
>
>
>
>
> -----Original Message-----
> From: foundry-nsp-bounces at puck.nether.net
> [mailto:foundry-nsp-bounces at puck.nether.net] On
> Behalf Of John
> Willingham
> Sent: Tuesday, 18 January 2005 1:25 AM
> To: foundry-nsp at puck.nether.net
> Subject: [f-nsp] SLB Question, Odd behavior
>
> Greetings,
>
>
> Here is a config sample prior to my explanation:
>
> server virtual site.com 10.10.10.10
> predictor least-sess
> port default sticky
> port ssl sticky
> port http sticky
> bind ssl www1.site.com ssl www2.site.com ssl
> bind http www1.site.com http www2.site.com http
>
> server real www1.site.com 10.1.1.10
>
> max-conn 1200
> port ssl
> port http
> port http url "HEAD /"
> port http status_code 200 305
> !
> server real www2.site.com 10.1.1.11
> max-conn 1200
> port ssl
> port http
> port http url "HEAD /"
> port http status_code 200 305
>
>
> I can connect to SSL just fine, but not http. It
> just times out and
> gives a "Page cannot be displayed" error. Direct
> requests to the real
> servers via IP address work fine as well.
>
> Here is a show server virtual:
>
> Server Name: site.com IP : 10.10.10.10 :
> 1
> Status: enabled Predictor: least-sess TotConn: 4
> Dynamic: No HTTP redirect: disabled
> Intercept: No
> ACL: id = 0
> Sym: group = 1 state = 1 priority = 0 keep = 0
> dyn
> priority/factor = 0/ 0
> Activates = 0, Inactive= 0
> Port State Sticky Concur Proxy CurConn
> TotConn
> PeakConn
>
> ssl enabled YES NO NO 0
> 4
> 2
> http enabled YES NO NO 0
> 0
> 0
> default enabled YES NO NO 0
> 0
> 0
>
> As you can see ssl is taking connections just fine,
> but not http. I
> have not had this problem before and within the last
> 2 weeks have
> setup 2-3 additional sites on the SLB without a
> problem.
>
>
>
> Any Ideas or Recommendations are welcome,
>
> John S. Willingham
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>
=====
Ramesh Pabbichetty
655 South Fairoaks Avenue
Apt#A-315
Sunnyvale CA 94086
Ph: 408-738-0149 home
408-941-7377 work
__________________________________
Do you Yahoo!?
Yahoo! Mail - 250MB free storage. Do more. Manage less.
http://info.mail.yahoo.com/mail_250
More information about the foundry-nsp
mailing list