[f-nsp] Re: SLB Question, Odd behavior
John Willingham
jwillingham at gmail.com
Tue Jan 18 08:32:08 EST 2005
Here is the information you requested,
As I said, I have several working configurations attached to this
SLB, btw it is a stackable ServerIronXL, yet this one configuration
(which is identical to several others) is giving me issues.
Thanks for any Information,
-John
=============Begin Output from SLB=======================
Slot index 27
Real server name = www1.site.com, Real port Status = ACTIVE
Slot valid = TRUE IP: 10.1.1.10
Real port index = 40, Real port no = 80
Tcp request = 347851, Tcp response = 347849
Tcp response timeout = 2, Keepalive Enabled
HTTP URL = "HEAD /"
HTTP sent = 347842, Received ok = 347828
HTTP received error = 0, Receive timeout = 14
wait for response = FALSE, Status code = 200
Server close = 0, Current sent = 0
Bring port down = 0, Total retries = 16
TCP Round Trip Time = 7, Appl Round Trip Time = 25
Next slot index = 3
Slot index 28
Real server name = www2.site.com, Real port Status = ACTIVE
Slot valid = TRUE IP: 10.1.1.11
Real port index = 42, Real port no = 80
Tcp request = 346796, Tcp response = 346783
Tcp response timeout = 5, Keepalive Enabled
HTTP URL = "HEAD /"
HTTP sent = 346774, Received ok = 346757
HTTP received error = 0, Receive timeout = 17
wait for response = FALSE, Status code = 200
Server close = 3, Current sent = 0
Bring port down = 0, Total retries = 22
TCP Round Trip Time = 8, Appl Round Trip Time = 120
Next slot index = 27
Server Name: www.site.com IP : 10.10.10.10 : 1
Status: enabled Predictor: least-sess TotConn: 5
Dynamic: No HTTP redirect: disabled
Intercept: No
ACL: id = 0
Sym: group = 1 state = 1 priority = 0 keep = 0 dyn
priority/factor = 0/ 0
Activates = 0, Inactive= 0
Port State Sticky Concur Proxy CurConn TotConn PeakConn
ssl enabled YES NO NO 0 5 2
http enabled YES NO NO 0 0 0
default enabled YES NO NO 0 0 0
Name : www1.site.com Mac-addr: 0030.482b.919e
IP:10.1.1.10 Range:1 State:Active Max-conn: 1200
Least-con Wt:0 Resp-time Wt:0
Port State Ms CurConn TotConn Rx-pkts Tx-pkts Rx-octet
Tx-octet Reas---- ----- -- ------- ------- ------- -------
-------- -------- ----
ssl active 6 0 12 350 266 374598 59249 0
http active 6 0 4075 49184 43291 51146299 6506357 0
default unbnd 0 0 0 0 0 0 0 0
Server Total 0 4087 49534 43557 51520897 6565606 0
Name : www2.site.com Mac-addr: 0009.6b8c.f6ab
IP:10.1.1.11 Range:1 State:Active Max-conn: 1200
Least-con Wt:0 Resp-time Wt:0
Port State Ms CurConn TotConn Rx-pkts Tx-pkts Rx-octet
Tx-octet Reas---- ----- -- ------- ------- ------- -------
-------- -------- ----
ssl active 6 0 1 27 29 14185 10841 0
http active 6 0 1012 14783 14173 14603331 2345887 0
default unbnd 0 0 0 0 0 0 0 0
Server Total 0 1013 14810 14202 14617516 2356728 0
On Mon, 17 Jan 2005 19:56:07 -0800 (PST), p.ramesh
<p_ramesh at rocketmail.com> wrote:
> 1. You have symmetric configured. It has to be in
> State 5(Active state) or in 3(Standby state). But it
> is in state "1" which is not ok. You haven't
> configured "sym-priority xx" - sh server virtual shows
> "Priority=0". symmetric value has to be between
> 10-250.
>
> 2. One reason why ssl works and http fails could be
> that http forward traffic goes through SI-A, return
> traffic comes through SI-B. When you have Symmetric
> configured, return traffic will fail because it is in
> Standby state. If you have a chassis, then u can
> configure "sym-act" under the VIP, so that both boxes
> start processing traffic.
>
> 3Verify the default gateway for http servers. They
> could be pointing to the SI that doesnot process the
> traffic. Mirror in/out ports and see if forward and
> return traffic flow through same SI.
>
> 4.Sometimes because of healthcheck, port state toggle,
> go down and come up and repeating this. Verify log.
>
> None of the above work, please send "sh server
> virtual" and "sh server real" to fix it. Are u using a
> chassis or stackable SI.
>
> --ramesh
> --- Emilia Lambros <emilial at hostworks.com.au> wrote:
>
> > Can you please send a "show server real http <real
> > server names>?
> >
> > Em
> >
> >
> >
> >
> >
> > -----Original Message-----
> > From: foundry-nsp-bounces at puck.nether.net
> > [mailto:foundry-nsp-bounces at puck.nether.net] On
> > Behalf Of John
> > Willingham
> > Sent: Tuesday, 18 January 2005 1:25 AM
> > To: foundry-nsp at puck.nether.net
> > Subject: [f-nsp] SLB Question, Odd behavior
> >
> > Greetings,
> >
> >
> > Here is a config sample prior to my explanation:
> >
> > server virtual site.com 10.10.10.10
> > predictor least-sess
> > port default sticky
> > port ssl sticky
> > port http sticky
> > bind ssl www1.site.com ssl www2.site.com ssl
> > bind http www1.site.com http www2.site.com http
> >
> > server real www1.site.com 10.1.1.10
> >
> > max-conn 1200
> > port ssl
> > port http
> > port http url "HEAD /"
> > port http status_code 200 305
> > !
> > server real www2.site.com 10.1.1.11
> > max-conn 1200
> > port ssl
> > port http
> > port http url "HEAD /"
> > port http status_code 200 305
> >
> >
> > I can connect to SSL just fine, but not http. It
> > just times out and
> > gives a "Page cannot be displayed" error. Direct
> > requests to the real
> > servers via IP address work fine as well.
> >
> > Here is a show server virtual:
> >
> > Server Name: site.com IP : 10.10.10.10 :
> > 1
> > Status: enabled Predictor: least-sess TotConn: 4
> > Dynamic: No HTTP redirect: disabled
> > Intercept: No
> > ACL: id = 0
> > Sym: group = 1 state = 1 priority = 0 keep = 0
> > dyn
> > priority/factor = 0/ 0
> > Activates = 0, Inactive= 0
> > Port State Sticky Concur Proxy CurConn
> > TotConn
> > PeakConn
> >
> > ssl enabled YES NO NO 0
> > 4
> > 2
> > http enabled YES NO NO 0
> > 0
> > 0
> > default enabled YES NO NO 0
> > 0
> > 0
> >
> > As you can see ssl is taking connections just fine,
> > but not http. I
> > have not had this problem before and within the last
> > 2 weeks have
> > setup 2-3 additional sites on the SLB without a
> > problem.
> >
> >
> >
> > Any Ideas or Recommendations are welcome,
> >
> > John S. Willingham
> > _______________________________________________
> > foundry-nsp mailing list
> > foundry-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/foundry-nsp
> >
> > _______________________________________________
> > foundry-nsp mailing list
> > foundry-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/foundry-nsp
> >
>
>
> =====
>
> Ramesh Pabbichetty
> 655 South Fairoaks Avenue
> Apt#A-315
> Sunnyvale CA 94086
> Ph: 408-738-0149 home
> 408-941-7377 work
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Mail - 250MB free storage. Do more. Manage less.
> http://info.mail.yahoo.com/mail_250
>
More information about the foundry-nsp
mailing list