[f-nsp] Re: SLB Question, Odd behavior

John Willingham jwillingham at gmail.com
Tue Jan 18 08:32:08 EST 2005


Here is the information you requested,

As I said,  I have several working configurations attached to this
SLB,  btw it is a stackable ServerIronXL, yet this one configuration
(which is identical to several others) is giving me issues.

Thanks for any Information,

-John
=============Begin Output from SLB=======================

Slot index 27
        Real server name = www1.site.com,    Real port Status = ACTIVE
        Slot valid = TRUE                IP: 10.1.1.10   
        Real port index = 40,            Real port no = 80
        Tcp request = 347851,            Tcp response = 347849
        Tcp response timeout = 2,        Keepalive Enabled
        HTTP URL = "HEAD /"
        HTTP sent = 347842,                      Received ok = 347828
        HTTP received error = 0,         Receive timeout = 14
        wait for response = FALSE,       Status code = 200
        Server close = 0,                Current sent = 0
        Bring port down = 0,             Total retries = 16
        TCP Round Trip Time = 7,         Appl Round Trip Time = 25
        Next slot index = 3

Slot index 28
        Real server name = www2.site.com,    Real port Status = ACTIVE
        Slot valid = TRUE                IP: 10.1.1.11
        Real port index = 42,            Real port no = 80
        Tcp request = 346796,            Tcp response = 346783
        Tcp response timeout = 5,        Keepalive Enabled
        HTTP URL = "HEAD /"
        HTTP sent = 346774,                      Received ok = 346757
        HTTP received error = 0,         Receive timeout = 17
        wait for response = FALSE,       Status code = 200
        Server close = 3,                Current sent = 0
        Bring port down = 0,             Total retries = 22
        TCP Round Trip Time = 8,         Appl Round Trip Time = 120
        Next slot index = 27


Server Name: www.site.com        IP : 10.10.10.10     :   1
Status: enabled  Predictor: least-sess  TotConn: 5
Dynamic: No     HTTP redirect: disabled
                Intercept: No
ACL: id =   0
Sym: group =  1 state =  1 priority =   0 keep =  0 dyn
priority/factor =   0/  0
 Activates =    0, Inactive= 0
Port    State     Sticky  Concur  Proxy      CurConn   TotConn   PeakConn

ssl     enabled   YES     NO      NO               0         5          2
http    enabled   YES     NO      NO               0         0          0
default enabled   YES     NO      NO               0         0          0

Name : www1.site.com                            Mac-addr: 0030.482b.919e 
IP:10.1.1.10   Range:1    State:Active          Max-conn:   1200
Least-con Wt:0     Resp-time Wt:0

Port    State    Ms CurConn TotConn Rx-pkts  Tx-pkts  Rx-octet  
Tx-octet   Reas----    -----    -- ------- ------- -------  ------- 
--------   --------   ----
ssl     active   6  0       12      350      266      374598     59249      0  
http    active   6  0       4075    49184    43291    51146299   6506357    0  
default unbnd    0  0       0       0        0        0          0          0  

Server  Total       0       4087    49534    43557    51520897   6565606    0   


Name : www2.site.com                            Mac-addr: 0009.6b8c.f6ab 
IP:10.1.1.11   Range:1    State:Active          Max-conn:   1200
Least-con Wt:0     Resp-time Wt:0

Port    State    Ms CurConn TotConn Rx-pkts  Tx-pkts  Rx-octet  
Tx-octet   Reas----    -----    -- ------- ------- -------  ------- 
--------   --------   ----
ssl     active   6  0       1       27       29       14185      10841      0  
http    active   6  0       1012    14783    14173    14603331   2345887    0  
default unbnd    0  0       0       0        0        0          0          0  

Server  Total       0       1013    14810    14202    14617516   2356728    0   
                                                                  



On Mon, 17 Jan 2005 19:56:07 -0800 (PST), p.ramesh
<p_ramesh at rocketmail.com> wrote:
> 1. You have symmetric configured. It has to be in
> State 5(Active state) or in 3(Standby state). But it
> is in state "1" which is not ok. You haven't
> configured "sym-priority xx" - sh server virtual shows
> "Priority=0". symmetric value has to be between
> 10-250.
> 
> 2. One reason why ssl works and http fails could be
> that http forward traffic goes through SI-A, return
> traffic comes through SI-B. When you have Symmetric
> configured, return traffic will fail because it is in
> Standby state. If you have a chassis, then u can
> configure "sym-act" under the VIP, so that both boxes
> start processing traffic.
> 
> 3Verify the default gateway for http servers. They
> could be pointing to the SI that doesnot process the
> traffic. Mirror in/out ports and see if forward and
> return traffic flow through same SI.
> 
> 4.Sometimes because of healthcheck, port state toggle,
> go down and come up and repeating this. Verify log.
> 
> None of the above work, please send "sh server
> virtual" and "sh server real" to fix it. Are u using a
> chassis or stackable SI.
> 
> --ramesh
> --- Emilia Lambros <emilial at hostworks.com.au> wrote:
> 
> > Can you please send a "show server real http <real
> > server names>?
> >
> > Em
> >
> >
> >
> >
> >
> > -----Original Message-----
> > From: foundry-nsp-bounces at puck.nether.net
> > [mailto:foundry-nsp-bounces at puck.nether.net] On
> > Behalf Of John
> > Willingham
> > Sent: Tuesday, 18 January 2005 1:25 AM
> > To: foundry-nsp at puck.nether.net
> > Subject: [f-nsp] SLB Question, Odd behavior
> >
> > Greetings,
> >
> >
> > Here is a config sample prior to my explanation:
> >
> > server virtual site.com 10.10.10.10
> >  predictor least-sess
> >  port default sticky
> >  port ssl sticky
> >  port http sticky
> >  bind ssl www1.site.com ssl www2.site.com ssl
> >  bind http www1.site.com http www2.site.com http
> >
> > server real www1.site.com 10.1.1.10
> >
> >  max-conn 1200
> >  port ssl
> >  port http
> >  port http url "HEAD /"
> >  port http status_code  200 305
> > !
> > server real www2.site.com 10.1.1.11
> >  max-conn 1200
> >  port ssl
> >  port http
> >  port http url "HEAD /"
> >  port http status_code  200 305
> >
> >
> > I can connect to SSL just fine, but not http.  It
> > just times out and
> > gives a "Page cannot be displayed" error.  Direct
> > requests to the real
> > servers via IP address work fine as well.
> >
> > Here is a show server virtual:
> >
> > Server Name: site.com        IP : 10.10.10.10     :
> >  1
> > Status: enabled  Predictor: least-sess  TotConn: 4
> > Dynamic: No     HTTP redirect: disabled
> >                 Intercept: No
> > ACL: id =   0
> > Sym: group =  1 state =  1 priority =   0 keep =  0
> > dyn
> > priority/factor =   0/  0
> >  Activates =    0, Inactive= 0
> > Port    State     Sticky  Concur  Proxy      CurConn
> >   TotConn
> > PeakConn
> >
> > ssl     enabled   YES     NO      NO               0
> >         4
> > 2
> > http    enabled   YES     NO      NO               0
> >         0
> > 0
> > default enabled   YES     NO      NO               0
> >         0
> > 0
> >
> > As you can see ssl is taking connections just fine,
> > but not http.  I
> > have not had this problem before and within the last
> > 2 weeks have
> > setup 2-3 additional sites on the SLB without a
> > problem.
> >
> >
> >
> > Any Ideas or Recommendations are welcome,
> >
> > John S. Willingham
> > _______________________________________________
> > foundry-nsp mailing list
> > foundry-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/foundry-nsp
> >
> > _______________________________________________
> > foundry-nsp mailing list
> > foundry-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/foundry-nsp
> >
> 
> 
> =====
> 
> Ramesh Pabbichetty
> 655 South Fairoaks Avenue
> Apt#A-315
> Sunnyvale CA 94086
> Ph: 408-738-0149 home
>       408-941-7377 work
> 
> __________________________________
> Do you Yahoo!?
> Yahoo! Mail - 250MB free storage. Do more. Manage less.
> http://info.mail.yahoo.com/mail_250
>



More information about the foundry-nsp mailing list