[f-nsp] Re: SLB Question, Odd behavior
Emilia Lambros
emilial at hostworks.com.au
Tue Jan 18 17:00:16 EST 2005
Certainly nothing wrong with whether or not the SLB is seeing the
servers happily - they're all passing their healthchecks quite happily
(both tcp and http).
I'd suggest it comes down to something like routing? Default routes?
You could always try a packet capture on the SLB - don't know the
commands off the top of my head but you can do a relatively basic packet
capture and see what's going on. A packet capture on the server
probably wouldn't go astray either?
Cheers,
Em
-----Original Message-----
From: John Willingham [mailto:jwillingham at gmail.com]
Sent: Wednesday, 19 January 2005 12:02 AM
To: p.ramesh; Emilia Lambros
Cc: foundry-nsp at puck.nether.net
Subject: Re: [f-nsp] Re: SLB Question, Odd behavior
Here is the information you requested,
As I said, I have several working configurations attached to this SLB,
btw it is a stackable ServerIronXL, yet this one configuration (which is
identical to several others) is giving me issues.
Thanks for any Information,
-John
=============Begin Output from SLB=======================
Slot index 27
Real server name = www1.site.com, Real port Status = ACTIVE
Slot valid = TRUE IP: 10.1.1.10
Real port index = 40, Real port no = 80
Tcp request = 347851, Tcp response = 347849
Tcp response timeout = 2, Keepalive Enabled
HTTP URL = "HEAD /"
HTTP sent = 347842, Received ok = 347828
HTTP received error = 0, Receive timeout = 14
wait for response = FALSE, Status code = 200
Server close = 0, Current sent = 0
Bring port down = 0, Total retries = 16
TCP Round Trip Time = 7, Appl Round Trip Time = 25
Next slot index = 3
Slot index 28
Real server name = www2.site.com, Real port Status = ACTIVE
Slot valid = TRUE IP: 10.1.1.11
Real port index = 42, Real port no = 80
Tcp request = 346796, Tcp response = 346783
Tcp response timeout = 5, Keepalive Enabled
HTTP URL = "HEAD /"
HTTP sent = 346774, Received ok = 346757
HTTP received error = 0, Receive timeout = 17
wait for response = FALSE, Status code = 200
Server close = 3, Current sent = 0
Bring port down = 0, Total retries = 22
TCP Round Trip Time = 8, Appl Round Trip Time = 120
Next slot index = 27
Server Name: www.site.com IP : 10.10.10.10 : 1
Status: enabled Predictor: least-sess TotConn: 5
Dynamic: No HTTP redirect: disabled
Intercept: No
ACL: id = 0
Sym: group = 1 state = 1 priority = 0 keep = 0 dyn
priority/factor = 0/ 0
Activates = 0, Inactive= 0
Port State Sticky Concur Proxy CurConn TotConn
PeakConn
ssl enabled YES NO NO 0 5
2
http enabled YES NO NO 0 0
0
default enabled YES NO NO 0 0
0
Name : www1.site.com Mac-addr: 0030.482b.919e
IP:10.1.1.10 Range:1 State:Active Max-conn: 1200
Least-con Wt:0 Resp-time Wt:0
Port State Ms CurConn TotConn Rx-pkts Tx-pkts Rx-octet
Tx-octet Reas---- ----- -- ------- ------- ------- -------
-------- -------- ----
ssl active 6 0 12 350 266 374598 59249
0
http active 6 0 4075 49184 43291 51146299 6506357
0
default unbnd 0 0 0 0 0 0 0
0
Server Total 0 4087 49534 43557 51520897 6565606
0
Name : www2.site.com Mac-addr: 0009.6b8c.f6ab
IP:10.1.1.11 Range:1 State:Active Max-conn: 1200
Least-con Wt:0 Resp-time Wt:0
Port State Ms CurConn TotConn Rx-pkts Tx-pkts Rx-octet
Tx-octet Reas---- ----- -- ------- ------- ------- -------
-------- -------- ----
ssl active 6 0 1 27 29 14185 10841
0
http active 6 0 1012 14783 14173 14603331 2345887
0
default unbnd 0 0 0 0 0 0 0
0
Server Total 0 1013 14810 14202 14617516 2356728
0
On Mon, 17 Jan 2005 19:56:07 -0800 (PST), p.ramesh
<p_ramesh at rocketmail.com> wrote:
> 1. You have symmetric configured. It has to be in State 5(Active
> state) or in 3(Standby state). But it is in state "1" which is not ok.
> You haven't configured "sym-priority xx" - sh server virtual shows
> "Priority=0". symmetric value has to be between 10-250.
>
> 2. One reason why ssl works and http fails could be that http forward
> traffic goes through SI-A, return traffic comes through SI-B. When you
> have Symmetric configured, return traffic will fail because it is in
> Standby state. If you have a chassis, then u can configure "sym-act"
> under the VIP, so that both boxes start processing traffic.
>
> 3Verify the default gateway for http servers. They could be pointing
> to the SI that doesnot process the traffic. Mirror in/out ports and
> see if forward and return traffic flow through same SI.
>
> 4.Sometimes because of healthcheck, port state toggle, go down and
> come up and repeating this. Verify log.
>
> None of the above work, please send "sh server virtual" and "sh server
> real" to fix it. Are u using a chassis or stackable SI.
>
> --ramesh
> --- Emilia Lambros <emilial at hostworks.com.au> wrote:
>
> > Can you please send a "show server real http <real server names>?
> >
> > Em
> >
> >
> >
> >
> >
> > -----Original Message-----
> > From: foundry-nsp-bounces at puck.nether.net
> > [mailto:foundry-nsp-bounces at puck.nether.net] On Behalf Of John
> > Willingham
> > Sent: Tuesday, 18 January 2005 1:25 AM
> > To: foundry-nsp at puck.nether.net
> > Subject: [f-nsp] SLB Question, Odd behavior
> >
> > Greetings,
> >
> >
> > Here is a config sample prior to my explanation:
> >
> > server virtual site.com 10.10.10.10
> > predictor least-sess
> > port default sticky
> > port ssl sticky
> > port http sticky
> > bind ssl www1.site.com ssl www2.site.com ssl bind http
> > www1.site.com http www2.site.com http
> >
> > server real www1.site.com 10.1.1.10
> >
> > max-conn 1200
> > port ssl
> > port http
> > port http url "HEAD /"
> > port http status_code 200 305
> > !
> > server real www2.site.com 10.1.1.11
> > max-conn 1200
> > port ssl
> > port http
> > port http url "HEAD /"
> > port http status_code 200 305
> >
> >
> > I can connect to SSL just fine, but not http. It just times out and
> > gives a "Page cannot be displayed" error. Direct requests to the
> > real servers via IP address work fine as well.
> >
> > Here is a show server virtual:
> >
> > Server Name: site.com IP : 10.10.10.10 :
> > 1
> > Status: enabled Predictor: least-sess TotConn: 4
> > Dynamic: No HTTP redirect: disabled
> > Intercept: No
> > ACL: id = 0
> > Sym: group = 1 state = 1 priority = 0 keep = 0
> > dyn
> > priority/factor = 0/ 0
> > Activates = 0, Inactive= 0
> > Port State Sticky Concur Proxy CurConn
> > TotConn
> > PeakConn
> >
> > ssl enabled YES NO NO 0
> > 4
> > 2
> > http enabled YES NO NO 0
> > 0
> > 0
> > default enabled YES NO NO 0
> > 0
> > 0
> >
> > As you can see ssl is taking connections just fine, but not http. I
> > have not had this problem before and within the last
> > 2 weeks have
> > setup 2-3 additional sites on the SLB without a problem.
> >
> >
> >
> > Any Ideas or Recommendations are welcome,
> >
> > John S. Willingham
> > _______________________________________________
> > foundry-nsp mailing list
> > foundry-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/foundry-nsp
> >
> > _______________________________________________
> > foundry-nsp mailing list
> > foundry-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/foundry-nsp
> >
>
>
> =====
>
> Ramesh Pabbichetty
> 655 South Fairoaks Avenue
> Apt#A-315
> Sunnyvale CA 94086
> Ph: 408-738-0149 home
> 408-941-7377 work
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Mail - 250MB free storage. Do more. Manage less.
> http://info.mail.yahoo.com/mail_250
>
More information about the foundry-nsp
mailing list