[f-nsp] Trying to filter bad traffic with serveriron.

supportnew at byethost.com supportnew at byethost.com
Thu Dec 21 11:37:27 EST 2006 

Hi All,

Please excuse the long post , however im trying to give as much 
information as possible initially

Im 'hopeing' someone might be able  to help me with an issue im having 
with a Foundry Networks ServerIron

SW: Version 07.3.05bT12 Copyright (c) 1996-2002 Foundry Networks, Inc.
    Compiled on Oct 19 2002 at 14:06:16 labeled as SLB07305b

I'm trying to url-switch some traffic initially to keep some bad bot 
traffic off my web servers which are behind the ServerIron LB.

My config looks like.

-----------------start config ------------------


Current configuration:
!
ver 07.3.05bT12
!
!
server force-delete
server predictor round-robin
server syn-def 6
!
url-map "abusefiles"
method pattern
default "letgoby"
match "ip.txt" 1
match "re39-ip.txt" 1
match "fibi.txt" 1
match "cmd.exe" 1
match "root.exe" 1
match ".scr" 1
match "18.txt" 1
match "config.htm" 1
match "tec.mp3" 1
match "imgtd.swf" 1
!
url-map "letgoby"
default 0
!
!
!
!
server monitor
!
server real node21 x.x.x.x
port http
port http keepalive
port http url "HEAD /"

port http content-match host2
!
server cache-name anchor x.x.x.x
port http
port http no-health-check
port http url "HEAD /"
port http l4-check-only
port http group-id  1 1
!
server real node20 x.x.x.x
port http
port http keepalive
port http url "HEAD /"
port http content-match host2
!
server real node10 x.x.x.x
port http
port http keepalive
port http url "HEAD /"
port http content-match host2
!
server real node11 x.x.x.x
port http
port http keepalive
port http url "HEAD /"
port http content-match host2
!
server real node13 x.x.x.x
port http
port http keepalive
port http url "HEAD /"
port http content-match host2
!
server real node14 x.x.x.x
port http
port http keepalive
port http url "GET http://node14.cluster.com/lbtest.php"
port http content-match host2
!
server real node15 x.x.x.x
port http
port http keepalive
port http url "GET http://node15.cluster.com/lbtest.php"
port http content-match host2
!
server real node16 x.x.x.x


port http
port http keepalive
port http url "GET http://node16.cluster.com/lbtest.php"
port http content-match host2
!
server real node17 x.x.x.x
port http
port http keepalive
port http url "GET http://node17.cluster.com/lbtest.php"
port http content-match host2
!
server real node18 x.x.x.x
port http
port http keepalive
port http url "GET http://node18.cluster.com/lbtest.php"
port http content-match host2
!
server real node1 x.x.x.x
port http
port http keepalive
port http url "GET http://node1.cluster.com/index.html"
port http content-match host
!
server real node2 x.x.x.x
port http
port http keepalive
port http url "GET http://node2.cluster.com/index.html "
port http content-match host
!
server real node3 x.x.x.x
port http
port http keepalive
port http url "GET http://node3.cluster.com/index.html "
port http content-match host
!
server real node4 x.x.x.x
port http
port http keepalive
port http url "GET http://node4.cluster.com/index.html"
port http content-match host
!
server real node5 x.x.x.x
port http
port http keepalive
port http url "GET http://node5.cluster.com/index.html"
port http content-match host
!
server real node6 x.x.x.x
port http
port http keepalive
port http url "GET http://node6.cluster.com/index.html "
port http content-match host
!
server real node7 x.x.x.x
port http
port http keepalive
port http url "GET http://node7.cluster.com/index.html "
port http content-match host
!
!
server virtual host x.x.x.x
predictor least-conn
port http sticky
bind http node20 http node10 http node11 http node13 http
bind http node14 http node15 http node16 http node17 http
bind http node18 http node21 http
!
server virtual host2 x.x.x.x
predictor least-conn
port http sticky
bind http node1 http node2 http node3 http node4 http
bind http node5 http node6 http node7 http
!
server cache-group 1
cache-name anchor
url-map abusefiles
no-group-failover
no http-cache-control
url-switch
!
!
vlan 1 name DEFAULT-VLAN by port
!
enable telnet password .....
enable super-user-password .....
hostname ByetLB
ip tcp burst-normal 15 burst-max 25 lockup 400
ip address x.x.x.x 255.255.255.0
ip default-gateway x.x.x.x
ip dns server-address x.x.x.x
ip policy 1 cache tcp http global
ip policy 2 cache tcp 0 global
http match-list host
 default down
 up simple "pattern match 2"
http match-list host2
 default down
 up simple "pattern match 1"

snmp-server community ..... rw

-------- end config ------------


When this config is in place, I see connections going to the cache server

---------------------------------------------------------------------------------------------------------- 

#show server
node21              6         30       2799          0        
334         45
anchor              6       6637      37625          0      13274       
6639
node20              6         29       4286          0        
356         57
---------------------------------------------------------------------------------------------------------- 


and

---------------------------------------------------------------------------------------------------------- 

#show cache-group

Cache Server Name                Admin-status Hash-distribution
anchor                           6            0

HTTP Traffic  From <-> to  Web-Caches

Name: anchor          IP: x.x.x.x    State: 6   Groups =   1

                                  Host->Web-cache       Web-cache->Host
                      State   CurConn TotConn Packets    Octets     
Packets    Octets
Client             active  6637    37669   16         1088       
45         2700
Web-Server    active  0           0           0          0              
0          0
Total                           6637    37669   16         1088       
45         2700
------------------------------------------------------------------------------------------------------ 


shows packets going back / forward from the cache-group

The cache-server anchor is pingable from the load balancer, and is 
running a http server (which can not server the requested content)

When I try to browse to a file in the url-map (say 18.txt), the file is 
served (not what I wanted) , and after 10 / 15 minutes of running in 
this config ,  lots of genuine web requests start to get a dreaded "The 
connection to the server was reset while the page was loading." error 
(eeeek) .

This is driving me crazy, as to my knowledge (and it is slim with this 
Load Balancer)  , the config looks good .

Can anyone help me here (despair is about to begin !!     :/   )  Or 
maybe point to to somewhere where this question might be able to be 
responded to (pretty please with a cherry on the top !!)

Many Thanks in advance
Kevin Myers

More information about the foundry-nsp mailing list