[f-nsp] Serveriron load balancing servers behind a firewall
Drew Weaver
drew.weaver at thenap.com
Wed Jan 5 19:28:09 EST 2011
Hey,
I have a serveriron xl which does port 80 load balancing for servers behind a firewall.
Is there anything special you can do or must do to make sure that the tcp connections are closed properly and timely between the load balancer and the client, the real/remote server and the load balancer and the real/remote server and the client? Each of these connections/sessions sticks in the firewall's connection tracking table.
The firewall seems to be hanging onto these connections/sessions for longer than it should.
For example if I do a show server on the serveriron and add up all of the 'connections' and 'sessions' for the real servers it isn't anywhere near 100,000 but the firewall is saying it is tracking 100k connections.
I know it is the HTTP traffic that is causing the session problem because if I ACL http traffic from going into the network the firewall is fine, as soon as I remove that ACL the connections jumps to 100K.
Thanks,
-Drew
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20110105/74be80a5/attachment.html>
More information about the foundry-nsp
mailing list