Re: CSS and MS IIS6 back end loadbalancing issue

ivominkov · ‎07-25-2006

Hello,

I have 2-layer web load balancing. First layer are the WEB Front-end servers and second layer Application servers. Communication goes "client" - "Web Front-end servers farm" - "Application servers farm" - "DB servers". I have 11501 CSS team for the Front-end servers and another team of CSS 11501 for the back end. While the load balancing of the front-end works as expected the load balancing at the second layer of CSS fails due to the IIS6 re-using the same ports for sending the requests to the App. Servers farm VIP and once the Front end get matched to a server on the back-end the CSS sticks the connection to it forever even tough I have no stickiness enabled at the back-end CSS.

Could any body give me a hint how to get out of this magic circle?

Thank you,

Ivo Minkov

Gilles Dufour · ‎07-25-2006

is the IIS server opening new connections using the same source port, or is it the same connection that is kepts alive ?

In other words, do you see new SYN with the same source port ???

The only reason for the css to use always the same backend server is if the connection is kept alive or there is some stickyness.

Do you have a 'sho summary' for the 2nd CSS ?

Can we see the content rule ?

Thanks,

Gilles.

ivominkov · ‎07-26-2006

Hi Gilles,

Here is the config:

!************************* KEEPALIVE *************************

keepalive DRC1KeepAlive

frequency 10

retryperiod 10

type http

port 80

method get

ip address 10.123.123.41

uri "/contactus.htm"

hash "55ea82125132014ad7695a49b6f9bd9b"

active

keepalive DRC2KeepAlive

frequency 10

retryperiod 10

type http

port 80

method get

ip address 10.123.123.40

uri "/contactus.htm"

hash "5c9b7582c687c3f8d68f5a3d5a8420ab"

active

keepalive DRC3KeepAlive

frequency 10

retryperiod 10

type http

port 80

method get

ip address 10.123.123.37

uri "/contactus.htm"

hash "bfc21d31a323f53b307fb589d615cb35"

active

!************************** SERVICE **************************

service DRCRTR-1

ip address 10.123.123.41

port 80

protocol tcp

weight 4

keepalive type named DRC1KeepAlive

active

service DRCRTR-2

ip address 10.123.123.40

port 80

protocol tcp

weight 3

keepalive type named DRC2KeepAlive

active

service DRCRTR-3

ip address 10.123.123.37

port 80

protocol tcp

keepalive type named DRC3KeepAlive

active

service DRCRTR-Sorry

keepalive frequency 20

keepalive retryperiod 20

keepalive maxfailure 5

ip address 10.123.123.36

port 80

protocol tcp

active

!*************************** OWNER ***************************

owner Raters

content DRCRaters

vip address 123.123.123.123

protocol tcp

port 80

balance weightedrr

primarySorryServer DRCRTR-Sorry

add service DRCRTR-1

add service DRCRTR-2

add service DRCRTR-3

active

When i sniff the traffic the IIS never sends [FIN,ACK] nor [RST,ACK] packet. I created a script that looks for special word in the reply page to identify the server it comes from so here are the reports from few tests when i go trough IIS:

Total: 621

DRC1: 311 DRC2: 0 DRC3: 310 DRCSorry: 0

Total: 660

DRC1: 660 DRC2: 0 DRC3: 0 DRCSorry: 0

Total: 660

DRC1: 328 DRC2: 332 DRC3: 0 DRCSorry: 0

Total: 660

DRC1: 264 DRC2: 269 DRC3: 127 DRCSorry: 0

Total: 640

DRC1: 318 DRC2: 215 DRC3: 107 DRCSorry: 0

Total: 620

DRC1: 300 DRC2: 229 DRC3: 91 DRCSorry: 0

Total: 635

DRC1: 317 DRC2: 318 DRC3: 0 DRCSorry: 0

Also i used WMI script. from my desktop to test it. There i see [SYN] at the begining of each request and[RST,ACK] at the end as well as each request increments the port it is comming off of. Here is how the CSS act in this situation:

From Desktop

Total: 640

DRC1: 320 DRC2: 240 DRC3: 80 DRCSorry: 0

Total: 320

DRC1: 160 DRC2: 120 DRC3: 40 DRCSorry: 0

Thanks,

Ivo Minkov