Re: Random failures to CSS doing https balancing.

rrichmond · ‎04-11-2005

So I have a cluster of about 10 machines behind a 11503, each server is setup like

service server-1

ip address 192.168.10.171

port 443

string cluster01

keepalive type script ap-kal-httplist "192.168.10.171 /webct/about.jsp"

keepalive frequency 15

active

and clustered in a service via

content ssl-rule

balance leastconn

protocol tcp

port 443

advanced-balance sticky-srcip-dstport

vip address 192.168.200.19

add service server-1

add service server-2

add service server-3

...

add service server-9

add service server-10

active

I am not currently doing ssl termination, just balancing.

Ok, so recently the load has started to rise (it is an e-learning application for a university and it's finals time) and now I see a scenario where random users are unable to connect to the https://elearningapp.somedomain.ca URL, while the person sitting next to them (both physically and IP-wise) connects fine. It is only a percentage of users who see this, seemingly no correlation between them, and if I reset the css it goes away for a while.

Gilles Dufour · ‎04-12-2005

You'll need to collect some info.

First, capture a sniffer trace on one of the host showing the problem.

Check if the client gets a response to the SYN.

Check if the client can ping the CSS.

Then verify that the SYN comes to the CSS.

[capture a sniffer trace in front of CSS].

Then use 'sho flows x.x.x.x' to see if a flow is created.

Verify if the SYN is forwarded to a server.

Could be the server not responding.

What version do you run ?

Gilles.