RE: [load balancing] Alteon - Client Web Proxy Problems

From: Pete Tenereillo (pt_lbIZZAThotmail.com)
Date: Wed Jul 14 2004 - 15:24:50 EDT

  • Next message: Giorgio Solari V.: "RE: [load balancing] Alteon - Client Web Proxy Problems"

    Giorgio, I just did a sniff, you are returning multiple A records on each resolution (the default on the Alteon, and most GSLBs for that matter). Likely either BIND on the Squid box, or the caching nameserver the Squid box is pointed at, is RRing those. You can shut off multiple A records on the Alteons, using the command:

    /cfg/slb/gslb/one

    but then you will need to live with a reduced level of HA described here:
    http://www.tenereillo.com/GSLBPageOfShame.htm
    Given it's ScotiaBank, HA is probably the primary objective of doing multisite in the first place.

    You can mitigate those potential problems somewhat by doing something like this:
    http://www.tenereillo.com/ShoppingCart.htm
    but you would still need to return single A records for the site-specific URLs (or you would be back to the original issue).

    The only bulletproof solution is to sync state between sites so that it does not matter what site a subsequent SSL session goes to. I know that's tough to do right.

    Pete.

    --------------------------------------------------------------------------------

    From: owner-lb-lIZZATvegan.net [mailto:owner-lb-lIZZATvegan.net] On Behalf Of Giorgio Solari V.
    Sent: Wednesday, July 14, 2004 11:25 AM
    To: lb-lIZZATvegan.net
    Subject: [load balancing] Alteon - Client Web Proxy Problems

     

        Hello to all people. I nedd great aid. I formed two Alteon Application Switch 2208 (Version 21.0.4) successfully doing GSLB. The services are http and https. The problem I have is from certain clients that are behind some Web Proxy. Those proxy do not maintain the ssl (tcp) connection, changing the servant to the other alteon.

        Let me show a real log from a Squid proxy server which have the problem:

    1089670996.757 7955 191.1.200.203 TCP_MISS/200 564 CONNECT test.scotiabank.cl:443 - DIRECT/200.14.209.102 -
    1089670998.789 983 191.1.200.203 TCP_MISS/200 3145 CONNECT test.scotiabank.cl:443 - DIRECT/200.14.209.102 -
    1089671010.119 7658 191.1.200.203 TCP_MISS/200 2160 CONNECT test.scotiabank.cl:443 - DIRECT/200.14.209.102 -
    1089671010.550 8564 191.1.200.203 TCP_MISS/200 28085 CONNECT test.scotiabank.cl:443 - DIRECT/200.14.209.102 -
    1089671010.556 8306 191.1.200.203 TCP_MISS/200 32611 CONNECT test.scotiabank.cl:443 - DIRECT/200.14.209.102 -
    1089671010.556 8106 191.1.200.203 TCP_MISS/200 4071 CONNECT test.scotiabank.cl:443 - DIRECT/200.14.209.102 -
    1089671100.271 2795 191.1.200.203 TCP_MISS/200 3145 CONNECT test.scotiabank.cl:443 - DIRECT/200.14.209.102 -
    1089671118.082 16450 191.1.200.203 TCP_MISS/200 46618 CONNECT test.scotiabank.cl:443 - DIRECT/200.14.209.102 -
    1089671118.090 16229 191.1.200.203 TCP_MISS/200 14760 CONNECT test.scotiabank.cl:443 - DIRECT/200.14.209.102 -
    1089671118.090 11676 191.1.200.203 TCP_MISS/200 6357 CONNECT test.scotiabank.cl:443 - DIRECT/200.14.209.102 -
    1089671118.091 11675 191.1.200.203 TCP_MISS/200 760 CONNECT test.scotiabank.cl:443 - DIRECT/200.14.209.102 -
    1089671119.789 369 191.1.200.203 TCP_MISS/200 3145 CONNECT test.scotiabank.cl:443 - DIRECT/200.14.209.102 -
    1089671130.362 9426 191.1.200.203 TCP_MISS/200 9334 CONNECT test.scotiabank.cl:443 - DIRECT/200.14.209.102 -
    1089671130.384 9672 191.1.200.203 TCP_MISS/200 27865 CONNECT test.scotiabank.cl:443 - DIRECT/200.14.209.102 -
    1089671165.589 36409 191.1.200.203 TCP_MISS/200 27621 CONNECT test.scotiabank.cl:443 - DIRECT/200.14.209.102 -
    1089671165.603 36411 191.1.200.203 TCP_MISS/200 3721 CONNECT test.scotiabank.cl:443 - DIRECT/200.14.209.102 -
    1089671167.220 442 191.1.200.203 TCP_MISS/200 3157 CONNECT test.scotiabank.cl:443 - DIRECT/200.55.208.28 -
    1089671176.455 4578 191.1.200.203 TCP_MISS/200 5088 CONNECT test.scotiabank.cl:443 - DIRECT/200.55.208.28 -
    1089671176.519 39 191.1.200.203 TCP_MISS/200 39 CONNECT test.scotiabank.cl:443 - DIRECT/200.55.208.28 -

        I have tested a lot of proxy servers including squid, without problems. Somebody can help me please?. This it is the only ponit of fail that I have.

    Greetings.

          --
          Giorgio Solari V. <gsolariIZZATcientec.cl>
          Cientec S.A.
         

    ____________________
    The Load Balancing Mailing List
    Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
    Archive: http://vegan.net/lb/archive
    LBDigest: http://lbdigest.com
    MRTG with SLB: http://vegan.net/MRTG
    Hosted by: http://www.tokkisystems.com



    This archive was generated by hypermail 2.1.4 : Wed Jul 14 2004 - 15:32:24 EDT