|
Hi all,
Some time back I posted regarding problems I was seeing with accessing https
sites, online banking etc, via my squid LVS. Unfortunately these problems
haven't gone away.
This problem has been documented in the LVS how-to, but the suggested
solutions don't seem to work, or work as I'd expect them to.
I have since tried to use lblc & lblcr, both of these load balance but don't
cure the problem unless I set persistence, or should I be doing that?
While dh scheduling just refuses to work full stop, ipvsadm says it's
running but no requests get forwarded to the realservers.
Now I'm under the impression that I am probably doing something wrong here,
I just don't know what, am I setting weights & persistence correctly, is
there anything I'm missing?
The only way I seemed to be able to get this to work (IE access the bank
site) is to set a persistence, I have used 360 seconds, and I am presently
using lblc scheduling.
I have just put the LVS live for a while to see how it fairs with a
university full of people trying to access it instead of just me and a few
colleagues, and am waiting fro the phone to start ringing.
The current output of ipvsadm is this... I am a tad concerned at the
apparent lack of load balancing, can someone please explain this to me?
TCP wwwcache-vip.swan.ac.uk:squi lblc persistent 360
-> squidfarm1.swan.ac.uk:squid Route 1 202 1045
-> squidfarm2.swan.ac.uk:squid Route 1 14 8
______________
Below is the extract from the how-to describing the initial problem.
http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO-7.html
'...The usual problem with squids not using a cache friendly scheduler is
that fetches are slow. In this case the website is sending hits to several
different RIPs. Some websites detect this and won't even serve you the
pages.
Palmer J.D.F. J.D.F.Palmer@xxxxxxxxxxxxx 18 Mar 2002
I tried an online banking site www.hsbc.co.uk. It seems that this site and
undoubtedly many other secure sites don't like to see connections split
across several IP addresses as happens with my cluster. Different parts of
the pages are requested by different realservers, and hence different IP
addresses.
It gives an error saying... "...For your security, we have disconnected you
from internet banking due to a period of inactivity..."
I have had caching issues with HSBC before, they seem to be a bit more
stringent than other sites. If I send the requests through one of the squids
on it's own it works fine, so I can only assume it's because it is seeing
fragmented requests, maybe there is a keepalive component that is requested.
How do I combat this? Is this what persistence does or is there a way of
making the realservers appear to all have the same IP address?
Joe
change -rr (or whatever you're running) to -dh.
Lars
Use a different scheduler, like lblc or lblcr...'
Many thanks,
Jezz Palmer.
|
