|
What is the purpose of using LVS with Squid to a https site?
HTTPs based material typically is not cachable.
I don't understand why you need Squid at all.
Once a request reaches a Squid and incurs a cache miss, the forwarded
request will have Squid IP as the source address. So you need to find a
way to make sure all connections from the same client IP to go to the
same Squid farm. Then when they incur cache misses, they will wind up
via LVS persistency to the same real sever.
Harry
> -----Original Message-----
> From: lvs-users-admin@xxxxxxxxxxxxxxxxxxxxxx [mailto:lvs-users-
> admin@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Palmer J.D.F.
> Sent: Tuesday, April 16, 2002 2:58 AM
> To: 'lvs-users@xxxxxxxxxxxxxxxxxxxxxx'
> Subject: LVS + Squid + scheduling = Confused; still.
>
> Hi all,
>
> Some time back I posted regarding problems I was seeing with accessing
> https
> sites, online banking etc, via my squid LVS. Unfortunately these
problems
> haven't gone away.
>
> This problem has been documented in the LVS how-to, but the suggested
> solutions don't seem to work, or work as I'd expect them to.
>
> I have since tried to use lblc & lblcr, both of these load balance but
> don't
> cure the problem unless I set persistence, or should I be doing that?
> While dh scheduling just refuses to work full stop, ipvsadm says it's
> running but no requests get forwarded to the realservers.
>
> Now I'm under the impression that I am probably doing something wrong
> here,
> I just don't know what, am I setting weights & persistence correctly,
is
> there anything I'm missing?
>
> The only way I seemed to be able to get this to work (IE access the
bank
> site) is to set a persistence, I have used 360 seconds, and I am
presently
> using lblc scheduling.
> I have just put the LVS live for a while to see how it fairs with a
> university full of people trying to access it instead of just me and a
few
> colleagues, and am waiting fro the phone to start ringing.
>
> The current output of ipvsadm is this... I am a tad concerned at the
> apparent lack of load balancing, can someone please explain this to
me?
>
> TCP wwwcache-vip.swan.ac.uk:squi lblc persistent 360
> -> squidfarm1.swan.ac.uk:squid Route 1 202 1045
> -> squidfarm2.swan.ac.uk:squid Route 1 14 8
>
> ______________
>
> Below is the extract from the how-to describing the initial problem.
>
> http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO-7.html
>
> '...The usual problem with squids not using a cache friendly scheduler
is
> that fetches are slow. In this case the website is sending hits to
several
> different RIPs. Some websites detect this and won't even serve you the
> pages.
>
> Palmer J.D.F. J.D.F.Palmer@xxxxxxxxxxxxx 18 Mar 2002
> I tried an online banking site www.hsbc.co.uk. It seems that this site
and
> undoubtedly many other secure sites don't like to see connections
split
> across several IP addresses as happens with my cluster. Different
parts of
> the pages are requested by different realservers, and hence different
IP
> addresses.
>
> It gives an error saying... "...For your security, we have
disconnected
> you
> from internet banking due to a period of inactivity..."
>
> I have had caching issues with HSBC before, they seem to be a bit more
> stringent than other sites. If I send the requests through one of the
> squids
> on it's own it works fine, so I can only assume it's because it is
seeing
> fragmented requests, maybe there is a keepalive component that is
> requested.
> How do I combat this? Is this what persistence does or is there a way
of
> making the realservers appear to all have the same IP address?
>
> Joe
>
> change -rr (or whatever you're running) to -dh.
>
> Lars
>
> Use a different scheduler, like lblc or lblcr...'
>
> Many thanks,
> Jezz Palmer.
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
|
