Janno de Wit wrote:
> Nothing is cached, and sites like Windowsupdate
> are not passed through our upstream filter and are directly going to the
> origin site.
OK, so Windowsupdate and MediaMarkt are going via the LVS but not
through the squids.
> People having problems with, for example MediaMarkt, do not have the
> problem when we connect directly to the proxy.
I guess you need lvs persistence for these sites.
It would be nice not to have to make everything persistent.
If the number of sites that need persistence is small and known,
then maybe you could redirect them to a different VIP on the director,
but I don't really see how to make this work.
> The only strange thing I can mention is lot of warnings in Squid
> cache-log on the realservers.
so something here is going through the squids?
> 2005/01/06 21:27:57| sslReadServer: FD 153: read failure: (104)
> Connection reset by peer
> 2005/01/06 21:31:09| sslReadServer: FD 467: read failure: (104)
> Connection reset by peer
> 2005/01/06 22:00:56| sslReadServer: FD 490: read failure: (104)
> Connection reset by peer
> ... (day in, day out)
>
> This should not be a problem, but may be relative to the problem.
> I'll go to one of our customers to see if I can reproduce a warning like
> this through LVS tomorrow.
>
> Are there any IP-tables related problems to LVS in TUN-mode?
I assume you're talking about the director. For filtering no,
for conntrack, see the HOWTO. The realservers are just servers,
you can do anything with netfilter there.
Joe
--
Joseph Mack PhD, High Performance Computing & Scientific Visualization
LMIT, Supporting the EPA Research Triangle Park, NC 919-541-0007
Federal Contact - John B. Smith 919-541-1087 - smith.johnb@xxxxxxx
|