|
Hello Joe,
> > "504 Gateway Timeout - Lost connection to neighbor proxyserver"
> > "502 Bad Gateway - Mal-formed reply from origin server"
> >
> > When they point their BorderManager to realserver-1 there are no
> > problems.
>
> This is no fun for you and the customers get riled.
>
> I take it you can't get the list of what they did to get the error
and
> go to the same site yourself and type the same commands.
Yes, i know. They go to a webmail service, try to upload some
attachments and hang... i can do this here too, but it doesn't give
problems :-)
> > It is not with all sites, especially with Hotmail and searching at
> > www.vikingdirect.nl and other sites not specified.
> >
> > I stopped all firewalls on load-balancer and realservers, but that
does
> > not solve the problem, so we can assume there are no packets
dropped by
> > iptables.
>
> Let's assume it's either LVS or squid or an interaction between LVS
and squid.
>
> Having the customers going directly to the realservers without
problems
> would indicate that it's not the squid.
> Is a better way to switch to DR-mode?
I've now added an extra IPVS service on another port with direct
routing, tomorrow i'll try a customer.
The only difference is -g (route) in place of -i (ipip). Packets are
routed over internal LAN.
> for LVS-DR you need the realservers on the same segment as the
director, ie
> the director and realservers must be able to exchange arp packets.
LVS-Tun
> was designed for situations when the realservers have to be remote.
> Another possibility is to make the MTU of all packets 1492 before
they hit the
> director. Do you have a box infront of the director(s) that can
change the MTU?
I don't have a box in front of the director, so changing the mtu there
is no option.
Thanks, Janno.
Janno de Wit
DNA Services B.V.
|
