To: " users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: HTTPS
From: Volker Dormeyer <volker@xxxxxxxxxxxx>
Date: Tue, 23 Aug 2005 21:50:20 +0200
Hi Brad,

 * On Mon, 22 Aug 2005 12:22:26 -0400,
 * "Brad Taylor" <btaylor@xxxxxxxxxxxx> wrote:

 > Thanks.
 > Got the weights to be correct but now getting all requests to be
 > inactive:

 > [root@LB_Master ha.d]# ipvsadm -L
 > IP Virtual Server version 1.0.8 (size=65536)
 > Prot LocalAddress:Port Scheduler Flags
 > -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
 > TCP wlc persistent 600
 > ->             Route   1      0          3
 > ->             Route   1      0          0

 > What can I do so that the connection is active?

This should be normal, there are just 3 connections inactive, because the
data has already been transfered and they are closed. A normal HTTP
connection is closed, after the data has been transfered from server to
the client. When you click on a link in a web page, another connection
will be initiated by the client to the server.

If you do "ipvsadm -lnc" you should see at least these three connections
in state TIME_WAIT. As soon as the timeout ends, the connection entries
will be removed from the table.

The behaviour changes, when client and server support "persistent HTTP"
connections (not to interchange with persistence provided by LVS). A
persistent HTTP connection is kept open, as long either the client or
the server decide to close it. That means even if the client received
the requested document, the connection stays open. As already mentioned,
this has nothing to with the persistence functionality provided by LVS
which means to stick a single client to one real server for a defined
amount of time, even for new initiated connections.


 Volker Dormeyer        <volker@xxxxxxxxxxxx>

 * On Fri, 19 Aug 2005 16:47:22 -0400,
 * "Brad Taylor" <btaylor@xxxxxxxxxxxx> wrote:

 > I've setup an LVS and a Squid in reverse proxy mode. Squid is setup
 > with
 > a certificate to decrypt https traffic and sends http back to the
 > real
 > server. This has been tested and working. I've setup another Squid
 > and
 > real server the same way. Now I'm trying to get the LVS to load
 > balance
 > the Squids. The request would be https to the LVS then https to
 > Squid.
 > Squid would decrypt the https and forward http to the backend server.
 > Here is my conf file:

 > [...]

 > # Virtual Server for HTTP
 > virtual=
 >      fallback=
 >      real= gate
 >      real= gate
 >      service=http

 > this seems to be the problem. Please set service=https instead of
 > http. Ldirectord will use HTTPS to negotiate, then.

 > [...]

 > Regards,
 > Volker

 > --
 Volker Dormeyer        <volker@xxxxxxxxxxxx>

 > _______________________________________________
 > mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
 > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
 > or go to
 > _______________________________________________
 > mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
 > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
 > or go to

<Prev in Thread] Current Thread [Next in Thread>