LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

RE: Please Help~~~!HTTPS Problem

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: Please Help~~~!HTTPS Problem
From: "Louis Lam" <louis.lam@xxxxxxxxxxxxxxxxxxxx>
Date: Fri, 28 Oct 2005 19:00:52 +0800
Thanks for your reply
The detail information you requested as below  

1. ipvsadm -Ln

-> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.0.58.136:443 rr persistent 600
  -> 10.0.58.232:443              Route   1      0          10
  -> 10.0.58.230:443              Route   1      0          0
TCP  10.0.58.136:80 rr
  -> 10.0.58.232:80               Route   1      0          2
  -> 10.0.58.230:80               Route   1      0          1


=============================
2.
It works for real / private ip.
It doesn't work for virtual ip.
=====================================
3.  The ip where browser is used for testing  is 10.0.58.93

The message below is the dump from director 

18:44:29.879985 10.0.58.93.3071 > 10.0.58.136.https: . ack 1 win 65535 (DF)
18:44:29.880357 10.0.58.93.3071 > 10.0.58.136.https: P 0:78(78) ack 1 win 65535 
(DF)
18:44:29.880359 10.0.58.93.3071 > 10.0.58.136.https: P 0:78(78) ack 1 win 65535 
(DF)
18:44:29.901470 10.0.58.93.3071 > 10.0.58.136.https: R 78:78(0) ack 1461 win 0 
(DF)
18:44:29.901472 10.0.58.93.3071 > 10.0.58.136.https: R 78:78(0) ack 1461 win 0 
(DF)
18:44:29.901473 10.0.58.93.3071 > 10.0.58.136.https: R 2166075288:2166075288(0) 
win 0
18:44:29.901474 10.0.58.93.3071 > 10.0.58.136.https: R 2166075288:2166075288(0) 
win 0
18:44:29.918835 10.0.58.93.3072 > 10.0.58.136.https: S 4108587425:4108587425(0) 
win 65535 <mss 1460,nop,nop,sackOK> (DF)
18:44:29.918838 10.0.58.93.3072 > 10.0.58.136.https: S 4108587425:4108587425(0) 
win 65535 <mss 1460,nop,nop,sackOK> (DF)
18:44:29.919709 10.0.58.93.3072 > 10.0.58.136.https: . ack 1371201085 win 65535 
(DF)
18:44:29.919711 10.0.58.93.3072 > 10.0.58.136.https: . ack 1 win 65535 (DF)
18:44:29.920209 10.0.58.93.3072 > 10.0.58.136.https: P 0:78(78) ack 1 win 65535 
(DF)
18:44:29.920211 10.0.58.93.3072 > 10.0.58.136.https: P 0:78(78) ack 1 win 65535 
(DF)
18:44:29.941696 10.0.58.93.3072 > 10.0.58.136.https: F 78:78(0) ack 1012 win 
64524 (DF)
18:44:29.941699 10.0.58.93.3072 > 10.0.58.136.https: F 78:78(0) ack 1012 win 
64524 (DF)
18:44:29.947693 10.0.58.93.3072 > 10.0.58.136.https: R 79:79(0) ack 2472 win 0 
(DF)
18:44:29.947695 10.0.58.93.3072 > 10.0.58.136.https: R 79:79(0) ack 2472 win 0 
(DF)
18:44:29.947818 10.0.58.93.3072 > 10.0.58.136.https: R 4108587505:4108587505(0) 
win 0
18:44:29.947820 10.0.58.93.3072 > 10.0.58.136.https: R 4108587505:4108587505(0) 
win 0

=================================
The dump for the real server is as below:
Realserver

tcpdump: listening on any
18:43:20.925733 10.0.58.93.3060 > 10.0.58.136.https: S 3948807221:3948807221(0) 
                              win 65535 <mss 1460,nop,nop,sackOK> (DF)
18:43:20.925748 10.0.58.136.https > 10.0.58.93.3060: S 1300038731:1300038731(0) 
                              ack 3948807222 win 5840 <mss 1460,nop,nop,sackOK> 
(DF)
18:43:20.926733 10.0.58.93.3060 > 10.0.58.136.https: . ack 1 win 65535 (DF)
18:43:20.927857 10.0.58.93.3060 > 10.0.58.136.https: P 1:79(78) ack 1 win 65535 
                              (DF)
18:43:20.927877 10.0.58.136.https > 10.0.58.93.3060: . ack 79 win 5840 (DF)
18:43:20.949010 10.0.58.136.https > 10.0.58.93.3060: . 1:1461(1460) ack 79 win 
5                              840 (DF)
18:43:20.949016 10.0.58.136.https > 10.0.58.93.3060: . 1461:2921(1460) ack 79 
wi                              n 5840 (DF)
18:43:20.952094 10.0.58.93.3060 > 10.0.58.136.https: R 79:79(0) ack 1461 win 0 
(                              DF)
18:43:20.952342 10.0.58.93.3060 > 10.0.58.136.https: R 3948807300:3948807300(0) 
                              win 0
18:43:20.963962 10.0.58.93.3061 > 10.0.58.136.https: S 2549023697:2549023697(0) 
                              win 65535 <mss 1460,nop,nop,sackOK> (DF)
18:43:20.963985 10.0.58.136.https > 10.0.58.93.3061: S 1299945476:1299945476(0) 
                              ack 2549023698 win 5840 <mss 1460,nop,nop,sackOK> 
(DF)
18:43:20.964836 10.0.58.93.3061 > 10.0.58.136.https: . ack 1 win 65535 (DF)
18:43:20.964960 10.0.58.93.3061 > 10.0.58.136.https: P 1:79(78) ack 1 win 65535 
                              (DF)
18:43:20.964970 10.0.58.136.https > 10.0.58.93.3061: . ack 79 win 5840 (DF)
18:43:20.991280 10.0.58.136.https > 10.0.58.93.3061: P 1:1012(1011) ack 79 win 
5                              840 (DF)
18:43:20.993068 10.0.58.93.3061 > 10.0.58.136.https: F 79:79(0) ack 1012 win 
645                              24 (DF)
18:43:20.996711 10.0.58.136.https > 10.0.58.93.3061: . 1012:2472(1460) ack 80 
wi                              n 5840 (DF)
18:43:20.996715 10.0.58.136.https > 10.0.58.93.3061: P 2472:3060(588) ack 80 
win                               5840 (DF)
18:43:20.999065 10.0.58.93.3061 > 10.0.58.136.https: R 80:80(0) ack 2472 win 0 
(                              DF)
18:43:20.999440 10.0.58.93.3061 > 10.0.58.136.https: R 2549023777:2549023777(0) 
                              win 0
18:43:26.714084 10.0.58.93.3062 > 10.0.58.136.https: S 2498114505:2498114505(0) 
                              win 65535 <mss 1460,nop,nop,sackOK> (DF)
18:43:26.714098 10.0.58.136.https > 10.0.58.93.3062: S 1307888792:1307888792(0) 
                              ack 2498114506 win 5840 <mss 1460,nop,nop,sackOK> 
(DF)
18:43:26.714958 10.0.58.93.3062 > 10.0.58.136.https: . ack 1 win 65535 (DF)
18:43:26.715458 10.0.58.93.3062 > 10.0.58.136.https: P 1:79(78) ack 1 win 65535 
                              (DF)
18:43:26.715479 10.0.58.136.https > 10.0.58.93.3062: . ack 79 win 5840 (DF)
18:43:26.729081 10.0.58.136.https > 10.0.58.93.3062: . 1:1461(1460) ack 79 win 
5                              840 (DF)
18:43:26.729086 10.0.58.136.https > 10.0.58.93.3062: . 1461:2921(1460) ack 79 
wi                              n 5840 (DF)


=================================
4. When no clients are trying to connect

The tcpdump shows nothing (as we have set the ldirector time interval to a very 
large value. Otherwise, all the dump is created by the ldirector.)


===================================
5. When the client using http (port 80)

The dump below when the client using http (port 80)

18:49:09.856961 10.0.58.93.3075 > 10.0.58.136.http: P 8338:8732(394) ack 29611 
win 65310 (DF)
18:49:10.015876 10.0.58.93.3074 > 10.0.58.136.http: . ack 42346 win 65086 (DF)
18:49:10.015879 10.0.58.93.3074 > 10.0.58.136.http: . ack 42346 win 65086 (DF)
18:49:10.015880 10.0.58.93.3075 > 10.0.58.136.http: . ack 29835 win 65086 (DF)
18:49:10.015881 10.0.58.93.3075 > 10.0.58.136.http: . ack 29835 win 65086 (DF)
18:49:25.899210 10.0.58.93.3075 > 10.0.58.136.http: . ack 29836 win 65086 (DF)
18:49:25.899215 10.0.58.93.3075 > 10.0.58.136.http: . ack 29836 win 65086 (DF)
18:49:26.797684 10.0.58.93.3074 > 10.0.58.136.http: . ack 42347 win 65086 (DF)
18:49:26.797688 10.0.58.93.3074 > 10.0.58.136.http: . ack 42347 win 65086 (DF)
18:49:30.656298 10.0.58.93.3074 > 10.0.58.136.http: R 5172:5172(0) ack 42347 
win 0 (DF)
18:49:30.656303 10.0.58.93.3074 > 10.0.58.136.http: R 5172:5172(0) ack 42347 
win 0 (DF)
18:49:30.656305 10.0.58.93.3075 > 10.0.58.136.http: R 8732:8732(0) ack 29836 
win 0 (DF)
18:49:30.656306 10.0.58.93.3075 > 10.0.58.136.http: R 8732:8732(0) ack 29836 
win 0 (DF)



-----Original Message-----
From: lvs-users-bounces+louis.lam=firstshanghai.com.hk@xxxxxxxxxxxxxxxxxxxxxx 
[mailto:lvs-users-bounces+louis.lam=firstshanghai.com.hk@xxxxxxxxxxxxxxxxxxxxxx]On
 Behalf Of Graeme Fowler
Sent: Friday, October 28, 2005 6:25 PM
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: Please Help~~~!HTTPS Problem


On Fri 28 Oct 2005 11:12:04 BST , Louis Lam 
<louis.lam@xxxxxxxxxxxxxxxxxxxx> wrote:

> I have one load balancer and two real servers. Http service works 
> fine for the setup. But it fails for https

Please provide answers or details for the following things:

1. ipvsadm -Ln

2. Can the client talk directly to the realservers on port 443?

3. You say:
> 2. When HTTPS request are made through the VIP, the tcpdump executed 
> of both the real servers do not have any traffic.

What does running tcpdump on the director tell you? [hint: use the -n 
switch to avoid name resolution]


4. You say:
> 4. The ldirector runs properly on https test page too. Status Code 
> 200 --> OK is returned

So if that is working, what does tcpdump show you from the director 
when no clients are trying to connect?

What do you get out of tcpdump on the director when the client is using 
port 80?

Graeme


<Prev in Thread] Current Thread [Next in Thread>