[lvs-users] 443 traffic woes., but port 80 fine.

[Brent Clark <brentgclarklist@xxxxxxxxx>]

Hiya

Im hoping someone would be kind to help me with my load balancing or 
least overlook my configs / setup, as im struggling to loadbalance all 
SSL / HTTPS traffic.

I got port 80 load balanced and working. I know cause I use by using

watch ipvsadm -L -n  and for i in `seq 100`; do lynx --dump 
http://machine; done. (Which allows me to see what machine LVS is now 
connecting too.)

,I see under the ActiveConn and / or InActConn, it increments etc.

I think, the SSL problem, is a routing issue.

My setup is, I have two machines that I have heartbeat for failover, and 
Im using LVS for loadbalancing for HTTP(S). The each machine has 2 ip 
aliases ( eth0:1 and eth0:2), for SSL Apache virtual hosting.

web01:~# cat /etc/network/interfaces
auto lo
       iface lo inet loopback

auto eth0
iface eth0 inet static
       address 41.203.4.4
       netmask 255.255.255.224
       gateway 41.203.4.3

# FOR HTTPS
auto eth0:1
iface eth0:1 inet static
       address 41.203.4.21
       netmask 255.255.255.224

auto eth0:2
iface eth0:2 inet static
       address 41.203.4.25
       netmask 255.255.255.224

# FOR LVS
auto lo:1
iface lo:1 inet static
       address 41.203.4.5
       netmask 255.255.255.255
       pre-up sysctl -p > /dev/null

auto lo:2
iface lo:2 inet static
       address 41.203.4.24
       netmask 255.255.255.255
       pre-up sysctl -p > /dev/null

web01:/etc/ha.d# cat ldirectord.cf
checktimeout=10
checkinterval=10
autoreload=no
logfile="/var/log/ldirectord.log"
quiescent=yes
virtual=41.203.4.5:80
        real=41.203.4.4:80 gate
        real=41.203.4.7:80 gate
        fallback=127.0.0.1:80
        service=http
        request="ldirector.html"
        receive="Test Page"
        scheduler=rr
        protocol=tcp
        checktype=negotiate
virtual=41.203.4.24:443
        real=41.203.4.21:443 gate
        real=41.203.4.22:443 gate
        fallback=127.0.0.1:443
        service=https
        request="ldirector.html"
        receive="Test Page"
        scheduler=rr
        protocol=tcp
        checktype=negotiate


And last but not least

web01:/etc/ha.d# cat haresources
web01.konsoleh.cpt2.host-h.net \
ldirectord::ldirectord.cf \
LVSSyncDaemonSwap::master \
IPaddr2::41.203.4.5/27/eth0/41.203.4.31 \
IPaddr2::41.203.4.24/27/eth0/41.203.4.31


And with all this, I get the following,

web01:/etc/ha.d# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  41.203.4.5:80 rr
  -> 41.203.4.7:80                Route   1      0          0        
  -> 41.203.4.4:80                Local   1      0          0        
TCP  41.203.4.24:443 rr
  -> 41.203.4.22:443              Route   1      0          0        
  -> 41.203.4.21:443              Local   1      0          0

I can ping all the ips, but if I use my browser I get "unable to 
connect", for any traffic destined to port 443.

If anyone could help, I would appreciate it.

Kind Regards
Brent Clark



_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users