LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] Squid cache-proxy with IPVS. Some sites loading problems

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: [lvs-users] Squid cache-proxy with IPVS. Some sites loading problems.
From: HUB Netsky <net.for.hub@xxxxxxxxx>
Date: Tue, 12 Oct 2010 13:08:40 +0400
Hello, all.

I'm writing to report that the problem is solved. I've built the
latest vanilla kernel with pv-ops and ip_vs modules. Now everything
seems working OK.

Thanks to LVS project developers.

On Fri, Oct 8, 2010 at 2:17 PM, HUB Netsky <net.for.hub@xxxxxxxxx> wrote:
> Hello, everyone.
>
> I'm trying to set up a load balanced cluster of *normal* squid proxy
> servers (neither reverse, nor transparent). Balancing is done by ipvs
> controlled by ldirectord, ipip tunneling is used.
>
> Most of pages load normally, but some (ex. gmail login,
> serverfault.com login with OpenID, several other sides with redirects)
> experience problems. When I try (for example) to log in to gmail, I
> enter login & password and after a while get just a blank page. At the
> same time, many sites, that use 301-redirects work OK (for example
> "http://yandex.ru"; redirects to "http://www.yandex.ru"; using
> 301-redirect). When working through any of the cluster nodes directly,
> no problems appear, so the issue is not in Squid itself.
>
> Added later: It seems, the problem is floating. Sometimes it doesn't
> allow log in, sometimes, log out, sometimes even doesn't load login
> page. I'm stuck...
>
> Suggestion that the problem is with balancing requests sent to
> different servers during login was incorrect. According to Squid' s
> access.log, all requests go to one server, leaving only one squid
> server in ipvs in the configuration doesn't solve the problem either.
>
> So, the question is what is wrong in my configuration? Any ideas on
> additional methods of troubleshooting? Could anyone send me a working
> configuration (and software versions) of cluster of similar type?
>
> Currently I'm using squid v. 3.1.7 (built from sources), kernel
> 2.6.32-xen (SLES 11 SP1 distro), ipvsadm 1.2.1 (built from sources),
> ldirectord v. 1.0.3 (also from sources). I also tried squid 2.7, gmail
> login worked, but Gtalk chat was not available.
> Here are some configs:
>
> ======= ldirectord.cf =======
> ldirectord.cf:
> # Global Directives
> checktimeout=5
> checkinterval=5
> autoreload=no
> logfile="/var/log/ldirectord.log"
> quiescent=no
> cleanstop=yes
> # Virtual Server for HTTP_PROXY
> virtual=10.128.0.109:8080
>        fallback=127.0.0.1:80
>        real=10.128.1.43:8080 ipip 200
>        real=10.128.0.106:8080 ipip 300
>        service=http_proxy
>        request="http://www.google.com/index.html";
>        receive="Google Search"
>        scheduler=sh
>        # persistent=60
>        protocol=tcp
>        checktype=negotiate
> ======= EOF ldirectord.cf =======
>
> ======= squid.conf =======
> http_port 10.128.0.106:8080 # "real" IP of the node
> http_port 10.128.0.109:8080 # "Virtual" IP of the cluster on tunl0 interface
> http_port 127.0.0.1:8080
> cache_mem 300 MB
> cache_dir ufs /opt/squid/var/cache 500 16 256
> cache_effective_user squid
> cache_effective_group squid
> visible_hostname AQUA-node
> cachemgr_passwd SquidCM all
> access_log /opt/squid/var/logs/access.log
> logfile_rotate 5
>
> # ICQ connect (experimental)
> acl ICQ_ADDR dst 64.12.0.0/16 205.188.0.0/16
> acl ICQ_PORT port 5190 443
> acl CONNECT method CONNECT
> acl ICQ_PROTO proto HTTPS
> acl ICQ_DOMAIN dstdomain .icq.com .aol.com .aim.com
> always_direct   allow   ICQ_DOMAIN ICQ_PORT CONNECT
> always_direct   allow   ICQ_ADDR   ICQ_PORT CONNECT
>
> acl allnet_temp src 10.0.0.0/8
> http_access allow allnet_temp
>
> http_access deny all
> ======= EOF squid.conf =======
>
> Example:
> (loged in gmail, closing tab, changing proxy sennings in browser,
> opening gmail.com in new tab)
> (Url in browser:
> "https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=
> <and so on>")
> ======= access.log =======
> 1286531980.273    228 10.0.0.232 TCP_MISS/302 1069 GET
> http://mail.google.com/mail/ - DIRECT/74.125.79.83 text/html
> 1286531990.392  10101 10.0.0.232 TCP_MISS/200 133 CONNECT
> www.google.com:443 - DIRECT/74.125.87.104 -
> ======= EOF access.log =======
>
> Another example:
> (loged out from gmail, cleared cache&cookies, switched proxy in
> browser, loged in gmail normally (chat not working), couldn' logout
> ("Please, wait" on screen), closed tab, trying to access gmail again,
> blank page)
> ======= access.log =======
> 1286532375.042    108 10.0.0.232 TCP_MISS/302 1069 GET
> http://mail.google.com/mail/ - DIRECT/74.125.79.19 text/html
> ======= EOF access.log =======
>
> If any additional information is needed, just let me know.
>
> P.S. Sorry for such a long letter.
> --
> HUB
>



-- 
HUB

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
<Prev in Thread] Current Thread [Next in Thread>