[prev in list] [next in list] [prev in thread] [next in thread]
List: loadbalancing-l
Subject: RE: [load balancing] Alteon hash and HTTPS
From: "Kenneth Thurman" <kthurm1 () nortelnetworks ! com>
Date: 2003-05-22 20:54:26
[Download RAW message or body]
Nicolas,
If the users coming in from behind a mega proxy like AOL then hash or
pbind client ip will not work, but you don't' have many options unless you
offload the SSL and decrypt it, then you can use cookie insert mode, if you
upgrade to latest code and you are not using an AD2.
Regards,
Ken T.
-----Original Message-----
From: Nicolas Maury [mailto:nicolasmaury2001@yahoo.com]
Sent: Thursday, May 22, 2003 5:25 AM
To: lb-l@vegan.net
Subject: [load balancing] Alteon hash and HTTPS
Hello all,
I have a problem with an Alteon, I've got a VIP
configured like this :
/cfg/slb/group 42
metric hash
backup none
healt http
realthr 0
add 55
add 60
/cfg/slb/virt 42
ena
vip A.B.C.D
/cfg/slb/virt 42/service http
group 42
/cfg/slb/virt 42/service https
group 42
With HTTPS, randomly some sessions assigned to real
server 55 "jump" to real server 60 (and vice-versa), persistence is broken
and our application is disrupted.
We can't use the pbind sslid because we had apparently
issues with some browsers that renegotiate SSL session
ID during user session.
I tried to use the command "pbind clientip" but
results are the same.
I thought with hash method an HTTPS session would stay
on the same real server. Do we have a
misconfiguration ? or is that a bug ? (We are running
WebOS 8.0.60.9, with DAM and WMA enabled).
Regards,
Nicolas Maury
__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com
____________________ The Load Balancing Mailing List
Unsubscribe: mailto:majordomo@vegan.net?body=unsubscribe%20lb-l
Archive: http://vegan.net/lb/archive
LBDigest: http://lbdigest.com
MRTG with SLB: http://vegan.net/MRTG
Hosted by: http://www.tokkisystems.com
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2656.31">
<TITLE>RE: [load balancing] Alteon hash and HTTPS</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=2>Nicolas,</FONT>
</P>
<P><FONT SIZE=2> If the users coming in from behind a mega proxy like AOL \
then hash or pbind client ip will not work, but you don't' have many options unless \
you offload the SSL and decrypt it, then you can use cookie insert mode, if you \
upgrade to latest code and you are not using an AD2.</FONT></P>
<P><FONT SIZE=2>Regards,</FONT>
</P>
<P><FONT SIZE=2>Ken T.</FONT>
<BR><FONT SIZE=2>-----Original Message-----</FONT>
<BR><FONT SIZE=2>From: Nicolas Maury [<A \
HREF="mailto:nicolasmaury2001@yahoo.com">mailto:nicolasmaury2001@yahoo.com</A>] \
</FONT> <BR><FONT SIZE=2>Sent: Thursday, May 22, 2003 5:25 AM</FONT>
<BR><FONT SIZE=2>To: lb-l@vegan.net</FONT>
<BR><FONT SIZE=2>Subject: [load balancing] Alteon hash and HTTPS</FONT>
</P>
<BR>
<P><FONT SIZE=2>Hello all, </FONT>
</P>
<P><FONT SIZE=2>I have a problem with an Alteon, I've got a VIP</FONT>
<BR><FONT SIZE=2>configured like this :</FONT>
</P>
<P><FONT SIZE=2>/cfg/slb/group 42</FONT>
<BR><FONT SIZE=2> metric hash</FONT>
<BR><FONT SIZE=2> backup none</FONT>
<BR><FONT SIZE=2> healt http</FONT>
<BR><FONT SIZE=2> realthr 0</FONT>
<BR><FONT SIZE=2> add 55</FONT>
<BR><FONT SIZE=2> add 60</FONT>
<BR><FONT SIZE=2>/cfg/slb/virt 42</FONT>
<BR><FONT SIZE=2> ena</FONT>
<BR><FONT SIZE=2> vip A.B.C.D</FONT>
<BR><FONT SIZE=2>/cfg/slb/virt 42/service http</FONT>
<BR><FONT SIZE=2> group 42</FONT>
<BR><FONT SIZE=2>/cfg/slb/virt 42/service https</FONT>
<BR><FONT SIZE=2> group 42</FONT>
</P>
<P><FONT SIZE=2>With HTTPS, randomly some sessions assigned to real</FONT>
<BR><FONT SIZE=2>server 55 "jump" to real server 60 (and vice-versa), \
persistence is broken and our application is disrupted.</FONT> </P>
<P><FONT SIZE=2>We can't use the pbind sslid because we had apparently</FONT>
<BR><FONT SIZE=2>issues with some browsers that renegotiate SSL session</FONT>
<BR><FONT SIZE=2>ID during user session.</FONT>
<BR><FONT SIZE=2>I tried to use the command "pbind clientip" but</FONT>
<BR><FONT SIZE=2>results are the same.</FONT>
</P>
<P><FONT SIZE=2>I thought with hash method an HTTPS session would stay</FONT>
<BR><FONT SIZE=2> on the same real server. Do we have a</FONT>
<BR><FONT SIZE=2>misconfiguration ? or is that a bug ? (We are running</FONT>
<BR><FONT SIZE=2>WebOS 8.0.60.9, with DAM and WMA enabled).</FONT>
</P>
<P><FONT SIZE=2>Regards,</FONT>
</P>
<P><FONT SIZE=2>Nicolas Maury</FONT>
</P>
<BR>
<BR>
<BR>
<BR>
<P><FONT SIZE=2>__________________________________</FONT>
<BR><FONT SIZE=2>Do you Yahoo!?</FONT>
<BR><FONT SIZE=2>The New Yahoo! Search - Faster. Easier. Bingo. <A \
HREF="http://search.yahoo.com" TARGET="_blank">http://search.yahoo.com</A> \
____________________ The Load Balancing Mailing List</FONT></P>
<P><FONT SIZE=2>Unsubscribe: <A \
HREF="mailto:majordomo@vegan.net?body=unsubscribe%20lb-l">mailto:majordomo@vegan.net?body=unsubscribe%20lb-l</A></FONT>
<BR><FONT SIZE=2>Archive: <A \
HREF="http://vegan.net/lb/archive" \
TARGET="_blank">http://vegan.net/lb/archive</A></FONT> <BR><FONT \
SIZE=2>LBDigest: <A HREF="http://lbdigest.com" \
TARGET="_blank">http://lbdigest.com</A></FONT> <BR><FONT SIZE=2>MRTG with SLB: \
<A HREF="http://vegan.net/MRTG" TARGET="_blank">http://vegan.net/MRTG</A></FONT> \
<BR><FONT SIZE=2>Hosted by: <A \
HREF="http://www.tokkisystems.com" \
TARGET="_blank">http://www.tokkisystems.com</A></FONT> </P>
</BODY>
</HTML>
____________________
The Load Balancing Mailing List
Unsubscribe: mailto:majordomo@vegan.net?body=unsubscribe%20lb-l
Archive: http://vegan.net/lb/archive
LBDigest: http://lbdigest.com
MRTG with SLB: http://vegan.net/MRTG
Hosted by: http://www.tokkisystems.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic