[prev in list] [next in list] [prev in thread] [next in thread]
List: loadbalancing-l
Subject: Re: [load balancing] SMTP Healthcheck details - Alteon 180e
From: "Henrik Lantz" <h.o.lans () chello ! nl>
Date: 2004-06-18 7:53:33
Message-ID: 001701c45509$5af5c7a0$18c296c1 () NLD05855
[Download RAW message or body]
RE: [load balancing] SMTP Healthcheck details - Alteon 180eRich,
Thanks for your answers! Exactly what I needed.
Regards,
Henrik
----- Original Message -----
From: Richard O'Halloran
To: 'lb-l@vegan.net'
Sent: Thursday, June 17, 2004 1:03 PM
Subject: RE: [load balancing] SMTP Healthcheck details - Alteon 180e
I'll try and answer AFAIK..
1) Pretty much.
2) You are right. Without content string it just does a SYN health check or I \
should say
3) Not that I am aware of but you can plan with the interval and the retry settings \
to make the Alteon less sensitive to marking slow servers as down. A while back there \
was of adding such feature but it would be more in milliseconds then in seconds and \
would have to significantly lower than the interval timer :)
4) If you don't have a content string and the alteon is doing plain TCP health \
checks then I think it sends the FIN as part of the ACK to the servers SYN, eg.
[alteon] --- SYN tcp/25 ---> [real server]
[alteon] <--- SYN ACK --- [real server]
[alteon] --- FIN ACK ---> [real server]
(doesn't care after that)
That can cause some issues with some TCP stacks. NT 4.0 was one of them. Bear in \
mind that if you use scripted health checks under /cfg/slb/advhc/script X it will not \
that that. Also you can do whatever you want. EXPN, VRFY, HELO, etc.
Rich.
-----Original Message-----
From: Henrik Lantz [mailto:h.o.lans@chello.nl]
Sent: Thursday, 17 June 2004 4:33 PM
To: lb-l@vegan.net
Subject: [load balancing] SMTP Healthcheck details - Alteon 180e
Hi all,
I am curious to find out the exact details about what happens during an SMTP \
health check. We are trialling a new anti-spam front-end and we've got some issues \
making it work with the Alteons that front the system. We are using Alteon 180e's \
running software 10.0.30.8-SSH (and we know about, and are not affected by, the \
vulnerabilities in this version).
For the test platform, we have dedicated one real server, configured as:
/c/slb/real 1
ena
rip 192.168.13.10
It is part of a group (with other real servers still running the old platform), \
configured as:
/c/slb/group 1
health smtp
add 1
add 3
add 4
add 5
add 6
add 7
add 8
add 9
add 10
name "smtp"
This is then all tied to a VIP with several services enabled, but we're only \
looking at the SMTP side here. As far as I can gather from Alteon / Nortel \
documentation, an SMTP health check should consist of:
[alteon] --- SYN tcp/25 ---> [real server]
[alteon] <--- SYN ACK --- [real server]
[alteon] --- ACK ---> [real server]
[alteon] --- VRFY username ---> [real server]
[alteon] <--- 250 OK --- [real server]
[alteon] --- FIN ---> [real server]
[alteon] <--- ACK --- [real server]
[alteon] <--- FIN --- [real server]
[alteon] --- ACK ---> [real server]
...so I have some questions:
1) Is my understanding correct? (Better start by ascertaining this... :))
2) What happens if you don't configure a username (in /c/slb/group 1/content) - \
like we've done? Is there a default value, is the VRFY simply performed without a \
parameter, or does it simply perform a TCP connect and then disconnect again?
3) One of the features of the application we're testing is SMTP connection \
throttling; meaning that it'll impose a delay on the TCP session before the SMTP \
welcome message is sent. This causes the Alteon health check to FAIL with the \
current confiuration - is it possible from the Alteon to configure a healthcheck \
timeout - say; "wait x seconds before assuming the healthcheck failed"? (The real \
servers running the old front-end all pass this healthcheck as configured.)
4) On the server side, we're (according to my sources) seeing the healthcheck \
sessions from the Alteon being torn down "abnormally" - which would indicate that the \
appropriate FIN/ACKs are not sent. Would this be normal behaviour in the case of a \
failed healthcheck?
Any help from the list would be highly appreciated...
Thanks in advance,
Henrik Lantz
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>RE: [load balancing] SMTP Healthcheck details - Alteon \
180e</TITLE> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1400" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Rich,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2> Thanks for your answers! Exactly what
I needed.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Regards,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2> Henrik</FONT></DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 \
2px solid; MARGIN-RIGHT: 0px"> <DIV style="FONT: 10pt arial">----- Original Message \
----- </DIV> <DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=rohallor@nortelnetworks.com
href="mailto:rohallor@nortelnetworks.com">Richard O'Halloran</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=lb-l@vegan.net
href="mailto:'lb-l@vegan.net'">'lb-l@vegan.net'</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Thursday, June 17, 2004 1:03
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> RE: [load balancing] SMTP
Healthcheck details - Alteon 180e</DIV>
<DIV><BR></DIV><BR>
<P><FONT size=2>I'll try and answer AFAIK..</FONT> </P>
<P><FONT size=2>1) Pretty much.</FONT> </P>
<P><FONT size=2>2) You are right. Without content string it just does a SYN
health check or I should say</FONT> </P>
<P><FONT size=2>3) Not that I am aware of but you can plan with the interval
and the retry settings to make the Alteon less sensitive to marking slow
servers as down. A while back there was of adding such feature but it would be
more in milliseconds then in seconds and would have to significantly lower
than the interval timer :)</FONT></P>
<P><FONT size=2>4) If you don't have a content string and the alteon is doing
plain TCP health checks then I think it sends the FIN as part of the ACK
to the servers SYN, eg.</FONT></P>
<P><FONT size=2>[alteon] --- SYN tcp/25 ---> [real server]</FONT> <BR><FONT
size=2>[alteon] <--- SYN ACK --- [real server]</FONT> <BR><FONT
size=2>[alteon] --- FIN ACK ---> [real server]</FONT> <BR><FONT
size=2>(doesn't care after that)</FONT> </P>
<P><FONT size=2>That can cause some issues with some TCP stacks. NT 4.0 was
one of them. Bear in mind that if you use scripted health checks under
/cfg/slb/advhc/script X it will not that that. Also you can do whatever you
want. EXPN, VRFY, HELO, etc.</FONT></P>
<P><FONT size=2>Rich.</FONT> </P><BR>
<P><FONT size=2>-----Original Message-----</FONT> <BR><FONT size=2>From:
Henrik Lantz [<A
href="mailto:h.o.lans@chello.nl">mailto:h.o.lans@chello.nl</A>]
</FONT><BR><FONT size=2>Sent: Thursday, 17 June 2004 4:33 PM</FONT> <BR><FONT
size=2>To: lb-l@vegan.net</FONT> <BR><FONT size=2>Subject: [load balancing]
SMTP Healthcheck details - Alteon 180e</FONT> </P><BR>
<P><FONT size=2>Hi all,</FONT> </P>
<P><FONT size=2> I am curious to find out the exact details about what
happens during an SMTP health check. We are trialling a new anti-spam
front-end and we've got some issues making it work with the Alteons that front
the system. We are using Alteon 180e's running software 10.0.30.8-SSH
(and we know about, and are not affected by, the vulnerabilities in this
version).</FONT></P>
<P><FONT size=2>For the test platform, we have dedicated one real server,
configured as:</FONT> </P>
<P><FONT size=2>/c/slb/real 1</FONT> <BR><FONT
size=2> ena</FONT> <BR><FONT
size=2> rip 192.168.13.10</FONT>
</P>
<P><FONT size=2>It is part of a group (with other real servers still running
the old platform), configured as:</FONT> </P>
<P><FONT size=2>/c/slb/group 1</FONT> <BR><FONT
size=2> health smtp</FONT> <BR><FONT
size=2> add 1</FONT> <BR><FONT
size=2> add 3</FONT> <BR><FONT
size=2> add 4</FONT> <BR><FONT
size=2> add 5</FONT> <BR><FONT
size=2> add 6</FONT> <BR><FONT
size=2> add 7</FONT> <BR><FONT
size=2> add 8</FONT> <BR><FONT
size=2> add 9</FONT> <BR><FONT
size=2> add 10</FONT> <BR><FONT
size=2> name "smtp"</FONT> </P>
<P><FONT size=2>This is then all tied to a VIP with several services enabled,
but we're only looking at the SMTP side here. As far as I can gather
from Alteon / Nortel documentation, an SMTP health check should consist
of:</FONT></P>
<P><FONT size=2>[alteon] --- SYN tcp/25 ---> [real server]</FONT> <BR><FONT
size=2>[alteon] <--- SYN ACK --- [real server]</FONT> <BR><FONT
size=2>[alteon] --- ACK ---> [real server]</FONT> </P>
<P><FONT size=2>[alteon] --- VRFY username ---> [real server]</FONT>
<BR><FONT size=2>[alteon] <--- 250 OK --- [real server]</FONT> </P>
<P><FONT size=2>[alteon] --- FIN ---> [real server]</FONT> <BR><FONT
size=2>[alteon] <--- ACK --- [real server]</FONT> <BR><FONT size=2>[alteon]
<--- FIN --- [real server]</FONT> <BR><FONT size=2>[alteon] --- ACK --->
[real server]</FONT> </P>
<P><FONT size=2>...so I have some questions:</FONT> <BR><FONT size=2>1) Is my
understanding correct? (Better start by ascertaining this... :))</FONT>
<BR><FONT size=2>2) What happens if you don't configure a username (in
/c/slb/group 1/content) - like we've done? Is there a default value, is the
VRFY simply performed without a parameter, or does it simply perform a TCP
connect and then disconnect again?</FONT></P>
<P><FONT size=2>3) One of the features of the application we're testing is
SMTP connection throttling; meaning that it'll impose a delay on the TCP
session before the SMTP welcome message is sent. This causes the Alteon
health check to FAIL with the current confiuration - is it possible from the
Alteon to configure a healthcheck timeout - say; "wait x seconds before
assuming the healthcheck failed"? (The real servers running the old
front-end all pass this healthcheck as configured.)</FONT></P>
<P><FONT size=2>4) On the server side, we're (according to my sources) seeing
the healthcheck sessions from the Alteon being torn down "abnormally" - which
would indicate that the appropriate FIN/ACKs are not sent. Would this be
normal behaviour in the case of a failed healthcheck?</FONT></P>
<P><FONT size=2>Any help from the list would be highly appreciated...</FONT>
</P><BR>
<P><FONT size=2>Thanks in advance,</FONT> </P>
<P><FONT size=2> Henrik Lantz</FONT> </P></BLOCKQUOTE></BODY></HTML>
____________________
The Load Balancing Mailing List
Unsubscribe: mailto:majordomo@vegan.net?body=unsubscribe%20lb-l
Archive: http://vegan.net/lb/archive
LBDigest: http://lbdigest.com
MRTG with SLB: http://vegan.net/MRTG
Hosted by: http://www.tokkisystems.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic