Re: [lvs-users] Firewall on LVS NAT

Mon, 09 Aug 2010 11:02:34 -0700 

I brought it up on this list a month or two ago, and it sort of  
floundered a bit--

The problem we're seeing is a failure during the initial SSL  
handshake, this is for IMAP over SSL (or, in that case, any  
"anonymous" connection)--
They seem to get into a retransmit loop right after the client sends  
the Change Cipher Spec message.

I didn't see it with any other client OS, and by that, I mean, if I  
saw a timeout, the retransmit worked correctly and the handshake was  
able to continue.

cc

-- 
Chris Chen <[email protected]>
UNIX Systems Administrator
Office of Information Technologies
Portland State University


Quoting Jay Faulkner <[email protected]>:

>> -----Original Message-----
>> From: [email protected] [mailto:lvs-users-
>> [email protected]] On Behalf Of Chris Chen
>> Sent: Monday, August 09, 2010 12:37 PM
>> To: LinuxVirtualServer.org users mailing list.; Brent Jensen
>> Subject: Re: [lvs-users] Firewall on LVS NAT
>>
>> Do you see this behavior with LVS-DR as well? I've got a few -DR directors
>> running RHEL4 and RHEL5 that are causing all sorts of trouble with windows 7
>> hosts, and ACK FIN/ACK RST with SSL handshakes--these problems seem to
>> go away in testing with LVS-NAT, but if you're having trouble with NAT in
>> production, part of me is wondering if we're heading down another dark
>> path...
>>
>
> The real key to LVS-NAT is to *not* run NAT rules on /any/ traffic  
> that travels through LVS. That will avoid any bug I've ever  
> encountered. If you must, then just run the NFCT patch.
>
> What are your problems with LVS-DR? Are there bugs filed, etc? I'm  
> sure if there's a sysstemic problem that the devs will want to  
> resolve it asap.
>
>
> Jason Faulkner
> Linux Engineer, Rackspace Email & Apps
> [email protected]
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - [email protected]
> Send requests to [email protected]
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
>





_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - [email protected]
Send requests to [email protected]
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

Reply via email to