Thanks a lot Willy,
That was a great catch.
Till now no issues are seen, seems that the issue is fixed.
I will let the group know if I see any issues further.
-Rahul N.
On Thu, Aug 16, 2012 at 4:42 PM, Rahul Nair rahul.n...@finicity.com wrote:
Willy,
I have set send_redirects to zero in
Willy,
I have set send_redirects to zero in net.ipv4.conf.*. on HAProxy server.
I have tested this for more than 1 hour, the issue is not yet observed.
Few more tests are yet to be done, I will update you as soon as the testing
is done.
Baptiste,
Thanks for the help.
I will try using 2 Physical
On Mon, Aug 13, 2012 at 9:11 AM, Rahul Nair rahul.n...@finicity.com wrote:
Hi,
I am using single NIC card and IPs of both the network (VIP Real servers
network) are configured on virtual ethernet adapters (eth0:0 eth0:1).
Ip_forward is enabled on the HAProxy server.
Thanks
Rahul N.
Hi,
Hi,
On Wed, Aug 15, 2012 at 10:33:18AM +0200, Baptiste wrote:
On Mon, Aug 13, 2012 at 9:11 AM, Rahul Nair rahul.n...@finicity.com wrote:
Hi,
I am using single NIC card and IPs of both the network (VIP Real servers
network) are configured on virtual ethernet adapters (eth0:0 eth0:1).
Hi,
Are you using 2 NICs or a single one?
Have you enable ip_forward on the HAProxy box?
cheers
Hi,
I am using single NIC card and IPs of both the network (VIP Real servers
network) are configured on virtual ethernet adapters (eth0:0 eth0:1).
Ip_forward is enabled on the HAProxy server.
Thanks
Rahul N.
On Monday, August 13, 2012, Baptiste bed...@gmail.com wrote:
Hi,
Are you using 2
Group,
I investigated further on this.
The default value of net.ipv4.conf.eth0.rp_filter is 1
Which means that Reverse Path filter is in Strict mode i.e Each incoming
packet is tested against the FIB and if the interface is not the best
reverse path the packet check will fail.By default failed
Group,
Any advise on this?
-Rahul N.
On Saturday, August 11, 2012, Rahul Nair rahul.n...@finicity.com wrote:
By default net.ipv4.conf.eth0.rp_filter is 1 which means IP spoofing
protection is enabled (source route verification is turned on)
As far as I understand, TPROXY spoofs outgoing
Willy,
Following are the information I could gather:
As per this link http://www.snapt-ui.com/haproxy/snapt-haproxy-and-tproxy/ we
need to add following sysctl parameters.
#Reverse Path Filtering: Basically, if the reply to a packet wouldn't go
out the interface this packet came in, then this
By default net.ipv4.conf.eth0.rp_filter is 1 which means IP spoofing
protection is enabled (source route verification is turned on)
As far as I understand, TPROXY spoofs outgoing connections using the
client's IP address.
But since all the IPs are configured on same physical adapter, not sure if
Group,
Any clues on this issue..?
Thanks
Rahul N.
On Thursday, August 9, 2012, Rahul Nair rahul.n...@finicity.com wrote:
Hello All,
Please help me on this issue.
Thanks,
Rahul N.
On Thu, Aug 9, 2012 at 12:13 AM, Rahul Nair rahul.n...@finicity.com
wrote:
Guys,
I am in process of
Hello Rahul,
On Thu, Aug 9, 2012 at 12:13 AM, Rahul Nair rahul.n...@finicity.com wrote:
Guys,
I am in process of implementing HAProxy with TPROXY in our setup for mode
tcp.
All of a sudden the website stops working and gives out error in browser:
Error 107 (net::ERR_SSL_PROTOCOL_ERROR):
Willy,
From your description, it could be an issue with some connection
tracking somewhere caused by excess of source addr:ports.
Ohh ok..
Also I just found that as per the documentation in this link , it says that
it can cause problems when IP connection tracking is enabled on the
machine,
Willy,
I have upgraded the Linux kernel to and haproxy to 1.4.18 and kernel
to 2.6.38-15-server
Will monitor it for few days and will let you know the updates.
-Rahul N.
On Fri, Aug 10, 2012 at 2:04 AM, Willy Tarreau w...@1wt.eu wrote:
On Thu, Aug 09, 2012 at 11:54:08PM +0530, Rahul Nair
Willy,
The issue still persists.
Not sure what am I missing.
-Rahul N.
On Friday, August 10, 2012, Rahul Nair rahul.n...@finicity.com wrote:
Willy,
I have upgraded the Linux kernel to and haproxy to 1.4.18 and kernel
to 2.6.38-15-server
Will monitor it for few days and will let you know the
15 matches
Mail list logo