Hi Laura,
Thank you for the feedback. Digging a little bit, I found this:
root@VMWZLB003:~# cat /sys/module/xt_recent/parameters/ip_list_tot
100
If indeed the max memorized IP was 100, it does explain why we have had
so many troubles with L4 farm with peristence.
Unfortunately, the application is a very critical one and I cannot make
disruption again, so while it's running happily again on a PEN farm, I
wont change it.
Thanks for the fix anyway, i'll store this info somewhere. (hopefully it
will be integrated in next release - or be a global parameters definable
via the GUI?)
Regards,
tibz
On 03/03/2014 20:03, Laura Garcia wrote:
Hi, please set this line in /etc/modules and reboot the ZLB:
xt_recent ip_list_tot=4000
Regards.
On Fri, Feb 28, 2014 at 11:18 AM, tibz <[email protected]
<mailto:[email protected]>> wrote:
Well like usual, murphy law apply and I cannot reproduce the
problem...
The only difference is that yesterday this farm was production
with 600 clients, and today i'm alone.
I still believe the IP Persistance in L4 farm is not reliable. I'm
200% sure my timeout was 4h yesterday when my session disappeared
quickly. Moreover, we have a lot of issues with our clients being
kicked out of the application when using this type of farm. (the
error was about session, so client was auth on a backend and
suddenly forwarded to another backend by ZLB).
I switched back to PEN TCP farm with IP persistence and it's
working perfectly. Could there be a bug with the IP persistance of
L4 farm, like it cannot memorize so much IP? In my PEN farm I see
around 600 clients (differents IP), but with the L4 farm, on the
file /proc/net/xt_recent/ there were only about 100-200 different
IPs. That would explain why we had so much problem, if it was not
memorizing all IPs or forgetting some of them very quickly ...
Thanks
tibz
ps: I read in another thread that you consider to obselete PEN,
please do not (yet :-))
ps2: If you wonder why we were happily using PEN and switched to
L4, it's because we started having issue with PEN after several
months. I had configured max 2000 IPs in persistance with a
timeout of 3600s. When 2000 is reached, ccording to PEN's doc, it
should delete the oldest/least used connection to make some room
for new connections. But it doesnt seems to work correctly as
client were randomly switched to another backend (like PEN was not
deleting the unused entry but some random entry amongst the 2000)
On 27/02/2014 21:29, tibz wrote:
HI Laura,
Thank you for your answser. When I did my test, the persistance
was configured to 14400s (4h - same timeout as on the http backend).
But still, after I closed my browser (and then no more connection
was made from my laptop), my session disappeared from
/proc/net/xt_recent/ in about 1min max. So I believe it's not right.
What you explain is what I was expecting, and i've checked now
the content of the /proc/net/xt_recent/ and I still see plenty of
session despite no one is in the office anymore. So it seems to
work "most of the time", but not always as like I explained, my
session during my test disappeared much quicker than the timeout.
I'll run some more tests tomorrow if possible and i'll update you.
Cheers,
tibz
On 27/02/2014 17:49, Laura Garcia wrote:
Hi again, the persistence will remain until the time specified
in the farm option:
*Source IP Address Persistence time to limit **in secs, only for
IP persistence*.
*
which by default is 140 secs. So it's the right behavior. In
order to work around your problem, you could increase that
timeout at the same value as the HTTP persistence is set in your
real servers/web application.
The L4 farm has nothing to do with your browser so the behavior
will be the same and the persistence will wait until the timeout
although the user has logged out from the web application.
On Thu, Feb 27, 2014 at 10:56 AM, tibz <[email protected]
<mailto:[email protected]>> wrote:
Hi again,
I just did a test. Connected to the farm, then I can find an
entry for my laptop IP in the file in /proc/net/xt_recent/ :
192.168.161.191....................................jeudi 27
février 2014, 10:44:16 (UTC+0100)
(I used a script found there, if someone is interested:
http://forums.fedoraforum.org/showthread.php?t=224461)
I just closed my browser, and then in around 30s to 1min, my
entry is gone. So apparently when the TCP session is gone,
the entry is gone and the persistence is lost. Is this
expected or do I misunderstand something?
I was expecting that the persistence should be kept,
regardless of the current active session, at least as long
as the TTL is not over. So here normally when I close my
browser, the TTL should start counting from 3600 to 0 and
then only my persistence should be erased.
Thanks
tibz
On 27/02/2014 10:34, tibz wrote:
Hi Laura,
Thanks for the information.
I was wondering because we are having issues with a web
application since we switched to a L4 farm. It "seems" some
users are switched to the other backend before the end of
the persistence, and therefore they loose their session and
get disconnected from the application. We are waiting for
the provider to help troubleshooting these errors, but so
far when we run with only one backend, we see far less
disconnection error (though there are still a few).
A last question, I've found that the recent information are
stored under /proc/net/xt_recent/ but I wonder if the files
(and therefore the persistence) is cleared when the farm is
restarted, or does it stay? In another way: can I restart a
L4 farm without loosing the persistence?
Thanks
On 25/02/2014 20:49, Laura Garcia wrote:
Hi, yes the L4 farm should behave like the TCP farm in
that subject.
By other hand, you're absolutely right regarding the TTL
field and the farm is not reloaded automatically. This is
a bug and will be fixed in the next release. Good catch!
Thank you.
On Fri, Feb 21, 2014 at 11:44 AM, tibz <[email protected]
<mailto:[email protected]>> wrote:
Hello,
Can someone please confirm that it works as in TCP
Farm with PEN, so
it's the inactivity timeout and not the max session
length ? (ie: 3600s
means 1h with no traffic before we remove the persitence)
Also a little feature enhancement, when a L4 farm is
started and you
change the persistence time, it says "The sessions TTL
for ZLB-ULG farm
has been modified." but it's NOT applied, it's just
written in the
config file.
It would be worth mentionning next to this message
that a restart of the
farm is needed...
Thanks
tibz
------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid
Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
_______________________________________________
Zenloadbalancer-support mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
------------------------------------------------------------------------------
Flow-based real-time traffic analytics software. Cisco certified tool.
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
Customize your own dashboards, set traffic alerts and generate reports.
Network behavioral analysis & security monitoring. All-in-one tool.
http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
_______________________________________________
Zenloadbalancer-support mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
------------------------------------------------------------------------------
Flow-based real-time traffic analytics software. Cisco certified tool.
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
Customize your own dashboards, set traffic alerts and generate reports.
Network behavioral analysis & security monitoring. All-in-one tool.
http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
_______________________________________________
Zenloadbalancer-support mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
------------------------------------------------------------------------------
Flow-based real-time traffic analytics software. Cisco
certified tool.
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow
Analyzer
Customize your own dashboards, set traffic alerts and
generate reports.
Network behavioral analysis & security monitoring.
All-in-one tool.
http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
_______________________________________________
Zenloadbalancer-support mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
------------------------------------------------------------------------------
Flow-based real-time traffic analytics software. Cisco certified tool.
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
Customize your own dashboards, set traffic alerts and generate reports.
Network behavioral analysis & security monitoring. All-in-one tool.
http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
_______________________________________________
Zenloadbalancer-support mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
------------------------------------------------------------------------------
Flow-based real-time traffic analytics software. Cisco certified tool.
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
Customize your own dashboards, set traffic alerts and generate reports.
Network behavioral analysis & security monitoring. All-in-one tool.
http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
_______________________________________________
Zenloadbalancer-support mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
------------------------------------------------------------------------------
Flow-based real-time traffic analytics software. Cisco certified tool.
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
Customize your own dashboards, set traffic alerts and generate
reports.
Network behavioral analysis & security monitoring. All-in-one tool.
http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
_______________________________________________
Zenloadbalancer-support mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
------------------------------------------------------------------------------
Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
With Perforce, you get hassle-free workflows. Merge that actually works.
Faster operations. Version large binaries. Built-in WAN optimization and the
freedom to use Git, Perforce or both. Make the move to Perforce.
http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
_______________________________________________
Zenloadbalancer-support mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
------------------------------------------------------------------------------
Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
With Perforce, you get hassle-free workflows. Merge that actually works.
Faster operations. Version large binaries. Built-in WAN optimization and the
freedom to use Git, Perforce or both. Make the move to Perforce.
http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
_______________________________________________
Zenloadbalancer-support mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
