/ Zope / Apsis / Pound Mailing List / Archive / 2006 / 2006-08 / OpenBSD 3.9 Pound 2.1 small question

[ << ] [ >> ]

[ Need help with Client Certificate Validation ... ] [ Enhanvements / Robert Segall ... ]

OpenBSD 3.9 Pound 2.1 small question
Simon Slaytor <sslaytor(at)iom.com>
2006-08-17 14:19:06 [ FULL ]
Hi Folks,

I wonder if anyone can point me in the right direction.

I have an OpenBSD 3.9 (Release) box on which I have successfully 
installed OpenSSL 9.8 and Pound 2.1 and Pound 1.10. Behind the Pound box 
are two IIS6 web servers that I want to load balance / session track 
against.

Ok so the problem I have is this when running v1.10 with its own config 
files etc everything works a treat, client A connects to server1 client 
B connects to server2, client C to server 1 etc.

No when I move to v2.1 Clients A/B/C all connect to Server1, nothing 
ever connects to server2.

When I tried v2.0 previously I saw the same behavior.

Any ideas where I have gone wrong?

Below is my pound 2.1 cfg file

User "nobody"
Group "nobody"
Daemon 1
LogFacility user
LogLevel 2
Alive 30

ListenHTTP
            Address 10.190.10.89
            Port    80

            Service

                BackEnd
                    Address 10.190.10.70    <--- IIS Server1
                    Port    80
                End

                BackEnd
                    Address 10.190.10.71    <--- IIS Server2
                    Port    80
                End

                Session
                    Type  IP
                    TTL  300
                End

            End
End

Below is the corresponding v1 cfg file that works

ListenHTTP      10.190.10.89,80
User            nobody
Group           nobody
LogFacility     user
LogLevel        2
Alive           30
Client          10

UrlGroup        ".*"
BackEnd         10.190.10.70,80,1
BackEnd         10.190.10.71,80,1
Session         IP      300
EndGroup

Re: [Pound Mailing List] OpenBSD 3.9 Pound 2.1 small question
Robert Segall <roseg(at)apsis.ch>
2006-08-17 14:40:23 [ FULL ]
On Thu, 2006-08-17 at 13:19 +0100, Simon Slaytor wrote:[...]

Try removing the Session from your 2.1 config and see if it helps, as it
should go to random distribution. Otherwise the behaviour should be
identical - Session IP uses a hash of the client address to select the
back-end.[...]

Re: [Pound Mailing List] OpenBSD 3.9 Pound 2.1 small question
Simon Slaytor <sslaytor(at)iom.com>
2006-08-17 16:53:16 [ FULL ]
Hi Robert,

Thanks for that yes, removing the 'Session' tag works, both backend 
servers are now used.

Unfortunately I need to track sessions, the backend servers will be 
running an ASP.NET app, a financial calculation engine. As such a client 
PC will request a session, submit parameters for a quote, retrieve the 
quote results etc, etc. Unfortunately I'm not the programmer of the App 
so cannot dictate they code it to cope with multiple backend requesters etc.

Any idea how to solve this as v1.10 appears to work well. This initial 
deployment is for 'internal' applications, however the plan is to use 
this approach and provide an Internet SOAP interface to the ASP.NET app, 
this link being secured with SSL server certificates. I had planned on 
using Pound as the SSL offload engine as well as a LoadBalancer. All 
doable in v1.10 I know but I'd prefer to keep pace with the latest 
developments.

Failing this is there any reason not to go with the v1.10 release for 
this project?

Many thanks

Simon


Robert Segall wrote:[...][...][...]
Attachments:  
text.html text/html 2482 Bytes

Re: [Pound Mailing List] OpenBSD 3.9 Pound 2.1 small question
Robert Segall <roseg(at)apsis.ch>
2006-08-17 18:07:10 [ FULL ]
On Thu, 2006-08-17 at 15:53 +0100, Simon Slaytor wrote:[...]

Good - so basic load-balancing is OK.
[...]

You don't need to. The suggestion to remove Session was just for
testing, to make sure that Pound recognises both back-ends.

The IP sessions are equivalent to the old "sticky" sessions: an IP
address is always mapped to the same back-end. It may well be that in
your test you used two clients from the same IP address (possibly via
NAT) and thus both were sent to the same back-end. Try the same with
more clients, from various addresses, and you should see them
distributed correctly.

Even better: if at all possible use some other kind of session
mechanism, such as COOKIE or PARM.
[...]

1.x is no longer updated - all fixes go into the 2.x series. 1.10 should
be "more or less" OK, so for the moment it should be usable, but there
are no guarantees for the future.[...]

Re: [Pound Mailing List] OpenBSD 3.9 Pound 2.1 small question
Simon Slaytor <sslaytor(at)iom.com>
2006-08-17 22:05:07 [ FULL ]
Hi Robert,

Thanks for the reply, sorry I now see what your saying re session's.

I'd hoped to use IP session tracking as again it requires nothing from 
the programmers.

The 'clients' from which I have been testing and those the 'production' 
system will be used with all exist on the same class B network (10.190) 
as the pound box itself so no NAT issues.

Specifically 10.190.66.66 / 10.190.70.70 / 10.190.70.77 from these three 
clients I'm always connected to Server 1 when running v2.1, as 
previously stated using v1 I get evenly distributed. I have just tried 
connecting to v2.1 from the following 'remote routed' hosts 
172.16.10.5/24 and 192.168.1.181/24 all five hosts connect to server1.

Any suggestions what to look at next.

Again many thanks for taking the time to reply.

Regards

Simon

Robert Segall wrote:[...][...][...][...][...][...][...]

Re: [Pound Mailing List] OpenBSD 3.9 Pound 2.1 small question
Robert Segall <roseg(at)apsis.ch>
2006-08-18 11:11:59 [ FULL ]
On Thu, 2006-08-17 at 21:05 +0100, Simon Slaytor wrote:[...]

The other session types also require nothing - they use existing
mechanisms.
[...]

Sounds like a real problem. If you could check on what Pound thinks
about the client address (file svc.c, function get_backend(), print out
the contents of from_host) it would be really helpful to try and see
what exactly goes wrong.[...]

Re: [Pound Mailing List] OpenBSD 3.9 Pound 2.1 small question
Simon Slaytor <sslaytor(at)iom.com>
2006-08-18 12:53:43 [ FULL ]
Hi Robert,

Ok, I'm no programmer so forgive me if this is wrong.

I've added the following line to the SESS_IP section in svc.c, 
immediately following the pri = 0; line.

printf("Host: %d\n",from_host);

I've also added the following line, immediately before the break; statement.

printf("Backend %d\n",res);

I've then set pound to not run as a daemon.

Ok the the following is the output I get.

When connecting from host 10.190.66.66

Host: 1111670282
Backend -1957071616

When connecting from host 10.190.70.70

Host: 1179041290
Backend -1957071616

As a matter of interest I also added the latter printf statement just 
prior to the break; in the SESS_NONE section.

When running with 'no sessions' I get the following output:

Backend -2029771520   <- client connects to server 1
Backend -2029771008   <-client connects to server 2

The sequence is obviously random.

I hope thats what your after, if not treat me as an idiot and tell me 
what you want.

Many thanks

Simon


Robert Segall wrote:[...][...][...][...][...]
Attachments:  
text.html text/html 2914 Bytes

Re: [Pound Mailing List] OpenBSD 3.9 Pound 2.1 small question
Robert Segall <roseg(at)apsis.ch>
2006-08-21 17:53:24 [ FULL ]
On Fri, 2006-08-18 at 11:53 +0100, Simon Slaytor wrote:[...]

from_host is structure. Try printing out addr instead, as it contains
just the information you want. Ideally use inet_ntoa for a
human-readable string.
[...]

res is a pointer to a structure, but the results are good enough.
[...]

That is almost what we need. If you could change the printing of
from_host as described above it would be very helpful, if you could also
show the value of pri it would be even better. The code would look a bit
like this:

    case SESS_IP:
        /* "sticky" mappings */
fprintf(stderr, "from_host: %s\n", inet_ntoa(&from_host));
        addr = from_host.s_addr;
        pri = 0;
        while(addr) {
            pri = (pri << 3) ^ (addr & 0xff);
            addr = (addr >> 8);
        }
fprintf(stderr, "pri: %d\n", pri & 0xffff);
        res = rand_backend(svc->backends, (pri & 0xffff)
%svc->tot_pri);
fprintf(stderr, "backend %ld\n",res);
        break;

I sincerely hope you don't think this is idiot-like treatment - we are
certainly interested in your feedback and we would like to fix the bug
rather than insult people.[...]

Re: [Pound Mailing List] OpenBSD 3.9 Pound 2.1 small question
Simon Slaytor <sslaytor(at)iom.com>
2006-08-21 22:07:33 [ FULL ]
Hi Robert,

Thanks again for the time, I will make the changes tomorrow and resubmit 
the results.

Not for one minute have I been made to feel like an idiot, you miss 
understand my turn of phrase, I was just trying to say that I'm no 
programmer so you might need to spell things out a little more for me.

Regards

Simon


Robert Segall wrote:[...][...][...][...][...][...][...]

Re: [Pound Mailing List] OpenBSD 3.9 Pound 2.1 small question
Simon Slaytor <sslaytor(at)iom.com>
2006-08-22 10:17:32 [ FULL ]
Hi Robert,

Ok I've made those changes, I now get the following output:

# ./pound -f /etc/pound21-dev.cfg

 From Host: 10.190.70.70
pri: 14838
Backend : 2081694976

 From Host: 10.190.66.66
pri: 14802
Backend : 2081694976

 From Host: 10.190.70.70
pri: 14838
Backend : 2081694976

 From Host: 10.190.66.66
pri: 14802
Backend : 2081694976

Hope that helps.

Many thanks

Simon


Robert Segall wrote:[...][...][...][...][...][...][...]
Attachments:  
text.html text/html 3274 Bytes

Re: [Pound Mailing List] OpenBSD 3.9 Pound 2.1 small question
Robert Segall <roseg(at)apsis.ch>
2006-08-22 18:39:55 [ FULL ]
On Tue, 2006-08-22 at 09:17 +0100, Simon Slaytor wrote:[...]

I assume this is the config file with Session IP.
[...]

It certainly does. What we have here is two clients who just happen to
hash to the same back-end, which, given you have only two back-ends, is
not really that surprising. The values you show are perfectly normal and
Session IP would work fine.

To test it: try connecting from a client with an odd network address
(10.190.70.71 would be a good candidate) and/or play with the priorities
of the two back-ends (4 and 3 to make a prime number for tot_pri).
[...]

You're welcome. Thanks for your effort.[...]

MailBoxer