10-01-2009 10:58 PM
Hi
Please can you tell me what is TCP splicing and how it works / helps.
I am having issue in HTTP redirect using CSM.
After my investigation I suspect the CSM takes age to reply SYN_ACK for SYN packets because of that internmittently redirect is not working.
I hope some one should have had the same issue, can you please share with how to fix this?
Thanks
10-02-2009 03:43 AM
TCP Splicing is explained here :
http://www.linuxvirtualserver.org/software/tcpsp/index.html
But it is not related to your issue.
Do you have a sniffer trace showing the problem ?
The only reason for the CSM not to respond immediately to a SYN is if it is overloaded.
It could also be because the SYN is dropped in the network.
Several 'show mod csm x tech' should show if the box is overloaded. Check counter with words like fifo, overflow, ...full.
Gilles.
10-02-2009 03:59 AM
Hi - Thanks for your reply.
I have attached the sniff traffic (Public IP is hidden)...
when ever I get the page time out.. I am seeing a firewall (Nokia) log saying
"tcp packet out of state first packet isn't syn tcp_flags syn-ack"
At the same time I can see on the CSM Conns = 1 under Vserver
#######################################################
sh module csm 3 vservers name MY_WEB-RD detail
MY_WEB-RD, type = SLB, state = OPERATIONAL, v_index = 52
virtual = 10.10.10.10/32:80 bidir, TCP, service = NONE, advertise = FALSE
idle = 3600, replicate csrp = none, vlan = ALL, pending = 30, layer 4
max parse len = 2000, persist rebalance = TRUE
ssl sticky offset = 0, length = 32
conns = 1, total conns = 574
current load = 2, transition count = 0
Default policy:
server farm = HTTP_REDIRECT, backup =
sticky: timer = 0, subnet = 0.0.0.0, group id = 0
Policy Tot matches Client pkts Server pkts
-----------------------------------------------------
(default) 556 868 343
######################################################
Please advice this CSM is on our core, how safe it is to run the tech-support on this? I am bit afraid to run tech-support....!!!
In addition to that... I have bypassed the Nokia firewall and I tried it works perfectly no drops at all.. But I have this issue only when I go through the Nokia Firewall...!!!
Thanks for your help in advance...
10-02-2009 04:07 AM
do you have active and standby firewall ?
Is it possible that the CSM response goes to the wrong firewall ?
I know nokia firewalls use multicast mac-address which the CSM does not like very much...is the csm directly connected to the firewall ? Could you put the MSFC in between and route between msfc and firewall ?
G.
10-02-2009 04:11 AM
well.. the CSM is in Bridge mode and MSFC routes all the traffic to NOKIA...!!
10-05-2009 11:35 PM
Hi All,
Any further lights on this for me to fix this...please?
Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: