Willy,
>From your description, it could be an issue with some connection
tracking somewhere caused by excess of source addr:ports.
Ohh ok..
Also I just found that as per the documentation in this link , it says that
"it can cause problems when IP connection tracking is enabled on the
machine, because a same connection may be seen twice with different states".
Does this mean that I need to disable the nf_conntrack module by adding
"net.netfilter.nf_conntrack_acct = 0" to "/etc/sysctl.conf" ?
Bu default this module seems to be enabled.
cat /proc/sys/net/netfilter/nf_conntrack_acct
1
Following are the answers to your questions:
What's your haproxy version and kernel version ?
- HA-Proxy version: 1.4.8 2010/06/16
- Kernel Version: 2.6.32-24-server
- OS: Ubuntu 10.04
Are you sure all your servers route back through your haproxy box ?
- Yes the default gateway of all the real servers is HAProxy server.
- On real servers I have multiple IPs of two different networks
- One which we use for communication between HAproxy server and Real
servers.
- And One which is used by the real servers to communicate with our
internal application servers
Did you test only from one source machine or did you have many clients ?
- This issue occurs intermittently from one or two different source IPs
- At the same time when I check the functionality from another source
IP, it works fine.
Thanks
Rahul N.
On Thu, Aug 9, 2012 at 10:56 PM, Willy Tarreau <[email protected]> wrote:
> Hello Rahul,
>
> On Thu, Aug 9, 2012 at 12:13 AM, Rahul Nair <[email protected]>
> wrote:
> > Guys,
> > I am in process of implementing HAProxy with TPROXY in our setup for
> "mode tcp".
> > All of a sudden the website stops working and gives out error in
> browser: "Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error."
> > When I remove/comment "source 0.0.0.0 usesrc clientip" the website
> starts working fine.
> > And later on when I again enable "source 0.0.0.0 usesrc clientip" it
> starts working fine, It seems that the issue is intermittent.
> > Please help me understand what exactly the problem could be.
> > Hardware configuration of HAProxy server:
> > RAM:256MB
> > Processor:Single core
> > Thanks,
> > Rahul N.
>
> From your description, it could be an issue with some connection tracking
> somewhere caused by excess of source addr:ports. But it could be many
> things.
> What's your haproxy version and kernel version ? Are you sure all your
> servers route back through your haproxy box ? Did you test only from one
> source machine or did you have many clients ?
>
> Willy
>
>
--
-Rahul N.
IT Department
In2M Technologies Pvt Ltd. (Finicity)
Website: www.finicity.com/india
