Willy, The issue still persists. Not sure what am I missing.
-Rahul N. On Friday, August 10, 2012, Rahul Nair <[email protected]> wrote: > Willy, > I have upgraded the Linux kernel to and haproxy to 1.4.18 and kernel to 2.6.38-15-server > Will monitor it for few days and will let you know the updates. > -Rahul N. > > On Fri, Aug 10, 2012 at 2:04 AM, Willy Tarreau <[email protected]> wrote: >> >> On Thu, Aug 09, 2012 at 11:54:08PM +0530, Rahul Nair wrote: >> > Willy, >> > >> > >From your description, it could be an issue with some connection >> > tracking somewhere caused by excess of source addr:ports. >> > >> > Ohh ok.. >> > Also I just found that as per the documentation in this link , it says that >> > "it can cause problems when IP connection tracking is enabled on the >> > machine, because a same connection may be seen twice with different states". >> > Does this mean that I need to disable the nf_conntrack module by adding >> > "net.netfilter.nf_conntrack_acct = 0" to "/etc/sysctl.conf" ? >> >> You can't disable nf_conntrack using a sysctl. You need to unload the >> module itself. It's not nf_conntrack_acct but nf_conntrack. >> >> > Bu default this module seems to be enabled. >> > cat /proc/sys/net/netfilter/nf_conntrack_acct >> > 1 >> > >> > Following are the answers to your questions: >> > >> > What's your haproxy version and kernel version ? >> > >> > - HA-Proxy version: 1.4.8 2010/06/16 >> >> Be careful, this is quite outdated ! 2 years of fixes have been merged >> since : >> $ git log --pretty=oneline v1.4.8..|grep -c BUG >> 72 >> >> => Your version has 72 bugs that have already been fixed now. >> I don't remember of any affecting transparent proxying though, but >> when you fix the issue you'd be advised to update it. >> >> > - Kernel Version: 2.6.32-24-server >> > - OS: Ubuntu 10.04 >> >> You should also check that your kernel is up to date, as what you're >> observing might as well simply be a kernel bug. >> >> > Are you sure all your servers route back through your haproxy box ? >> > >> > - Yes the default gateway of all the real servers is HAProxy server. >> > - On real servers I have multiple IPs of two different networks >> > - One which we use for communication between HAproxy server and Real >> > servers. >> > - And One which is used by the real servers to communicate with our >> > internal application servers >> >> OK. >> >> > Did you test only from one source machine or did you have many clients ? >> > >> > - This issue occurs intermittently from one or two different source IPs >> > - At the same time when I check the functionality from another source >> > IP, it works fine. >> >> Fine, then it really makes me think about a conntrack issue. Also, you >> should ensure that your client never directly talks to the server without >> passing via haproxy (which I can imagine you do during your tests when >> observing the issue). It only makes the problem worse with conntrack. >> >> Regards, >> Willy >> > > > > -- > -Rahul N. > IT Department > In2M Technologies Pvt Ltd. (Finicity) > Website: www.finicity.com/india > -- -Rahul N. IT Department In2M Technologies Pvt Ltd. (Finicity) Website: www.finicity.com/india
