Hello!
I have two read only mysql servers behind a haproxy.
client: public IP
haproxy: public IP/private for mysql
mysql: private IP
All involved machines run Linux 3.2
A small number of servers use them.
The whole setup is not yet in production.
When in production (with just one server of the small set using them), after a
while (hours?), the mysql servers stop ACKing.
Other servers get their ACK, and work as expected.
haproxy and mysql have iptables/firewall rules.
haproxy as std in this situation.
/sbin/iptables -t mangle -N DIVERT
/sbin/iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
/sbin/iptables -t mangle -A DIVERT -j MARK --set-mark 1
/sbin/iptables -t mangle -A DIVERT -j ACCEPT
/sbin/ip rule add fwmark 1 lookup 100
/sbin/ip route add local 0.0.0.0/0 dev lo table 100
mysql marks all packages with a private source address, sends them using eth1 to
haproxy.
/sbin/iptables -A OUTPUT -o eth0 -t mangle -p tcp -s $(/sbin/ip route | awk
'/eth1/ {print $9 }') -j MARK --set-mark 1
/sbin/ip rule add fwmark 1 table 100
/sbin/ip route add default via 172.16.137.142 dev eth1 table 100
No conntrack of any kind (needed?).
Does not seem a haproxy issue, though perhaps some of you had seen it before,
and know what I am overlooking here.
Thanks in advance,
Gerardo Malazdrewicz
