Hi Lukas, On 05/15/14 20:12, Lukas Tribus wrote:
I can login in the SAP-Gui and a connection is established:May 15 10:10:54 ha1 haproxy[2294]: 128.130.YY.61:50947 [15/May/2014:10:10:54.680] router-zap router-12a 128.130.XXX.63:3299 1/30/86 3306 -- 0/0/0/0/0 0/0 and then the connection is dropped and I see an error in the GUI: May 15 10:12:04 ha1 haproxy[2294]: 128.130.YY.61:50948 [15/May/2014:10:10:54.789] router-zap router-12a 128.130.XXX.63:3299 1/0/69959 19629 sD 0/0/0/0/0 0/0sD means (from the docs [1]): The server did not send nor acknowledge any data for as long as the "timeout server" setting during the data phase. This is often caused by too short timeouts on L4 equipments before the server (firewalls, load-balancers, ...), as well as keep-alive sessions maintained between the client and the server expiring first on haproxy. Does the description ring any bell (firewall with short timeouts, etc)? Still, its strange, because "timeout server" is configured with 2 hours in your case.
Well strange thing is, that between HAproxy and the SAProuter box (windows machine) is no firewall or anything. Same subnet.
If the client connects directly to the SAProuter windows box, everything works as expected....
So I doubt that the issue behinde the SAProuter, but somewhere within HAproxy, or some config....
Can you: - post the output of ./haproxy -vv
root@ha1:~# haproxy -vv HA-Proxy version 1.5-dev24-8860dcd 2014/04/26 Copyright 2000-2014 Willy Tarreau <w...@1wt.eu> Build options : TARGET = linux2628 CPU = generic CC = gccCFLAGS = -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2
OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200 Encrypted password support via crypt(3): yes Built with zlib version : 1.2.8 Compression algorithms supported : identity, deflate, gzip Built with OpenSSL version : OpenSSL 1.0.1g 7 Apr 2014 Running on OpenSSL version : OpenSSL 1.0.1e 11 Feb 2013 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports prefer-server-ciphers : yes Built with PCRE version : 8.30 2012-02-04 PCRE library supports JIT : no (USE_PCRE_JIT not set)Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll.
- do a "show errors" [2] on the admin socket after a failure
Nothing shown here :( root@ha1:~# echo "show errors" | socat stdio /var/run/haproxy-admin.sock Total events captured on [16/May/2014:09:01:22.717] : 0 root@ha1:~#
- provide a tcpdump capture of the backend session (full packets with -s0, but mind proprietary and authentication data)
I have attached the dmp oftcpdump -s0 -w haproxy.backend.dmp host router-12a.zap.tuwien.ac.at or host router-12b.zap.tuwien.ac.at
Thanks Philipp -- ----------------------------------------------------------------------- DI Mag. Philipp Kolmann mail: kolm...@zid.tuwien.ac.at Technische Universitaet Wien web: www.zid.tuwien.ac.at Zentraler Informatikdienst (ZID) tel: +43(1)58801-42011 Wiedner Hauptstr. 8-10, A-1040 Wien DVR: 0005886 -----------------------------------------------------------------------
haproxy.backend.dmp.gz
Description: application/gzip