Hi Alex,
See comments inserted below...
On Wednesday, 2016-02-24 at 04:09:20 PM, Alex Needham scribbled:
> Hi
>
> The scenario is;
>
> web server that we need to get a large file from, a pair of haproxy load
> balancers in front of it in a master/backup configuration, with keepalived
> and conntrackd for fun.
>
> If a failover of a master to backup of haproxy occurs would we expect to
> see the download interrupted or continue?
>
> i.e. is there a stateful failover?
No, I do not think so.
I am not sure... but I think you may be confusing TCP "connection state"
from a firewall point of view (that is, iptables and connection tracking
which is *relatively* simple) with TCP "session state" which involves
the "actual" endpoints, TCP sequence numbers, etc. from an operating
system's point of view.
A quick Google for
tcp connection migration
tcp connection hijacking
turned up
http://blog.nattyhacker.com/2013/07/transferable-tcp-connection.html
https://tools.ietf.org/html/draft-snoeren-tcp-migrate-00
http://sockmi.sourceforge.net/
https://en.wikipedia.org/wiki/TCP_sequence_prediction_attack
https://blog.docker.com/2015/11/dockercon-eu-2015-container-migration-tool/
http://criu.org/Main_Page
Hope this helps!
Cheers! :-)
Ben.
>
> debian 8
> keepalived 1.2.19
> haproxy 1.6.3
> conntrackd 1.4.2
>
> using vmacs on keepalived due to some funky arp limitation in our
> environment.
>
> If i have conntrackd running then the download stalls, if its not running
> the download gets interrupted.
>
> I feel as if i am missing something from the haproxy configuration that
> means the 2 instances are not sharing their state.
>
> configs are available, but its all pretty standard and follows the docs
>
--
Benjamin Lee mailto:[email protected]
Melbourne, Australia http://www.realthought.net
Linux / BSD / GNU tel:+61 4 16 BEN LEE
Open Source "invest in your world"
__________________________________________________________________________
Do not take life too seriously; you will never get out of it alive.
