I have been analysing the tcpdump a between 1.4 and 1.5. The main difference I see on the response that haproxy send back to the GSS is the TCP Segment Length.
In 1.4 the TCP Segment Length is 0. In 1.5 the TCP Segment Length is 477. Is anyone aware of any changes in haproxy between 1.4 and 1.4 around this area or who/how this segment length is controlled? Thanks. On Thu, 18 Aug 2016 at 12:10, Jay Modha <[email protected]> wrote: > Hi Lukas, > > Many thanks for your reply. > > I have taken a tcpdump from the 1.5 and 1.4 > > When I look at the 1.5 tcpdump in wireshark, I see a whole bunch of [TCP > Retransmission] messages, followed by [TCP Spurious Retransmission] > messages followed by [TCP Dupe ACK] messages. > > I don't see any of those messages in the 1.4 tcpdump. > > I did try your suggestion of using http-tunnel and this makes the GSS > keepalive detect the haproxy node however, under heavy load the keepalive > stops seeing the haproxy as being alive and takes it out of the A records > ultimately resulting in an UnknownHostException for our clients. > > It's worth pointing out also that in our defaults section in our config > (both in 1.4 and 1.5) we have set explicitly "option http-server-close" > > In 1.4 we don't set the the http tunnel option in the front/back end and > the GSS still works fine with the keepalive probes. > On Tue, 16 Aug 2016 at 18:01, Lukas Tribus <[email protected]> wrote: > >> Hi Jay, >> >> >> Am 16.08.2016 um 17:20 schrieb Jay Modha: >> > We are in the process of upgrading to 1.5.x however when we deploy our >> > app using 1.5.8 the GSS keepalive no longer detects any nodes as being >> > alive and ultimately results in DNS error when some tries to access >> > the application via the DNS. >> >> tcpdump both the working 1.4 keepalive and the non-working 1.5 >> keepalive. The 2 network captures will show whats happening. >> >> >> The major change between 1.4 and 1.5 is the default http-mode. Unless >> explicitly configured, keep-alive is now enabled on 1.5. If GSS (and/or >> your backend) is buggy that may cause issues. Configure "option >> http-tunnel" [1] in the default section to return the 1.4 default, which >> is tunnel mode. >> >> >> Regarding the upgrade per-se, I would recommend evaluating 1.6.8 instead >> - there are no open issue in the 1.6 stable branch and it would will be >> supported for a longer time. Also see Willy's announcement [2]. It has >> nothing to do with your problem though. >> >> >> Regards, >> Lukas >> >> >> [1] >> >> http://cbonte.github.io/haproxy-dconv/1.5/configuration.html#option%20http-tunnel >> [2] https://www.mail-archive.com/[email protected]/msg23513.html >> >
