On Sun, May 2, 2010 at 11:57 AM, Lars Marowsky-Bree <[email protected]> wrote:
> On 2010-04-26T16:35:31, Sam Tran <[email protected]> wrote:
>
>> primitive portblock_block ocf:heartbeat:portblock \
>> params protocol="tcp" ip="192.168.8.171" portno="636" action="block"
>> \
>> op monitor interval="10" timeout="10" depth="0"
>> primitive portblock_unblock ocf:heartbeat:portblock \
>> params protocol="tcp" ip="192.168.8.171" portno="636"
>> action="unblock" \
>> op monitor interval="10" timeout="10" depth="0"
>> tickle_dir="/tmp/tickle" sync_script="/usr/sbin/csync2 -xvr"
>> group ldap_cluster failover-ip1 email-notify portblock_block
>> portblock_unblock
>
> The group doesn't make a lot of sense, btw. The "portblock_block" can,
> in your scenario, either be omitted our should be the first resource
> (before the IP address).
>
> What's the content of the state files in tickle_dir?
>
> Have you tried running tickletcp manually to see if it generates packets
> on your system at all?
>
>
> run_tickle_tcp() in the script probably needs some debug info added ...
>
Hi Lars,
Here is the content of the single state file for the LDAPS TCP connection:
[...@info-ldap-015 ~]# cat /tmp/tickle/192.168.8.171
192.168.8.171:636 192.168.240.178:32913
I tried to run the tickle_tcp manually:
[...@info-ldap-015 ~]# cat /tmp/tickle/192.168.8.171 |
/usr/lib64/heartbeat/tickle_tcp -n 3
It did send three packets to the LDAP slave. But it didn't break the
existing TCP connection between the VIP and the slave. I have attached
the output of the packet capture in text format.
Thanks,
Sam
No. Time Source Destination Protocol Info
1 0.000000 192.168.8.171 192.168.240.178 TCP [TCP
Window Update] ldaps > 32913 [ACK] Seq=1 Ack=1 Win=1234 Len=0
Frame 1 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Vmware_b0:67:41 (00:50:56:b0:67:41), Dst: All-HSRP-routers_00
(00:00:0c:07:ac:00)
Internet Protocol, Src: 192.168.8.171 (192.168.8.171), Dst: 192.168.240.178
(192.168.240.178)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 40
Identification: 0xa38d (41869)
Flags: 0x00
Fragment offset: 0
Time to live: 255
Protocol: TCP (0x06)
Header checksum: 0x9a8a [correct]
Source: 192.168.8.171 (192.168.8.171)
Destination: 192.168.240.178 (192.168.240.178)
Transmission Control Protocol, Src Port: ldaps (636), Dst Port: 32913 (32913),
Seq: 1, Ack: 1, Len: 0
Source port: ldaps (636)
Destination port: 32913 (32913)
[Stream index: 0]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 1234
Checksum: 0xaa3d [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[TCP Analysis Flags]
[This is a tcp window update]
[Expert Info (Chat/Sequence): Window update]
[Message: Window update]
[Severity level: Chat]
[Group: Sequence]
No. Time Source Destination Protocol Info
2 0.000105 192.168.8.171 192.168.240.178 TCP [TCP
Dup ACK 1#1] ldaps > 32913 [ACK] Seq=1 Ack=1 Win=1234 Len=0
Frame 2 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Vmware_b0:67:41 (00:50:56:b0:67:41), Dst: All-HSRP-routers_00
(00:00:0c:07:ac:00)
Internet Protocol, Src: 192.168.8.171 (192.168.8.171), Dst: 192.168.240.178
(192.168.240.178)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 40
Identification: 0xa38e (41870)
Flags: 0x00
Fragment offset: 0
Time to live: 255
Protocol: TCP (0x06)
Header checksum: 0x9a89 [correct]
Source: 192.168.8.171 (192.168.8.171)
Destination: 192.168.240.178 (192.168.240.178)
Transmission Control Protocol, Src Port: ldaps (636), Dst Port: 32913 (32913),
Seq: 1, Ack: 1, Len: 0
Source port: ldaps (636)
Destination port: 32913 (32913)
[Stream index: 0]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 1234
Checksum: 0xaa3d [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[TCP Analysis Flags]
[This is a TCP duplicate ack]
[Duplicate ACK #: 1]
[Duplicate to the ACK in frame: 1]
[Expert Info (Note/Sequence): Duplicate ACK (#1)]
[Message: Duplicate ACK (#1)]
[Severity level: Note]
[Group: Sequence]
No. Time Source Destination Protocol Info
3 0.000138 192.168.8.171 192.168.240.178 TCP [TCP
Dup ACK 1#2] ldaps > 32913 [ACK] Seq=1 Ack=1 Win=1234 Len=0
Frame 3 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Vmware_b0:67:41 (00:50:56:b0:67:41), Dst: All-HSRP-routers_00
(00:00:0c:07:ac:00)
Internet Protocol, Src: 192.168.8.171 (192.168.8.171), Dst: 192.168.240.178
(192.168.240.178)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 40
Identification: 0xa38f (41871)
Flags: 0x00
Fragment offset: 0
Time to live: 255
Protocol: TCP (0x06)
Header checksum: 0x9a88 [correct]
Source: 192.168.8.171 (192.168.8.171)
Destination: 192.168.240.178 (192.168.240.178)
Transmission Control Protocol, Src Port: ldaps (636), Dst Port: 32913 (32913),
Seq: 1, Ack: 1, Len: 0
Source port: ldaps (636)
Destination port: 32913 (32913)
[Stream index: 0]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 1234
Checksum: 0xaa3d [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[TCP Analysis Flags]
[This is a TCP duplicate ack]
[Duplicate ACK #: 2]
[Duplicate to the ACK in frame: 1]
[Expert Info (Note/Sequence): Duplicate ACK (#2)]
[Message: Duplicate ACK (#2)]
[Severity level: Note]
[Group: Sequence]
_______________________________________________________
Linux-HA-Dev: [email protected]
http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
Home Page: http://linux-ha.org/
