Re: [Zenloadbalancer-support] http farm - downlading files 2GB
found this on pound. 2GB limit is fixed in pound 2.6e apparently: *ANNOUNCE: Pound - reverse proxy and load balancer - v2.6e* Robert Segall roseg(at)apsis.ch*2011-04-25 11:16:44*[ FULL http://www.apsis.ch/pound/pound_list/archive/2011/2011-04/1302530799000/index_html?fullMode=1#1303723004000 ] This is to announce the release of Pound v2.6e. This is an experimental version - the fifth (and hopefully the last prior to the stable release) in the 2.6 series. Changes since version 2.6d: Bug fixes: - fixed problem in SNI certificate storage - changed long to long long for support of requests larger than 2GB The software is at version 2.6e (beta quality). Further testing (especially under heavy loads), improvements and suggestions are welcome.[...] Cordialement, Mathieu CHATEAU http://www.lotp.fr 2015-03-03 8:15 GMT+01:00 Mathieu Chateau mathieu.chat...@lotp.fr: Hello, On one of my website, i have a 18GB file. When downloading it, it always stop at 2GB. I use the last version of chrome, and for sure it can download files bigger than 2GB, which was a old limit If I do it directly on the web server (skipping zen) it works beyond 2GB In Zen load balancer, i guess it's the pound process which has the issue as it's a 32 bit binary? /usr/local/zenloadbalancer/app/pound/sbin# file pound pound: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, not stripped regards, Mathieu CHATEAU http://www.lotp.fr -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/___ Zenloadbalancer-support mailing list Zenloadbalancer-support@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
[Zenloadbalancer-support] http farm - downlading files 2GB
Hello, On one of my website, i have a 18GB file. When downloading it, it always stop at 2GB. I use the last version of chrome, and for sure it can download files bigger than 2GB, which was a old limit If I do it directly on the web server (skipping zen) it works beyond 2GB In Zen load balancer, i guess it's the pound process which has the issue as it's a 32 bit binary? /usr/local/zenloadbalancer/app/pound/sbin# file pound pound: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, not stripped regards, Mathieu CHATEAU http://www.lotp.fr -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/___ Zenloadbalancer-support mailing list Zenloadbalancer-support@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
Re: [Zenloadbalancer-support] Ghost
I sent the following message on 2/17 with no response. What are the remediation/patching steps to fix Ghost with Zen LB 3.03? regards, John On Tuesday, February 17, 2015 1:47 PM, Genoint G geno...@yahoo.com wrote: What are the remediation steps for Ghost on Zen Load Balancer version 3.03 and 2.0? I see that there is a patch released? I know 2.0 is quite old, if we need to we can upgrade. Regards, John -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/___ Zenloadbalancer-support mailing list Zenloadbalancer-support@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
Re: [Zenloadbalancer-support] Load Balancer on other WAN side not accessible
Juniper ScreenOS and JunOS both have commands to allow a gratuitous arp to update the local arp table on the device. By default this is disabled for security and left up to the admin to enable if needed. http://kb.juniper.net/InfoCenter/index?page=contentid=KB23573 http://kb.juniper.net/InfoCenter/index?page=contentid=KB16215 http://www.juniper.net/documentation/en_US/junos14.2/topics/usage-guidelines/interfaces-configuring-gratuitous-arp.html I've needed these commands for multiple HA environments where ScreenOS or JunOS is in use. Thanks, Cody On Mon, 2 Mar 2015 09:58:20 +0100, Emilio Campos emilio.campos.mar...@gmail.com wrote: Mathew /etc/rc.local is executed only when the server start not when the cluster switches. Please Roger try to use /usr/local/zenloadbalancer/config/zlb-start adding a script that run 4 icmp ping packet to your gw. It is added to the Enterprise Edition at the moment, it will be added in the next zen community edition. Regards 2015-03-02 8:57 GMT+01:00 Mathieu Chateau : Hello, I am new on zen, but maybe a continous ping can be added in /etc/rc.local or the start script in zen folder ? This may be a workaround waiting for the new feature Regards, Mathieu Chateau Envoyé de mon iPad Le 2 mars 2015 à 08:44, Roger Sikorski a écrit : Hello Emilio, thanks for you quick replay. Are there any plans when this property will be developed? Greetings Roger VON: Emilio Campos [mailto:emilio.campos.mar...@gmail.com [3]] GESENDET: Sonntag, 1. März 2015 22:38 AN: zenloadbalancer-support@lists.sourceforge.net [4] CC: Sazzad Hussein; Jonathan Aldred BETREFF: Re: [Zenloadbalancer-support] Load Balancer on other WAN side not accessible Hi, it is a know issue with some firewalls. Zen sends gratuitous arp packages to the broadcast when cluster switches to force the ARP table to be updated but some firewalls require a direct ICMP packet to update the ARP table, as you reported it is your case. We are going to develope this property 'send ping packets to the gw if the zen switches' for future releases. Thanks for your report. El 01/03/2015 22:11, Roger Sikorski escribió: Hello Emilio, yes Juniper is the gateway. I also forced the first After the connection to the load balancer is not more reachable from the other location, the LB2 switched automatically to LB1. I tried then a ping from both load balancer to the Gateway. The both pings was continuous possible. After the pings the we got an email from our monitoring system that the load balancer is from the other location again accessible. Between the first e-mail that the load balancer wasn’t reachable and now reachable is (1 minute later after the ping) are 43 minutes. I didn’t forced the second load balancer to switch to the first load balancer. This was tested with the option force the second load balancer as a master. I activated now the maintenance mode and will do the tests ask you asked and inform you. Greetings Roger VON: Emilio Campos [mailto:emilio.campos.mar...@gmail.com [6]] GESENDET: Montag, 23. Februar 2015 14:48 AN: zenloadbalancer-support@lists.sourceforge.net [7] CC: Sazzad Hussein; Jonathan Aldred BETREFF: Re: [Zenloadbalancer-support] Load Balancer on other WAN side not accessible Hi Roger, sorry for the late response, I have been checking your logs and I have detected your cluster service is switching, I would require you confirm that you problema appears when the cluster service switches so could you run some test forcing the master node to maintenance? Once you confirm you lose the access to the service from juniper ( I guess juniper is your gw), I would require you run ping from your active zen server (node2) to the gw (juniper), and confirm if one you run a continuous ping the problem is solved.. 2015-02-23 10:56 GMT+01:00 Roger Sikorski : Hello Emilio, did you found something out? I shut down the second load balancer (for the cluster) and we got no more notification from our monitoring system that the load balancer isn’t more reachable. Maybe that helps you. Greetings Roger Sikorski VON: Roger Sikorski [mailto:roger.sikor...@de.rr-icecream.eu [9]] GESENDET: Donnerstag, 19. Februar 2015 13:55 AN: zenloadbalancer-support@lists.sourceforge.net [10] CC: Sazzad Hussein; Jonathan Aldred BETREFF: Re: [Zenloadbalancer-support] Load Balancer on other WAN side not accessible Hello Emilio, did you found something out? Greetings Roger VON: Roger Sikorski [mailto:roger.sikor...@de.rr-icecream.eu [11]] GESENDET: Montag, 16. Februar 2015 09:46 AN: zenloadbalancer-support@lists.sourceforge.net [12] CC: Jonathan Aldred BETREFF: Re: [Zenloadbalancer-support] Load Balancer on other WAN side not accessible
Re: [Zenloadbalancer-support] Ghost vulnerability
Apologies - I'd asked this question a month ago, and Colin Waring kindly responded. I've been offline for awhile and didn't see that someone else had asked the same question. To summarize Colin's response, you need to patch your Debian platform to the LTS version., which is supported through Feb 2016. Instructions are available at https://wiki.debian.org/LTS/Using ...but as Colin notes, you also need to install the key for the LTS repository. Here are the steps I used, which worked well for me, and which are summarized from the document on debian.org. 1) Edit /etc/apt/sources.list Add these two lines: deb http://http.debian.net/debian/ squeeze-lts main contrib non-free deb-src http://http.debian.net/debian/ squeeze-lts main contrib non-free The security repositories that are already there are no longer needed, as the last point release for squeeze have been done, so remove them. So that in total /etc/apt/sources.list includes these lines: deb http://http.debian.net/debian/ squeeze main contrib non-free deb-src http://http.debian.net/debian/ squeeze main contrib non-free deb http://http.debian.net/debian squeeze-lts main contrib non-free deb-src http://http.debian.net/debian squeeze-lts main contrib non-free 2) If /etc/apt/apt.conf contains something like this: APT::Default-Release squeeze; then you must either comment it out, or replace it with: APT::Default-Release squeeze-lts; 3) Install the key for LTS: apt-get install debian-keyring debian-archive-keyring cd / Run apt-get update and apt-get upgrade -- Mike Watson WMC Information Services m mmwat...@wmcnet.orgmwat...@wyomingmedicalcenter.org 307-577-2028 -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/___ Zenloadbalancer-support mailing list Zenloadbalancer-support@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
Re: [Zenloadbalancer-support] Ghost
Great thanks. I will have a look. On Mar 2, 2015, at 12:26 PM, Colin Waring co...@dolphinict.co.uk wrote: It had already been discussed on the list which is presumably why you didn’t see a response. Just dig up the list archives and search for Ghost for emails from the beginning of Feb. You basically need to get your OS onto the LTS version of Debian and apt-get will do the patches for you. All the best, Colin Waring. From: Genoint G [mailto:geno...@yahoo.com] Sent: 02 March 2015 15:52 To: zenloadbalancer-support@lists.sourceforge.net Subject: Re: [Zenloadbalancer-support] Ghost I sent the following message on 2/17 with no response. What are the remediation/patching steps to fix Ghost with Zen LB 3.03? regards, John On Tuesday, February 17, 2015 1:47 PM, Genoint G geno...@yahoo.com wrote: What are the remediation steps for Ghost on Zen Load Balancer version 3.03 and 2.0? I see that there is a patch released? I know 2.0 is quite old, if we need to we can upgrade. Regards, John -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/___ Zenloadbalancer-support mailing list Zenloadbalancer-support@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
Re: [Zenloadbalancer-support] Load Balancer on other WAN side not accessible
Hello, I am new on zen, but maybe a continous ping can be added in /etc/rc.local or the start script in zen folder ? This may be a workaround waiting for the new feature Regards, Mathieu Chateau Envoyé de mon iPad Le 2 mars 2015 à 08:44, Roger Sikorski roger.sikor...@de.rr-icecream.eu a écrit : Hello Emilio, thanks for you quick replay. Are there any plans when this property will be developed? Greetings Roger *Von:* Emilio Campos [mailto:emilio.campos.mar...@gmail.com emilio.campos.mar...@gmail.com] *Gesendet:* Sonntag, 1. März 2015 22:38 *An:* zenloadbalancer-support@lists.sourceforge.net *Cc:* Sazzad Hussein; Jonathan Aldred *Betreff:* Re: [Zenloadbalancer-support] Load Balancer on other WAN side not accessible Hi, it is a know issue with some firewalls. Zen sends gratuitous arp packages to the broadcast when cluster switches to force the ARP table to be updated but some firewalls require a direct ICMP packet to update the ARP table, as you reported it is your case. We are going to develope this property 'send ping packets to the gw if the zen switches' for future releases. Thanks for your report. El 01/03/2015 22:11, Roger Sikorski roger.sikor...@de.rr-icecream.eu escribió: Hello Emilio, yes Juniper is the gateway. I also forced the first After the connection to the load balancer is not more reachable from the other location, the LB2 switched automatically to LB1. I tried then a ping from both load balancer to the Gateway. The both pings was continuous possible. After the pings the we got an email from our monitoring system that the load balancer is from the other location again accessible. Between the first e-mail that the load balancer wasn’t reachable and now reachable is (1 minute later after the ping) are 43 minutes. I didn’t forced the second load balancer to switch to the first load balancer. This was tested with the option force the second load balancer as a master. I activated now the maintenance mode and will do the tests ask you asked and inform you. Greetings Roger *Von:* Emilio Campos [mailto:emilio.campos.mar...@gmail.com] *Gesendet:* Montag, 23. Februar 2015 14:48 *An:* zenloadbalancer-support@lists.sourceforge.net *Cc:* Sazzad Hussein; Jonathan Aldred *Betreff:* Re: [Zenloadbalancer-support] Load Balancer on other WAN side not accessible Hi Roger, sorry for the late response, I have been checking your logs and I have detected your cluster service is switching, I would require you confirm that you problema appears when the cluster service switches so could you run some test forcing the master node to maintenance? Once you confirm you lose the access to the service from juniper ( I guess juniper is your gw), I would require you run ping from your active zen server (node2) to the gw (juniper), and confirm if one you run a continuous ping the problem is solved.. 2015-02-23 10:56 GMT+01:00 Roger Sikorski roger.sikor...@de.rr-icecream.eu : Hello Emilio, did you found something out? I shut down the second load balancer (for the cluster) and we got no more notification from our monitoring system that the load balancer isn’t more reachable. Maybe that helps you. Greetings Roger Sikorski *Von:* Roger Sikorski [mailto:roger.sikor...@de.rr-icecream.eu] *Gesendet:* Donnerstag, 19. Februar 2015 13:55 *An:* zenloadbalancer-support@lists.sourceforge.net *Cc:* Sazzad Hussein; Jonathan Aldred *Betreff:* Re: [Zenloadbalancer-support] Load Balancer on other WAN side not accessible Hello Emilio, did you found something out? Greetings Roger *Von:* Roger Sikorski [mailto:roger.sikor...@de.rr-icecream.eu roger.sikor...@de.rr-icecream.eu] *Gesendet:* Montag, 16. Februar 2015 09:46 *An:* zenloadbalancer-support@lists.sourceforge.net *Cc:* Jonathan Aldred *Betreff:* Re: [Zenloadbalancer-support] Load Balancer on other WAN side not accessible Hello, yes we are using a zen cluster. Cluster type is ,,LB1 or LB2” can be masters. Logs are directly send to you. Greetings Roger Sikorski *Von:* Emilio Campos [mailto:emilio.campos.mar...@gmail.com emilio.campos.mar...@gmail.com] *Gesendet:* Montag, 16. Februar 2015 09:15 *An:* zenloadbalancer-support@lists.sourceforge.net *Cc:* Jonathan Aldred *Betreff:* Re: [Zenloadbalancer-support] Load Balancer on other WAN side not accessible are you working with a zen cluster? anyway could you please attach logs? /usr/local/zenloadbalancer/logs/* /var/log/messages /var/log/syslog Make a ta.gz file and feel free to send me directly. Thanks! 2015-02-13 8:53 GMT+01:00 Roger Sikorski roger.sikor...@de.rr-icecream.eu: Hello, today morning we got messages from our monitoring systems on other factory location that the ZenLoad Balancer isn’t more reachable. In the local network the Load Balancer was accessible. We restarted for test purposes the Juniper firewall. The access from the other factory location was then possible. I attached a Wireshark
