Re: 回复: About the health check
Hi Zebra, I think it stops after the 3way because your configuration is not using any send/expect values, so after the connection is made its immediately done 'checking' the layer 7 part.. Something like this would be the proper way to use tcp-check: |option tcp-check tcp-check send PING\r\n tcp-check expect +PONG tcp-check send info\ replication\r\n tcp-check expect string role:master tcp-check send QUIT\r\n tcp-check expect string +OK| Have you tried removing that 'option tcp-check' from your configuration like i wrote before.? It should then default to a simple layer4 3way. Zebra schreef op 16-9-2014 3:53: Hi, PiBa-NL Thank you for your reply . But I used tcpdump and find the check only try to make one tcp three-way handshake and even the packet for tcp ACK will not send. This is the result : root@ubuntuforhaproxy:/home# tcpdump -lnvvvXei eth0 tcp port 22 and src 192.168.10.95 or dst 192.168.10.95 tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 01:52:21.188205 fa:16:3e:29:d8:8e fa:16:3e:05:d6:dd, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 46206, offset 0, flags [DF], proto TCP (6), length 60) 192.168.10.94.60528 192.168.10.95.22: Flags [S], cksum 0x963c (incorrect - 0xa91a), seq 1728571217, win 29200, options [mss 1460,sackOK,TS val 146297647 ecr 0,nop,wscale 7], length 0 0x: 4500 003c b47e 4000 4006 f02f c0a8 0a5e E...~@.@../...^ 0x0010: c0a8 0a5f ec70 0016 6707 e751 ..._.p..g..Q 0x0020: a002 7210 963c 0204 05b4 0402 080a ..r 0x0030: 08b8 532f 0103 0307 ..S/ 01:52:21.189789 fa:16:3e:05:d6:dd fa:16:3e:29:d8:8e, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60) 192.168.10.95.22 192.168.10.94.60528: Flags [S.], cksum 0x7eeb (correct), seq 952013707, ack 1728571218, win 28960, options [mss 1460,sackOK,TS val 146298380 ecr 146297647,nop,wscale 7], length 0 0x: 4500 003c 4000 4006 a4ae c0a8 0a5f E@.@.._ 0x0010: c0a8 0a5e 0016 ec70 38be 938b 6707 e752 ...^...p8...g..R 0x0020: a012 7120 7eeb 0204 05b4 0402 080a ..q.~... 0x0030: 08b8 560c 08b8 532f 0103 0307 ..V...S/ 01:52:21.189819 fa:16:3e:29:d8:8e fa:16:3e:05:d6:dd, ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl 64, id 878, offset 0, flags [DF], proto TCP (6), length 40) 192.168.10.94.60528 192.168.10.95.22: Flags [R], cksum 0xdef1 (correct), seq 1728571218, win 0, length 0 0x: 4500 0028 036e 4000 4006 a154 c0a8 0a5e E..(.n@.@..T...^ 0x0010: c0a8 0a5f ec70 0016 6707 e752 ..._.p..g..R 0x0020: 5004 def1 P... -- 原始邮 件 -- *发件人:* PiBa-NL; *发送时间:* 2014年9月16日(星期二) 上午9:31 *收件人:* Zebra; haproxy; *主题:* Re: About the health check Zebra schreef op 16-9-2014 3:08: Hi,all I configure the backend with one server and want to make the health check for it using tcp.And the configuration as below. backend httpservers option tcp-check This actually makes it perform tests on a higher layer: Perform health checks using tcp-check send/expect sequences If you remove the option tcp-check from the config it will probably do layer4. server server2 192.168.10.95:22 check inter 5s fall 1 maxconn 32000 But I find the log output below: Sep 16 01:03:34 localhost haproxy[30429]: Health check for server httpservers/server2 succeeded, reason: Layer7 check passed, code: 0, info: (tcp-check), check duration: 0ms, status: 1/1 UP. I could not understand why Layer 7 check passed for I think the tcp-check only work for Layer 4. Could you tell me more about this ? Looking forward to your reply, thanks!
Re: 回复: About the health check
Hi,PiBa-NL Have you tried removing that 'option tcp-check' from your configuration like i wrote before.? It should then default to a simple layer4 3way. It is indeed as what you say. Thank you for your candid reply, and I gain a lot. Greatly appreciated. Kind regards. Zebra -- Original -- From: PiBa-NLpiba.nl@gmail.com; Date: Wed, Sep 17, 2014 01:45 AM To: Zebramax...@unitedstack.com; haproxyhaproxy@formilux.org; Subject: Re: 回复: About the health check Hi Zebra, I think it stops after the 3way because your configuration is not using any send/expect values, so after the connection is made its immediately done 'checking' the layer 7 part.. Something like this would be the proper way to use tcp-check: |option tcp-check tcp-check send PING\r\n tcp-check expect +PONG tcp-check send info\ replication\r\n tcp-check expect string role:master tcp-check send QUIT\r\n tcp-check expect string +OK| Have you tried removing that 'option tcp-check' from your configuration like i wrote before.? It should then default to a simple layer4 3way. Zebra schreef op 16-9-2014 3:53: Hi, PiBa-NL Thank you for your reply . But I used tcpdump and find the check only try to make one tcp three-way handshake and even the packet for tcp ACK will not send. This is the result : root@ubuntuforhaproxy:/home# tcpdump -lnvvvXei eth0 tcp port 22 and src 192.168.10.95 or dst 192.168.10.95 tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 01:52:21.188205 fa:16:3e:29:d8:8e fa:16:3e:05:d6:dd, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 46206, offset 0, flags [DF], proto TCP (6), length 60) 192.168.10.94.60528 192.168.10.95.22: Flags [S], cksum 0x963c (incorrect - 0xa91a), seq 1728571217, win 29200, options [mss 1460,sackOK,TS val 146297647 ecr 0,nop,wscale 7], length 0 0x: 4500 003c b47e 4000 4006 f02f c0a8 0a5e E...~@.@../...^ 0x0010: c0a8 0a5f ec70 0016 6707 e751 ..._.p..g..Q 0x0020: a002 7210 963c 0204 05b4 0402 080a ..r 0x0030: 08b8 532f 0103 0307 ..S/ 01:52:21.189789 fa:16:3e:05:d6:dd fa:16:3e:29:d8:8e, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60) 192.168.10.95.22 192.168.10.94.60528: Flags [S.], cksum 0x7eeb (correct), seq 952013707, ack 1728571218, win 28960, options [mss 1460,sackOK,TS val 146298380 ecr 146297647,nop,wscale 7], length 0 0x: 4500 003c 4000 4006 a4ae c0a8 0a5f E@.@.._ 0x0010: c0a8 0a5e 0016 ec70 38be 938b 6707 e752 ...^...p8...g..R 0x0020: a012 7120 7eeb 0204 05b4 0402 080a ..q.~... 0x0030: 08b8 560c 08b8 532f 0103 0307 ..V...S/ 01:52:21.189819 fa:16:3e:29:d8:8e fa:16:3e:05:d6:dd, ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl 64, id 878, offset 0, flags [DF], proto TCP (6), length 40) 192.168.10.94.60528 192.168.10.95.22: Flags [R], cksum 0xdef1 (correct), seq 1728571218, win 0, length 0 0x: 4500 0028 036e 4000 4006 a154 c0a8 0a5e E..(.n@.@..T...^ 0x0010: c0a8 0a5f ec70 0016 6707 e752 ..._.p..g..R 0x0020: 5004 def1 P... -- 原始邮 件 -- *发件人:* PiBa-NL; *发送时间:* 2014年9月16日(星期二) 上午9:31 *收件人:* Zebra; haproxy; *主题:* Re: About the health check Zebra schreef op 16-9-2014 3:08: Hi,all I configure the backend with one server and want to make the health check for it using tcp.And the configuration as below. backend httpservers option tcp-check This actually makes it perform tests on a higher layer: Perform health checks using tcp-check send/expect sequences If you remove the option tcp-check from the config it will probably do layer4. server server2 192.168.10.95:22 check inter 5s fall 1 maxconn 32000 But I find the log output below: Sep 16 01:03:34 localhost haproxy[30429]: Health check for server httpservers/server2 succeeded, reason: Layer7 check passed, code: 0, info: (tcp-check), check duration: 0ms, status: 1/1 UP. I could not understand why Layer 7 check passed for I think the tcp-check only work for Layer 4. Could you tell me more about this ? Looking forward to your reply, thanks!
回复: About the health check
Hi, PiBa-NL Thank you for your reply . But I used tcpdump and find the check only try to make one tcp three-way handshake and even the packet for tcp ACK will not send. This is the result : root@ubuntuforhaproxy:/home# tcpdump -lnvvvXei eth0 tcp port 22 and src 192.168.10.95 or dst 192.168.10.95 tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 01:52:21.188205 fa:16:3e:29:d8:8e fa:16:3e:05:d6:dd, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 46206, offset 0, flags [DF], proto TCP (6), length 60) 192.168.10.94.60528 192.168.10.95.22: Flags [S], cksum 0x963c (incorrect - 0xa91a), seq 1728571217, win 29200, options [mss 1460,sackOK,TS val 146297647 ecr 0,nop,wscale 7], length 0 0x: 4500 003c b47e 4000 4006 f02f c0a8 0a5e E...~@.@../...^ 0x0010: c0a8 0a5f ec70 0016 6707 e751 ..._.p..g..Q 0x0020: a002 7210 963c 0204 05b4 0402 080a ..r 0x0030: 08b8 532f 0103 0307..S/ 01:52:21.189789 fa:16:3e:05:d6:dd fa:16:3e:29:d8:8e, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60) 192.168.10.95.22 192.168.10.94.60528: Flags [S.], cksum 0x7eeb (correct), seq 952013707, ack 1728571218, win 28960, options [mss 1460,sackOK,TS val 146298380 ecr 146297647,nop,wscale 7], length 0 0x: 4500 003c 4000 4006 a4ae c0a8 0a5f E@.@.._ 0x0010: c0a8 0a5e 0016 ec70 38be 938b 6707 e752 ...^...p8...g..R 0x0020: a012 7120 7eeb 0204 05b4 0402 080a ..q.~... 0x0030: 08b8 560c 08b8 532f 0103 0307..V...S/ 01:52:21.189819 fa:16:3e:29:d8:8e fa:16:3e:05:d6:dd, ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl 64, id 878, offset 0, flags [DF], proto TCP (6), length 40) 192.168.10.94.60528 192.168.10.95.22: Flags [R], cksum 0xdef1 (correct), seq 1728571218, win 0, length 0 0x: 4500 0028 036e 4000 4006 a154 c0a8 0a5e E..(.n@.@..T...^ 0x0010: c0a8 0a5f ec70 0016 6707 e752 ..._.p..g..R 0x0020: 5004 def1 P... -- 原始邮件 -- 发件人: PiBa-NL; 发送时间: 2014年9月16日(星期二) 上午9:31 收件人: Zebra; haproxy; 主题: Re: About the health check Zebra schreef op 16-9-2014 3:08: Hi,all I configure the backend with one server and want to make the health check for it using tcp.And the configuration as below. backend httpservers option tcp-check This actually makes it perform tests on a higher layer: Perform health checks using tcp-check send/expect sequences If you remove the option tcp-check from the config it will probably do layer4. server server2 192.168.10.95:22 check inter 5s fall 1 maxconn 32000 But I find the log output below: Sep 16 01:03:34 localhost haproxy[30429]: Health check for server httpservers/server2 succeeded, reason: Layer7 check passed, code: 0, info: (tcp-check), check duration: 0ms, status: 1/1 UP. I could not understand why Layer 7 check passed for I think the tcp-check only work for Layer 4. Could you tell me more about this ? Looking forward to your reply, thanks!