Mailing List Archive

> Francis Corouge wrote:
>
> hello,
> I made an lvs server in Direct routing mod since a couple of week.
> All my services seem to work well, but I have a problem that occurs only with
> Internet Explorer 4.1 on secured connexions. I did not test with other
> versions of IE, but I have any error with netscape.
> A detail surprised me : these pages are successfully received randomly, as it
> seems.

I don't have any idea. What happens if you connect to the real-server directly
(take the real-server out of the LVS, and make the VIP reply to arp requests)
ie is it an LVS problem or an IE problem?

Joe

--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@epa.gov ph# 919-541-0007, RTP, NC, USA

Hello,

On Mon, 12 Feb 2001, Francis Corouge wrote:

> hello,
> I made an lvs server in Direct routing mod since a couple of week.
> All my services seem to work well, but I have a problem that occurs only
> with Internet Explorer 4.1 on secured connexions. I did not test with
> other versions of IE, but I have any error with netscape.
> A detail surprised me : these pages are successfully received randomly,
> as it seems.

Is the https service created persistent? ipvsadm -p

> Francis COROUGE


Regards

--
Julian Anastasov <ja@ssi.bg>

this is worth with persistent connexions.
and it works without a single error when I connect directly on the real
server.
Isn't it really amazing ?

Francis

-----Message d'origine-----
De : Julian Anastasov <ja@ssi.bg>
À : Francis Corouge <fcorouge@ekoopon.com>
Cc : lvs-users@LinuxVirtualServer.org <lvs-users@LinuxVirtualServer.org>
Date : lundi 12 février 2001 13:02
Objet : Re: https and IE4


>
> Hello,
>
>On Mon, 12 Feb 2001, Francis Corouge wrote:
>
>> hello,
>> I made an lvs server in Direct routing mod since a couple of week.
>> All my services seem to work well, but I have a problem that occurs only
>> with Internet Explorer 4.1 on secured connexions. I did not test with
>> other versions of IE, but I have any error with netscape.
>> A detail surprised me : these pages are successfully received randomly,
>> as it seems.
>
> Is the https service created persistent? ipvsadm -p
>
>> Francis COROUGE
>
>
>Regards
>
>--
>Julian Anastasov <ja@ssi.bg>
>
>
>_______________________________________________
>LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
>Send requests to lvs-users-request@LinuxVirtualServer.org
>or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>

Francis Corouge wrote:
>
> this is worth with persistent connexions.
> and it works without a single error when I connect directly on the real
> server.


>> these pages are successfully received randomly,

what does "randomly" mean? What do you see.

Julian, why does persistence fix this problem?

Joe


> >
> > Is the https service created persistent? ipvsadm -p

> >Julian Anastasov <ja@ssi.bg>

--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@epa.gov ph# 919-541-0007, RTP, NC, USA

Hello,

On Mon, 12 Feb 2001, Joseph Mack wrote:

> Francis Corouge wrote:
> >
> > this is worth with persistent connexions.
> > and it works without a single error when I connect directly on the real
> > server.
>
> Julian, why does persistence fix this problem?

http://www.linuxvirtualserver.org/persistence.html

I assume the problem is in the way SSL is working: cached
keys, etc. Without persistence configured, the SSL connections break
when they hit another real server.

> Joe


Regards

--
Julian Anastasov <ja@ssi.bg>

when you make several requests, sometime the page is displayed, but sometime
a popup error message is displayed with something like

Internet Explorer can't open your Internet Site <the_url>
An error occured with the secured connexion.

and at least, it purposes to load the insecure pages (unsuccessfully).

Francis COROUGE



>Francis Corouge wrote:
>>
>> this is worth with persistent connexions.
>> and it works without a single error when I connect directly on the real
>> server.
>
>
>>> these pages are successfully received randomly,
>
>what does "randomly" mean? What do you see.
>
>Julian, why does persistence fix this problem?
>
>Joe
>
>
>> >
>> > Is the https service created persistent? ipvsadm -p
>
>> >Julian Anastasov <ja@ssi.bg>
>
>--
>Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
>contractor to the National Environmental Supercomputer Center,
>mailto:mack.joseph@epa.gov ph# 919-541-0007, RTP, NC, USA

Julian Anastasov wrote:
>
> > Julian, why does persistence fix this problem?
>
> http://www.linuxvirtualserver.org/persistence.html
>
> I assume the problem is in the way SSL is working: cached
> keys, etc. Without persistence configured, the SSL connections break
> when they hit another real server.



when you make several requests, sometime the page is displayed, but sometime
a popup error message is displayed with something like

Internet Explorer can't open your Internet Site <the_url>
An error occured with the secured connexion.

and at least, it purposes to load the insecure pages (unsuccessfully).

Francis COROUGE




this is one for the HOWTO.
Thanks

Joe

>
> > Joe
>
> Regards
>
> --
> Julian Anastasov <ja@ssi.bg>
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> Send requests to lvs-users-request@LinuxVirtualServer.org
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users

--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@epa.gov ph# 919-541-0007, RTP, NC, USA

Hello,

On Mon, 12 Feb 2001, Joseph Mack wrote:

> this is one for the HOWTO.
> Thanks

May be I'm reading old LVS-HOWTO (PCC scheduling, etc) but under:

SSL is a little bit different

there is description why the SSL services (especially https)
must be configured persistent. I don't think we need to add something
more but of course may be it can be useful.

> Joe


Regards

--
Julian Anastasov <ja@ssi.bg>

yes, i agree with you, and that's exactly what wanted to do.
but as i hadn't any good result, I tried the with and without persistence.
Netscape works with both, IE sometimes works, and other times not.

to summarize:
directly : IE works, Netscape works
with lvs, and persistence : IE doesn't any times, Netscape all the time
with lvs, without persistence : idem.

Francis


-----Message d'origine-----
De : Julian Anastasov <ja@ssi.bg>
À : Joseph Mack <mack.joseph@epa.gov>
Cc : lvs-users@LinuxVirtualServer.org <lvs-users@LinuxVirtualServer.org>;
Joseph Mack <mack.joseph@epamail.epa.gov>; fcorouge@ekoopon.com
<fcorouge@ekoopon.com>
Date : lundi 12 février 2001 14:19
Objet : Re: https and IE4


>
> Hello,
>
>On Mon, 12 Feb 2001, Joseph Mack wrote:
>
>> this is one for the HOWTO.
>> Thanks
>
> May be I'm reading old LVS-HOWTO (PCC scheduling, etc) but under:
>
>SSL is a little bit different
>
> there is description why the SSL services (especially https)
>must be configured persistent. I don't think we need to add something
>more but of course may be it can be useful.
>
>> Joe
>
>
>Regards
>
>--
>Julian Anastasov <ja@ssi.bg>
>
>
>_______________________________________________
>LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
>Send requests to lvs-users-request@LinuxVirtualServer.org
>or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>

Hello,

On Mon, 12 Feb 2001, Francis Corouge wrote:

> yes, i agree with you, and that's exactly what wanted to do.
> but as i hadn't any good result, I tried the with and without persistence.
> Netscape works with both, IE sometimes works, and other times not.
>
> to summarize:
> directly : IE works, Netscape works
> with lvs, and persistence : IE doesn't any times, Netscape all the time

Just make a good pause between all tests :) 5 min? When the
persistence is ON don't use any pause.

> with lvs, without persistence : idem.
>
> Francis


Regards

--
Julian Anastasov <ja@ssi.bg>

Julian Anastasov wrote:

> > Julian, why does persistence fix this problem?
>
> http://www.linuxvirtualserver.org/persistence.html
>
> I assume the problem is in the way SSL is working: cached
> keys, etc. Without persistence configured, the SSL connections break
> when they hit another real server.

what is (or might be) different about IE4 and Netscape?

Joe


--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@epa.gov ph# 919-541-0007, RTP, NC, USA

Hello,

On Thu, 15 Feb 2001, Joseph Mack wrote:

> Julian Anastasov wrote:
>
> > > Julian, why does persistence fix this problem?
> >
> > http://www.linuxvirtualserver.org/persistence.html
> >
> > I assume the problem is in the way SSL is working: cached
> > keys, etc. Without persistence configured, the SSL connections break
> > when they hit another real server.
>
> what is (or might be) different about IE4 and Netscape?

May be in the way the bugs are encoded. But I'm not sure how the
SSL requests are performed. It depends on that too. What pause was used.

> Joe
>
>
> --
> Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
> contractor to the National Environmental Supercomputer Center,
> mailto:mack.joseph@epa.gov ph# 919-541-0007, RTP, NC, USA


Regards

--
Julian Anastasov <ja@ssi.bg>