Hi, this is the first time I play around with hoststated/relayd. I have a stateful web application, and try to use hoststated/relayd in front of it. Because the application is stateful, the client has to be redirected to the same instance for the session lifetime. The session id is encoded as GET parameter "wosid". Further I have the problem that many of the users are either sitting behind a proxy or a NAT'ed IP address, so these should not be redirected to the same application instance. I tried with hoststated on OpenBSD 4.2 i386 and with relayd on OpenBSD -snapshot sparc64 from beginning of February 08.
I'm not sure, whether I see the same problems, as described here in that thread: http://www.nabble.com/relayd-http-check-connection-failures--hoststated-operates-correctly-to15646508.html Well, I do not fiddle around with carp interfaces, and I also tried the patch with the timeout, that did not fixed my problem. First I tried to use relayd, until I came across above mentioned thread, however, first I tried to setup a ssl accelerator as in the example: ext_addr="10.0.0.24" ogo1="10.0.0.121" ogo2="10.0.0.122" ogo3="10.0.0.123" ogo4="10.0.0.124" ogo5="10.0.0.125" timeout 9999 table <ogohosts> { $ogo1 $ogo2 $ogo3 $ogo4 $ogo5 } http protocol httpssl { header append "$REMOTE_ADDR" to "X-Forwarded-For" header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By" header change "Connection" to "close" cookie hash "wosid" url hash "wosid" url log "wosid" # Various TCP performance options # tcp { nodelay, sack, socket buffer 65536, backlog 128 } # ssl { no sslv2, sslv3, tlsv1, ciphers HIGH } # ssl session cache disable } relay wwwssl { # Run as a SSL accelerator listen on $ext_addr port 443 ssl protocol httpssl # Forward to hosts in the webhosts table using a src/dst hash forward to <ogohosts> port http mode hash \ check http "/" code 200 } # relayd -d -vv -f /etc/relayd.conf startup init_filter: filter init done init_tables: created 0 tables relay_privinit: adding relay wwwssl protocol 0: name httpssl flags: 0x0004 type: http request change "Connection" to "close" request cookie hash "wosid" request url hash "wosid" request url log "wosid" request append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By" request append "$REMOTE_ADDR" to "X-Forwarded-For" hce_notify_done: 10.0.0.121 (tcp_send_req: timeout) relay_init: max open files 1024 relay_init: max open files 1024 host 10.0.0.121, check http code (9ms), state unknown -> down, availability 0.00% hce_notify_done: 10.0.0.122 (tcp_send_req: timeout) host 10.0.0.122, check http code (51ms), state unknown -> down, availability 0.00% hce_notify_done: 10.0.0.123 (tcp_send_req: timeout) host 10.0.0.123, check http code (52ms), state unknown -> down, availability 0.00% hce_notify_done: 10.0.0.124 (tcp_send_req: timeout) host 10.0.0.124, check http code (53ms), state unknown -> down, availability 0.00% hce_notify_done: 10.0.0.125 (tcp_send_req: timeout) host 10.0.0.125, check http code (53ms), state unknown -> down, availability 0.00% pfe_dispatch_imsg: state -1 for host 9 10.0.0.121 pfe_dispatch_imsg: state -1 for host 8 10.0.0.122 pfe_dispatch_imsg: state -1 for host 7 10.0.0.123 pfe_dispatch_imsg: state -1 for host 6 10.0.0.124 pfe_dispatch_imsg: state -1 for host 5 10.0.0.125 relay_ssl_ctx_create: loading certificate relay_init: max open files 1024 relay_ssl_ctx_create: loading certificate relay_ssl_ctx_create: loading certificate relay_ssl_ctx_create: loading private key relay_init: max open files 1024 adding 5 hosts from table ogohosts:80 relay_init: max open files 1024 relay_launch: running relay wwwssl relay_ssl_ctx_create: loading private key adding 5 hosts from table ogohosts:80 relay_ssl_ctx_create: loading private key relay_launch: running relay wwwssl adding 5 hosts from table ogohosts:80 relay_ssl_ctx_create: loading certificate relay_launch: running relay wwwssl relay_ssl_ctx_create: loading certificate relay_ssl_ctx_create: loading private key adding 5 hosts from table ogohosts:80 relay_ssl_ctx_create: loading private key relay_launch: running relay wwwssl adding 5 hosts from table ogohosts:80 relay_launch: running relay wwwssl relay wwwssl, session 1 established (1 active) relay_from_table: no active hosts relay wwwssl, session 1 (1 active), 0, 10.0.0.9 -> :80, session failed relay wwwssl, session 2 established (1 active) relay_from_table: no active hosts relay wwwssl, session 2 (1 active), 0, 10.0.0.9 -> :80, session failed tcp_write: connect timed out hce_notify_done: 10.0.0.124 (tcp_write: connect failed) tcp_write: connect timed out hce_notify_done: 10.0.0.125 (tcp_write: connect failed) hce_notify_done: 10.0.0.121 (tcp_send_req: timeout) hce_notify_done: 10.0.0.122 (tcp_send_req: timeout) hce_notify_done: 10.0.0.123 (tcp_send_req: timeout) ======================================================================================= Also a http redirect did not work. I get a timeout in the browser. With tcpdump I see incoming SYN packets to port 80, but they are not answered: ext_addr="10.0.0.24" ogo1="10.0.0.121" ogo2="10.0.0.122" ogo3="10.0.0.123" ogo4="10.0.0.124" ogo5="10.0.0.125" timeout 9999 table <ogohosts> { $ogo1 $ogo2 $ogo3 $ogo4 $ogo5 } redirect "www" { listen on $ext_addr port 80 listen on biggame.ds9 port 80 sticky-address forward to <ogohosts> port http timeout 3000 \ check http "/" code 200 } # relayd -d -vv -f /etc/relayd.conf startup init_filter: filter init done hce_notify_done: 10.0.0.125 (tcp_read_buf: check succeeded) init_tables: created 1 tables host 10.0.0.125, check http code (9ms), state unknown -> up, availability 100.00% hce_notify_done: 10.0.0.122 (tcp_read_buf: check succeeded) host 10.0.0.122, check http code (146ms), state unknown -> up, availability 100.00% hce_notify_done: 10.0.0.124 (tcp_read_buf: check succeeded) host 10.0.0.124, check http code (148ms), state unknown -> up, availability 100.00% hce_notify_done: 10.0.0.123 (tcp_read_buf: check succeeded) host 10.0.0.123, check http code (149ms), state unknown -> up, availability 100.00% hce_notify_done: 10.0.0.121 (tcp_read_buf: check succeeded) host 10.0.0.121, check http code (150ms), state unknown -> up, availability 100.00% pfe_dispatch_imsg: state 1 for host 5 10.0.0.125 pfe_dispatch_imsg: state 1 for host 8 10.0.0.122 pfe_dispatch_imsg: state 1 for host 6 10.0.0.124 pfe_dispatch_imsg: state 1 for host 7 10.0.0.123 pfe_dispatch_imsg: state 1 for host 9 10.0.0.121 sync_table: table www: 5 added, 0 deleted, 0 changed pfe_sync: enabling ruleset sync_ruleset: rule added sync_ruleset: rule added sync_ruleset: rule added hce_notify_done: 10.0.0.124 (tcp_read_buf: check succeeded) hce_notify_done: 10.0.0.121 (tcp_read_buf: check succeeded) hce_notify_done: 10.0.0.123 (tcp_read_buf: check succeeded) hce_notify_done: 10.0.0.122 (tcp_read_buf: check succeeded) hce_notify_done: 10.0.0.125 (tcp_read_buf: check succeeded) ============================================================================================ Using hoststated on OpenBSD 4.2, there it generally works, www loadbalancing, and https acceleration. But here I have another little problem. When I change the "sessid" to "wosid", in the protocol definition, then hoststated refuses to start, below below shown reason. ext_addr="10.0.0.21" ogo1="10.0.0.121" ogo2="10.0.0.122" ogo3="10.0.0.123" ogo4="10.0.0.124" ogo5="10.0.0.125" timeout 9999 log all table webhosts { check http "/" code 200 real port 80 host $ogo1 host $ogo2 host $ogo3 host $ogo4 host $ogo5 } protocol http_ssl { protocol http header append "$REMOTE_ADDR" to "X-Forwarded-For" header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By" header change "Keep-Alive" to "$TIMEOUT" # cookie hash ogo-webui-1.1 # query hash "wosid" # url log "sessid" url hash "sessid" } relay sslaccel { listen on $ext_addr port 443 ssl protocol http_ssl table webhosts hash } service www { virtual host $ext_addr port 80 sticky-address table webhosts } The construct seems to work well with the service www. The sessions are stuck to the same instance because of the sticky-address. However, in my testsetup it seems, that all clients from the same host are redirected to the same instance. My testsetup were only two different browsers on the same host, so I might have the wrong conclusion. Therefore I thought, I could make the protocol definition used for the relay sslacces consider the value of wosid to calculate the host to which it gets redirected. As it seems, I can change the value of cookie hash to anything I want, without getting an error, but I do not want to use cookies. So I changed the url hash "sessid" to url hash "wosid", but then the following error occurs on hoststated startup: hoststated -d -v -f /etc/hoststated.conf /etc/hoststated.conf:41: protocol node wosid defined twice /etc/hoststated.conf:44: syntax error /etc/hoststated.conf:48: no such protocol: http_ssl /etc/hoststated.conf:49: table webhosts defined twice Also, I cannot specify both url log "sessid", and url hash "sessid", then the same error as above shows up. With relayd, I can specify both, and also name the value wosid, without getting this error, but there I run into the problem mentioned in the beginning of the mail. So, long story, some shorter questions: Is the problem I see with relayd, the same as in the thread I mentioned above, or have I done sth. else wrong? How can I make hoststated protocol consider the value of wosid to calculate the host to redirect to? cheers Sebastian
