Discussion:
how to make ATS to receive traffic on specific ports or certain traffic
Velusamy, Gandhimathi
2017-12-03 18:02:11 UTC
Permalink
Hi,
I have configured ATS as a reverse proxy and as a load balancer. it accepts clients requests from two interfaces, one at eth0 and other at eth2 which is on same layer -2 connection. But eth0 is having public IP and the host is shared by other users.

I want the traffic server to load balance only my traffic coming on eth0 and from eth2.
I tried like this by setting http server ports as below.

ONFIG proxy.config.http.server_ports STRING ip-in=10.10.3.1:80 ip-in=128.163.233.35:55554

It works for the traffic coming to eth2. But giving 502 error for the http requests sent by me to eth0.

If I just let ONFIG proxy.config.http.server_ports STRING 80

Then it receives all the traffic coming to eth0 as the host on which ATS is running is shared.

Any help on how to configure as per my requirement is appreciated.

Thanks
Gandhimathi
Alan Carroll
2017-12-03 18:22:31 UTC
Permalink
There are so many things that could go wrong...

I would

* check that port 55554 passes through your routing - that's one different
between the two configurations. It might also be the reason you get a 502
response, if you didn't set curl to use that port.
* verify that using an RFC-1918 address (10.0.0.0/8) is valid - there may
be routing difficulties with that.
* use netstat to verify which address/port combinations are being used a
proxy ports.
* use wireshark to watch the connection.

I'm unclear on what network topology you are trying to construct. Do you
mean you have requests that originate from eth0 and go to eth2? What
addresses are associated with each interface? Do your 502 response requests
connect to Traffic Server at all? My first guess would be the failing
requests are using the RFC-1918 address to do outbound connections, which
will fail with a 502 if the origins are not in the same network. You might
need to set ip-out as well to deal with that.
Velusamy, Gandhimathi
2017-12-03 19:25:12 UTC
Permalink
Hi Alan,

Thanks for your response.

Yes. I used port no while sending http request.

From a client that connects to the host on eth0 in which ATS is running

***@p206:~$ wget http://elb1:55554/
--2017-12-03 12:31:41-- http://elb1:55554/
Resolving elb1 (elb1)... 128.163.233.35
Connecting to elb1 (elb1)|128.163.233.35|:55554... connected.
HTTP request sent, awaiting response... 502 Success
2017-12-03 12:31:42 ERROR 502: Success.

netstat at p206, on which ATS is running

***@elb1:~$ sudo netstat -tupln
tcp 0 0 128.163.233.35:55554 0.0.0.0:* LISTEN 16160/traffic_serve
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1113/rpcbind
tcp 0 0 10.10.3.1:80 0.0.0.0:* LISTEN 16160/traffic_serve
tcp 0 0 127.0.0.1:8084 0.0.0.0:* LISTEN 16160/traffic_serve

Used tcpdump to check whether the request has reached elb1:

tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:32:14.029399 IP (tos 0x0, ttl 45, id 6805, offset 0, flags [DF], proto TCP (6), length 60)
uh-fn-nat-105-50.it.uh.edu<http://uh-fn-nat-105-50.it.uh.edu>.42466 > pcvm3-11.pks2.sdn.uky.edu<http://pcvm3-11.pks2.sdn.uky.edu>.55554: Flags [S], cksum 0xe2a7 (correct), seq 896875447, win 29200, options [mss 1392,sackOK,TS val 434476436 ecr 0,nop,wscale 7], length 0
13:32:14.029492 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
pcvm3-11.pks2.sdn.uky.edu<http://pcvm3-11.pks2.sdn.uky.edu>.55554 > uh-fn-nat-105-50.it.uh.edu<http://uh-fn-nat-105-50.it.uh.edu>.42466: Flags [S.], cksum 0x542f (incorrect -> 0x6210), seq 2339713884, ack 896875448, win 28960, options [mss 1460,sackOK,TS val 794071820 ecr 434476436,nop,wscale 7], length 0
13:32:14.066284 IP (tos 0x0, ttl 45, id 6806, offset 0, flags [DF], proto TCP (6), length 52)


Tried to run ATS in debug mode as below and noticed that server connection not open error:

[Dec 3 13:53:36.962] Server {0x7f18b7a0b700} DEBUG: <HttpTransact.cc<http://httptransact.cc>:3293 (HandleResponse)> (http_seq) [0] [HttpTransact::HandleResponse] Response not valid
[Dec 3 13:53:36.962] Server {0x7f18b7a0b700} DEBUG: <HttpTransact.cc<http://httptransact.cc>:3641 (handle_response_from_server)> (http_trans) [0] [handle_response_from_server] (hrfs)
[Dec 3 13:53:36.962] Server {0x7f18b7a0b700} DEBUG: <HttpTransact.cc<http://httptransact.cc>:3803 (retry_server_connection_not_open)> (http_trans) [0] [1] failed to connect [5] to 10.10.2.1
[Dec 3 13:53:36.962] Server {0x7f18b7a0b700} DEBUG: <HttpTransact.cc<http://httptransact.cc>:3824 (retry_server_connection_not_open)> (http_trans) [0] [retry_server_connection_not_open] attempts now: 2, max: 3

And I noticed that:

Dec 3 13:53:36.966] Server {0x7f18b7a0b700} DEBUG: <HttpSM.cc<http://httpsm.cc>:4713 (do_http_server_open)> (http) [0] open connection to elb1: 10.10.2.1:55554


But when I tried to send http request from the local client c1, its opening connection to origin server:

Dec 3 14:02:58.858] Server {0x7f18b7a0b700} DEBUG: <HttpSM.cc<http://httpsm.cc>:4713 (do_http_server_open)> (http) [1] open connection to s2: 10.10.2.2:80

***@c1:~$ wget http://elb1/
--2017-12-03 14:02:26-- http://elb1/
Resolving elb1 (elb1)... 10.10.3.1
Connecting to elb1 (elb1)|10.10.3.1|:80... connected.
HTTP request sent, awaiting response... 200 OK


I'm unclear on what network topology you are trying to construct. Do you mean you have requests that originate from eth0 and go to eth2? What addresses are associated with each interface?

I am trying to connect from two clients one using public ip at eth0 other from LAN using eth2.

Please, find attached the topology diagram.
Miles Libbey
2017-12-03 20:28:43 UTC
Permalink
Perhaps I'm misreading, but, that looks to me like ATS is answering
your request, but can't reach the origin server. It looks like ATS is
trying to get to your origin on 10.10.2.1:55554, whereas you tested
10.10.2.2:80? Perhaps looking at your remap rule would be helpful.

On Sun, Dec 3, 2017 at 11:25 AM, Velusamy, Gandhimathi
Post by Velusamy, Gandhimathi
Hi Alan,
Thanks for your response.
Yes. I used port no while sending http request.
From a client that connects to the host on eth0 in which ATS is running
--2017-12-03 12:31:41-- http://elb1:55554/
Resolving elb1 (elb1)... 128.163.233.35
Connecting to elb1 (elb1)|128.163.233.35|:55554... connected.
HTTP request sent, awaiting response... 502 Success
2017-12-03 12:31:42 ERROR 502: Success.
netstat at p206, on which ATS is running
tcp 0 0 128.163.233.35:55554 0.0.0.0:* LISTEN
16160/traffic_serve
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
1113/rpcbind
tcp 0 0 10.10.3.1:80 0.0.0.0:* LISTEN
16160/traffic_serve
tcp 0 0 127.0.0.1:8084 0.0.0.0:* LISTEN
16160/traffic_serve
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:32:14.029399 IP (tos 0x0, ttl 45, id 6805, offset 0, flags [DF], proto
TCP (6), length 60)
Flags [S], cksum 0xe2a7 (correct), seq 896875447, win 29200, options [mss
1392,sackOK,TS val 434476436 ecr 0,nop,wscale 7], length 0
13:32:14.029492 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
Flags [S.], cksum 0x542f (incorrect -> 0x6210), seq 2339713884, ack
896875448, win 28960, options [mss 1460,sackOK,TS val 794071820 ecr
434476436,nop,wscale 7], length 0
13:32:14.066284 IP (tos 0x0, ttl 45, id 6806, offset 0, flags [DF], proto
TCP (6), length 52)
[Dec 3 13:53:36.962] Server {0x7f18b7a0b700} DEBUG: <HttpTransact.cc:3293
(HandleResponse)> (http_seq) [0] [HttpTransact::HandleResponse] Response not
valid
[Dec 3 13:53:36.962] Server {0x7f18b7a0b700} DEBUG: <HttpTransact.cc:3641
(handle_response_from_server)> (http_trans) [0]
[handle_response_from_server] (hrfs)
[Dec 3 13:53:36.962] Server {0x7f18b7a0b700} DEBUG: <HttpTransact.cc:3803
(retry_server_connection_not_open)> (http_trans) [0] [1] failed to connect
[5] to 10.10.2.1
[Dec 3 13:53:36.962] Server {0x7f18b7a0b700} DEBUG: <HttpTransact.cc:3824
(retry_server_connection_not_open)> (http_trans) [0]
[retry_server_connection_not_open] attempts now: 2, max: 3
Dec 3 13:53:36.966] Server {0x7f18b7a0b700} DEBUG: <HttpSM.cc:4713
(do_http_server_open)> (http) [0] open connection to elb1: 10.10.2.1:55554
But when I tried to send http request from the local client c1, its opening
Dec 3 14:02:58.858] Server {0x7f18b7a0b700} DEBUG: <HttpSM.cc:4713
(do_http_server_open)> (http) [1] open connection to s2: 10.10.2.2:80
--2017-12-03 14:02:26-- http://elb1/
Resolving elb1 (elb1)... 10.10.3.1
Connecting to elb1 (elb1)|10.10.3.1|:80... connected.
HTTP request sent, awaiting response... 200 OK
I'm unclear on what network topology you are trying to construct. Do you
mean you have requests that originate from eth0 and go to eth2? What
addresses are associated with each interface?
I am trying to connect from two clients one using public ip at eth0 other
from LAN using eth2.
Please, find attached the topology diagram.
Velusamy, Gandhimathi
2017-12-03 23:39:32 UTC
Permalink
Hi,

Please, find my remap.config:

map http://elb1 http://elb1 @plugin=balancer.so @pparam=--policy=roundrobin @pparam=s1 @pparam=s2

Both s1 and s2 are answering if the http requests are sent from c1.

Thanks
Gandhimathi
On Dec 3, 2017, at 2:28 PM, Miles Libbey <***@apache.org<mailto:***@apache.org>> wrote:

Perhaps I'm misreading, but, that looks to me like ATS is answering
your request, but can't reach the origin server. It looks like ATS is
trying to get to your origin on 10.10.2.1:55554, whereas you tested
10.10.2.2:80? Perhaps looking at your remap rule would be helpful.

On Sun, Dec 3, 2017 at 11:25 AM, Velusamy, Gandhimathi
<***@central.uh.edu<mailto:***@central.uh.edu>> wrote:
Hi Alan,

Thanks for your response.

Yes. I used port no while sending http request.

From a client that connects to the host on eth0 in which ATS is running

***@p206:~$ wget http://elb1:55554/
--2017-12-03 12:31:41-- http://elb1:55554/
Resolving elb1 (elb1)... 128.163.233.35
Connecting to elb1 (elb1)|128.163.233.35|:55554... connected.
HTTP request sent, awaiting response... 502 Success
2017-12-03 12:31:42 ERROR 502: Success.

netstat at p206, on which ATS is running

***@elb1:~$ sudo netstat -tupln
tcp 0 0 128.163.233.35:55554 0.0.0.0:* LISTEN
16160/traffic_serve
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
1113/rpcbind
tcp 0 0 10.10.3.1:80 0.0.0.0:* LISTEN
16160/traffic_serve
tcp 0 0 127.0.0.1:8084 0.0.0.0:* LISTEN
16160/traffic_serve

Used tcpdump to check whether the request has reached elb1:

tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535
bytes
13:32:14.029399 IP (tos 0x0, ttl 45, id 6805, offset 0, flags [DF], proto
TCP (6), length 60)
uh-fn-nat-105-50.it.uh.edu<http://uh-fn-nat-105-50.it.uh.edu>.42466 > pcvm3-11.pks2.sdn.uky.edu<http://pcvm3-11.pks2.sdn.uky.edu>.55554:
Flags [S], cksum 0xe2a7 (correct), seq 896875447, win 29200, options [mss
1392,sackOK,TS val 434476436 ecr 0,nop,wscale 7], length 0
13:32:14.029492 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP
(6), length 60)
pcvm3-11.pks2.sdn.uky.edu<http://pcvm3-11.pks2.sdn.uky.edu>.55554 > uh-fn-nat-105-50.it.uh.edu<http://uh-fn-nat-105-50.it.uh.edu>.42466:
Flags [S.], cksum 0x542f (incorrect -> 0x6210), seq 2339713884, ack
896875448, win 28960, options [mss 1460,sackOK,TS val 794071820 ecr
434476436,nop,wscale 7], length 0
13:32:14.066284 IP (tos 0x0, ttl 45, id 6806, offset 0, flags [DF], proto
TCP (6), length 52)


Tried to run ATS in debug mode as below and noticed that server connection
not open error:

[Dec 3 13:53:36.962] Server {0x7f18b7a0b700} DEBUG: <HttpTransact.cc<http://httptransact.cc>:3293
(HandleResponse)> (http_seq) [0] [HttpTransact::HandleResponse] Response not
valid
[Dec 3 13:53:36.962] Server {0x7f18b7a0b700} DEBUG: <HttpTransact.cc<http://httptransact.cc>:3641
(handle_response_from_server)> (http_trans) [0]
[handle_response_from_server] (hrfs)
[Dec 3 13:53:36.962] Server {0x7f18b7a0b700} DEBUG: <HttpTransact.cc<http://httptransact.cc>:3803
(retry_server_connection_not_open)> (http_trans) [0] [1] failed to connect
[5] to 10.10.2.1
[Dec 3 13:53:36.962] Server {0x7f18b7a0b700} DEBUG: <HttpTransact.cc<http://httptransact.cc>:3824
(retry_server_connection_not_open)> (http_trans) [0]
[retry_server_connection_not_open] attempts now: 2, max: 3

And I noticed that:

Dec 3 13:53:36.966] Server {0x7f18b7a0b700} DEBUG: <HttpSM.cc<http://httpsm.cc>:4713
(do_http_server_open)> (http) [0] open connection to elb1: 10.10.2.1:55554


But when I tried to send http request from the local client c1, its opening
connection to origin server:

Dec 3 14:02:58.858] Server {0x7f18b7a0b700} DEBUG: <HttpSM.cc<http://httpsm.cc>:4713
(do_http_server_open)> (http) [1] open connection to s2: 10.10.2.2:80

***@c1:~$ wget http://elb1/
--2017-12-03 14:02:26-- http://elb1/
Resolving elb1 (elb1)... 10.10.3.1
Connecting to elb1 (elb1)|10.10.3.1|:80... connected.
HTTP request sent, awaiting response... 200 OK


I'm unclear on what network topology you are trying to construct. Do you
mean you have requests that originate from eth0 and go to eth2? What
addresses are associated with each interface?


I am trying to connect from two clients one using public ip at eth0 other
from LAN using eth2.

Please, find attached the topology diagram.

Loading...