how to make ATS to receive traffic on specific ports or certain traffic

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

how to make ATS to receive traffic on specific ports or certain traffic

Velusamy, Gandhimathi
Hi,
 I have configured ATS as a reverse proxy and as a load balancer. it accepts clients requests from two interfaces, one at eth0 and other at eth2 which is on same layer -2 connection. But eth0 is having public IP and the host is shared by other users.  

I want the traffic server to load balance only my traffic coming on eth0 and from eth2.
I tried like this by setting http server ports as below.

ONFIG proxy.config.http.server_ports STRING ip-in=10.10.3.1:80 ip-in=128.163.233.35:55554

It works for the traffic coming to eth2. But giving 502 error for the http requests sent by me to eth0.

If I just let ONFIG proxy.config.http.server_ports STRING 80

Then it receives all the traffic coming to eth0 as the host on which ATS is running is shared. 

Any help on how to configure as per my requirement is appreciated.

Thanks
Gandhimathi





Reply | Threaded
Open this post in threaded view
|

Re: how to make ATS to receive traffic on specific ports or certain traffic

Alan Carroll-2
There are so many things that could go wrong...

I would

* check that port 55554 passes through your routing - that's one different between the two configurations. It might also be the reason you get a 502 response, if you didn't set curl to use that port.
* verify that using an RFC-1918 address (10.0.0.0/8) is valid - there may be routing difficulties with that.
* use netstat to verify which address/port combinations are being used a proxy ports.
* use wireshark to watch the connection.

I'm unclear on what network topology you are trying to construct. Do you mean you have requests that originate from eth0 and go to eth2? What addresses are associated with each interface? Do your 502 response requests connect to Traffic Server at all? My first guess would be the failing requests are using the RFC-1918 address to do outbound connections, which will fail with a 502 if the origins are not in the same network. You might need to set ip-out as well to deal with that.

Reply | Threaded
Open this post in threaded view
|

Re: how to make ATS to receive traffic on specific ports or certain traffic

Velusamy, Gandhimathi
Hi Alan,

Thanks for your response.

Yes. I used port no while sending http request.

From a client that connects to the host on eth0 in which ATS is running 

gvelusam@p206:~$ wget http://elb1:55554/
--2017-12-03 12:31:41--  http://elb1:55554/
Resolving elb1 (elb1)... 128.163.233.35
Connecting to elb1 (elb1)|128.163.233.35|:55554... connected.
HTTP request sent, awaiting response... 502 Success
2017-12-03 12:31:42 ERROR 502: Success.

netstat at p206, on which ATS is running

gvelus01@elb1:~$ sudo netstat -tupln
tcp        0      0 128.163.233.35:55554    0.0.0.0:*               LISTEN      16160/traffic_serve
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1113/rpcbind    
tcp        0      0 10.10.3.1:80            0.0.0.0:*               LISTEN      16160/traffic_serve
tcp        0      0 127.0.0.1:8084          0.0.0.0:*               LISTEN      16160/traffic_serve

Used tcpdump to check whether the request has reached elb1:

tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:32:14.029399 IP (tos 0x0, ttl 45, id 6805, offset 0, flags [DF], proto TCP (6), length 60)
    uh-fn-nat-105-50.it.uh.edu.42466 > pcvm3-11.pks2.sdn.uky.edu.55554: Flags [S], cksum 0xe2a7 (correct), seq 896875447, win 29200, options [mss 1392,sackOK,TS val 434476436 ecr 0,nop,wscale 7], length 0
13:32:14.029492 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    pcvm3-11.pks2.sdn.uky.edu.55554 > uh-fn-nat-105-50.it.uh.edu.42466: Flags [S.], cksum 0x542f (incorrect -> 0x6210), seq 2339713884, ack 896875448, win 28960, options [mss 1460,sackOK,TS val 794071820 ecr 434476436,nop,wscale 7], length 0
13:32:14.066284 IP (tos 0x0, ttl 45, id 6806, offset 0, flags [DF], proto TCP (6), length 52)


Tried to run ATS in debug mode as below and noticed that server connection not open error:

[Dec  3 13:53:36.962] Server {0x7f18b7a0b700} DEBUG: <HttpTransact.cc:3293 (HandleResponse)> (http_seq) [0] [HttpTransact::HandleResponse] Response not valid
[Dec  3 13:53:36.962] Server {0x7f18b7a0b700} DEBUG: <HttpTransact.cc:3641 (handle_response_from_server)> (http_trans) [0] [handle_response_from_server] (hrfs)
[Dec  3 13:53:36.962] Server {0x7f18b7a0b700} DEBUG: <HttpTransact.cc:3803 (retry_server_connection_not_open)> (http_trans) [0] [1] failed to connect [5] to 10.10.2.1
[Dec  3 13:53:36.962] Server {0x7f18b7a0b700} DEBUG: <HttpTransact.cc:3824 (retry_server_connection_not_open)> (http_trans) [0] [retry_server_connection_not_open] attempts now: 2, max: 3

And I noticed that:

Dec  3 13:53:36.966] Server {0x7f18b7a0b700} DEBUG: <HttpSM.cc:4713 (do_http_server_open)> (http) [0] open connection to elb1: 10.10.2.1:55554


But when I tried to send http request from the local client c1, its opening connection to origin server:

Dec  3 14:02:58.858] Server {0x7f18b7a0b700} DEBUG: <HttpSM.cc:4713 (do_http_server_open)> (http) [1] open connection to s2: 10.10.2.2:80

gvelus01@c1:~$ wget http://elb1/
--2017-12-03 14:02:26--  http://elb1/
Resolving elb1 (elb1)... 10.10.3.1
Connecting to elb1 (elb1)|10.10.3.1|:80... connected.
HTTP request sent, awaiting response... 200 OK


I'm unclear on what network topology you are trying to construct. Do you mean you have requests that originate from eth0 and go to eth2? What addresses are associated with each interface?

I am trying to connect from two clients one using public ip at eth0 other from LAN using eth2.

Please, find attached the topology diagram.



elb1-topology.pdf (125K) Download Attachment
ATT00001.htm (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: how to make ATS to receive traffic on specific ports or certain traffic

Miles Libbey
Perhaps I'm misreading, but, that looks to me like ATS is answering
your request, but can't reach the origin server. It looks like ATS is
trying to get to your origin on 10.10.2.1:55554, whereas you tested
10.10.2.2:80? Perhaps looking at your remap rule would be helpful.

On Sun, Dec 3, 2017 at 11:25 AM, Velusamy, Gandhimathi
<[hidden email]> wrote:

> Hi Alan,
>
> Thanks for your response.
>
> Yes. I used port no while sending http request.
>
> From a client that connects to the host on eth0 in which ATS is running
>
> gvelusam@p206:~$ wget http://elb1:55554/
> --2017-12-03 12:31:41--  http://elb1:55554/
> Resolving elb1 (elb1)... 128.163.233.35
> Connecting to elb1 (elb1)|128.163.233.35|:55554... connected.
> HTTP request sent, awaiting response... 502 Success
> 2017-12-03 12:31:42 ERROR 502: Success.
>
> netstat at p206, on which ATS is running
>
> gvelus01@elb1:~$ sudo netstat -tupln
> tcp        0      0 128.163.233.35:55554    0.0.0.0:*               LISTEN
> 16160/traffic_serve
> tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN
> 1113/rpcbind
> tcp        0      0 10.10.3.1:80            0.0.0.0:*               LISTEN
> 16160/traffic_serve
> tcp        0      0 127.0.0.1:8084          0.0.0.0:*               LISTEN
> 16160/traffic_serve
>
> Used tcpdump to check whether the request has reached elb1:
>
> tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535
> bytes
> 13:32:14.029399 IP (tos 0x0, ttl 45, id 6805, offset 0, flags [DF], proto
> TCP (6), length 60)
>     uh-fn-nat-105-50.it.uh.edu.42466 > pcvm3-11.pks2.sdn.uky.edu.55554:
> Flags [S], cksum 0xe2a7 (correct), seq 896875447, win 29200, options [mss
> 1392,sackOK,TS val 434476436 ecr 0,nop,wscale 7], length 0
> 13:32:14.029492 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP
> (6), length 60)
>     pcvm3-11.pks2.sdn.uky.edu.55554 > uh-fn-nat-105-50.it.uh.edu.42466:
> Flags [S.], cksum 0x542f (incorrect -> 0x6210), seq 2339713884, ack
> 896875448, win 28960, options [mss 1460,sackOK,TS val 794071820 ecr
> 434476436,nop,wscale 7], length 0
> 13:32:14.066284 IP (tos 0x0, ttl 45, id 6806, offset 0, flags [DF], proto
> TCP (6), length 52)
>
>
> Tried to run ATS in debug mode as below and noticed that server connection
> not open error:
>
> [Dec  3 13:53:36.962] Server {0x7f18b7a0b700} DEBUG: <HttpTransact.cc:3293
> (HandleResponse)> (http_seq) [0] [HttpTransact::HandleResponse] Response not
> valid
> [Dec  3 13:53:36.962] Server {0x7f18b7a0b700} DEBUG: <HttpTransact.cc:3641
> (handle_response_from_server)> (http_trans) [0]
> [handle_response_from_server] (hrfs)
> [Dec  3 13:53:36.962] Server {0x7f18b7a0b700} DEBUG: <HttpTransact.cc:3803
> (retry_server_connection_not_open)> (http_trans) [0] [1] failed to connect
> [5] to 10.10.2.1
> [Dec  3 13:53:36.962] Server {0x7f18b7a0b700} DEBUG: <HttpTransact.cc:3824
> (retry_server_connection_not_open)> (http_trans) [0]
> [retry_server_connection_not_open] attempts now: 2, max: 3
>
> And I noticed that:
>
> Dec  3 13:53:36.966] Server {0x7f18b7a0b700} DEBUG: <HttpSM.cc:4713
> (do_http_server_open)> (http) [0] open connection to elb1: 10.10.2.1:55554
>
>
> But when I tried to send http request from the local client c1, its opening
> connection to origin server:
>
> Dec  3 14:02:58.858] Server {0x7f18b7a0b700} DEBUG: <HttpSM.cc:4713
> (do_http_server_open)> (http) [1] open connection to s2: 10.10.2.2:80
>
> gvelus01@c1:~$ wget http://elb1/
> --2017-12-03 14:02:26--  http://elb1/
> Resolving elb1 (elb1)... 10.10.3.1
> Connecting to elb1 (elb1)|10.10.3.1|:80... connected.
> HTTP request sent, awaiting response... 200 OK
>
>
> I'm unclear on what network topology you are trying to construct. Do you
> mean you have requests that originate from eth0 and go to eth2? What
> addresses are associated with each interface?
>
>
> I am trying to connect from two clients one using public ip at eth0 other
> from LAN using eth2.
>
> Please, find attached the topology diagram.
>
>
Reply | Threaded
Open this post in threaded view
|

Re: how to make ATS to receive traffic on specific ports or certain traffic

Velusamy, Gandhimathi
Hi,

Please, find my remap.config:

map http://elb1 http://elb1 @plugin=balancer.so @pparam=--policy=roundrobin @pparam=s1 @pparam=s2

Both s1 and s2 are answering if the http requests are sent from c1.

Thanks
Gandhimathi
On Dec 3, 2017, at 2:28 PM, Miles Libbey <[hidden email]> wrote:

Perhaps I'm misreading, but, that looks to me like ATS is answering
your request, but can't reach the origin server. It looks like ATS is
trying to get to your origin on 10.10.2.1:55554, whereas you tested
10.10.2.2:80? Perhaps looking at your remap rule would be helpful.

On Sun, Dec 3, 2017 at 11:25 AM, Velusamy, Gandhimathi
<[hidden email]> wrote:
Hi Alan,

Thanks for your response.

Yes. I used port no while sending http request.

From a client that connects to the host on eth0 in which ATS is running

gvelusam@p206:~$ wget http://elb1:55554/
--2017-12-03 12:31:41--  http://elb1:55554/
Resolving elb1 (elb1)... 128.163.233.35
Connecting to elb1 (elb1)|128.163.233.35|:55554... connected.
HTTP request sent, awaiting response... 502 Success
2017-12-03 12:31:42 ERROR 502: Success.

netstat at p206, on which ATS is running

gvelus01@elb1:~$ sudo netstat -tupln
tcp        0      0 128.163.233.35:55554    0.0.0.0:*               LISTEN
16160/traffic_serve
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN
1113/rpcbind
tcp        0      0 10.10.3.1:80            0.0.0.0:*               LISTEN
16160/traffic_serve
tcp        0      0 127.0.0.1:8084          0.0.0.0:*               LISTEN
16160/traffic_serve

Used tcpdump to check whether the request has reached elb1:

tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535
bytes
13:32:14.029399 IP (tos 0x0, ttl 45, id 6805, offset 0, flags [DF], proto
TCP (6), length 60)
   uh-fn-nat-105-50.it.uh.edu.42466 > pcvm3-11.pks2.sdn.uky.edu.55554:
Flags [S], cksum 0xe2a7 (correct), seq 896875447, win 29200, options [mss
1392,sackOK,TS val 434476436 ecr 0,nop,wscale 7], length 0
13:32:14.029492 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP
(6), length 60)
   pcvm3-11.pks2.sdn.uky.edu.55554 > uh-fn-nat-105-50.it.uh.edu.42466:
Flags [S.], cksum 0x542f (incorrect -> 0x6210), seq 2339713884, ack
896875448, win 28960, options [mss 1460,sackOK,TS val 794071820 ecr
434476436,nop,wscale 7], length 0
13:32:14.066284 IP (tos 0x0, ttl 45, id 6806, offset 0, flags [DF], proto
TCP (6), length 52)


Tried to run ATS in debug mode as below and noticed that server connection
not open error:

[Dec  3 13:53:36.962] Server {0x7f18b7a0b700} DEBUG: <HttpTransact.cc:3293
(HandleResponse)> (http_seq) [0] [HttpTransact::HandleResponse] Response not
valid
[Dec  3 13:53:36.962] Server {0x7f18b7a0b700} DEBUG: <HttpTransact.cc:3641
(handle_response_from_server)> (http_trans) [0]
[handle_response_from_server] (hrfs)
[Dec  3 13:53:36.962] Server {0x7f18b7a0b700} DEBUG: <HttpTransact.cc:3803
(retry_server_connection_not_open)> (http_trans) [0] [1] failed to connect
[5] to 10.10.2.1
[Dec  3 13:53:36.962] Server {0x7f18b7a0b700} DEBUG: <HttpTransact.cc:3824
(retry_server_connection_not_open)> (http_trans) [0]
[retry_server_connection_not_open] attempts now: 2, max: 3

And I noticed that:

Dec  3 13:53:36.966] Server {0x7f18b7a0b700} DEBUG: <HttpSM.cc:4713
(do_http_server_open)> (http) [0] open connection to elb1: 10.10.2.1:55554


But when I tried to send http request from the local client c1, its opening
connection to origin server:

Dec  3 14:02:58.858] Server {0x7f18b7a0b700} DEBUG: <HttpSM.cc:4713
(do_http_server_open)> (http) [1] open connection to s2: 10.10.2.2:80

gvelus01@c1:~$ wget http://elb1/
--2017-12-03 14:02:26--  http://elb1/
Resolving elb1 (elb1)... 10.10.3.1
Connecting to elb1 (elb1)|10.10.3.1|:80... connected.
HTTP request sent, awaiting response... 200 OK


I'm unclear on what network topology you are trying to construct. Do you
mean you have requests that originate from eth0 and go to eth2? What
addresses are associated with each interface?


I am trying to connect from two clients one using public ip at eth0 other
from LAN using eth2.

Please, find attached the topology diagram.