Hello there.
We load-balance our websites with ALOHA (based on haproxy). The connectivity check is using a syn > syn ack > rst pattern to ensure the server is listening on the defined port. The probleme here is that it is seen as a packet loss / retransmission by the solution thus leadind to a bad score (5/10).
The checks are made every second for some critical websites to ensure rapid fail-over so making checks more spaced to affect less the score is not really a solution. Also the checks are made using the same source IP and port/protocol (http 80 for example) as the ones used by the load-balancer to communicate with the website so it cannot be filtered
Is there a way to see theses connections as "good" or filter them ?
Thanks.
Hi Nicolas!!! thanks for your question. Let me make sure that i understand it so that way it can be answered. ALOHA sends the connection request to the webserver on port 80 and uses the same IP address as the load balancer. so that client-server IP/port combination is not unique so if we filter on it we will also get valid traffic, correct? We can filter in TCP flag status, and if we use a "not" filter than we should be able to filter out all of the ALOHA active testing.
Hi !
Correct, "ALOHA sends the connection request to the webserver on port 80 and uses the same IP address as the load balancer. so that client-server IP/port combination is not unique so if we filter on it we will also get valid traffic"
What would be the filter ?
Thanks :)
Hello Nicolas,
We have "EUE Tuning" available and you can disable metrics (retrans in your example) and/or delays from being used in the EUE Scoring. We can also do it by IP, IP ranges, app/ports.
I asked for your Systems Engineer, Benoit to reach out to work directly with you to perform the aforementioned.
Through EUE tuning you can suppress Network Retransmissions for a given server/port.
Nicolas, you can download the dashboard with TCP flag status, and that would help. for the filter, if you filter with not tcpflags '...A.R..' that will remove all connections that connected but had reset frames from your dashboard.
Salut Nicolas,
Yes, I agree with Ray, I think the only way is to work on tuning EUE, we can work together on that one and test this. Potentially using a filter by IP to only affect traffic coming from your HA Proxy to all (or any range) IPs.
I will reach out to you to organize a meeting, and we will post our findings here if we are able to do it 😇
Here we go ! This is the rule we used with Nicolas and the result below. (sorry not able to put the plain text as it is like our forum is trying to run it !)
Great, if i remember correctly, we need to restart services (or maybe even reboot Apex) for it to take effect, right? Maybe we can compare it from yesterday vs today?
yes, Network Trending has to be stopped and restarted to take effect.
No need to wait until tomorrow, that is the reason we did the screenshot were we see all yellow and after the change all blue 😇
oh, the blue was from after you changed it :) got it...I'm a little slow in the morning :) lol!!!
☕️
Please log in or sign up to comment.