Symantec Access Management

  • Private Community
 View Only

  • 1.  FrontEnding SPS with LoadBalancer

    Posted Jun 10, 2014 04:03 AM

    Hi All,

     

    I have setup my environment where I have got Load Balancer in front of 4 SPS.

     

    LoadBalancer is configured to distribute load based on Least Loaded server and sticky bit is on. LoadBalancer is also configured to check whether SPS is still listening on the specified port or not. Using the TCP Port Connectivity Method check. The process of heart beat are : -

     

    When this method is selected, AppDirector attempts to connect to the specified application port by completing the TCP three-way handshake, which includes the following steps:

    1.AppDirector initiates a request by sending a SYN packet.

    2.The server sends a SYN-ACK packet back to AppDirector.

    3.AppDirector sends a FIN-ACK packet to the server, completing the TCP 3 way handshake and requesting to terminate the connection.

    4.The server replies with an ACK packet followed by a FIN-ACK packet.

    5.To close the connection, AppDirector sends an ACK packet to the server.

     

    The problem I am now is the connection stays in CLOSE_WAIT state and SPS stops serving request.

     

    Please confirm where I start troubleshooting or is there any solution for same.

     

    Thanks and Regards,

    Neeraj.



  • 2.  Re: FrontEnding SPS with LoadBalancer

    Broadcom Employee
    Posted Jul 08, 2014 10:55 PM

    Hi Neeraj

     

    It may be good to check your load balancer documentation for appropriate method to do health check to apache (which is sps front end).   Generally health check for apache from load balancer is done via HTTP request, not a TCP connect - that way the socket would be closed correctly.  


    I see also that this was follow on question to closed support case, do you still have the issue or have you been able to find the solution for it?

     

    Cheers - Mark



  • 3.  Re: FrontEnding SPS with LoadBalancer

    Posted Jul 09, 2014 01:42 AM

    Hi Mark,

     

    Yes we are still having issues.

     

    Following are Load Balancer Detail

    Device Make: Radware

    Device Model : Appdirector-8016

     

    Following are the Methods available in the load Balancer being used in my

    Environment, I don't see any HTTP Method.

     

     

    Methods to check Apache Starts

    ****************************************************

     

    TCP Port Connectivity Method

    =============================

    When this method is selected, AppDirector attempts to connect to the

    specified application port by completing the TCP three-way handshake,

    which includes the following steps:

    1.AppDirector initiates a request by sending a SYN packet.

    2.The server sends a SYN-ACK packet back to AppDirector.

    3.AppDirector sends a FIN-ACK packet to the server, completing the TCP 3

    way handshake and requesting to terminate the connection.

    4.The server replies with an ACK packet followed by a FIN-ACK packet.

    5.To close the connection, AppDirector sends an ACK packet to the server.

     

     

    Disabled Connectivity Method

    ============================

    Connectivity checking is disabled. If no farm connectivity checks are

    performed, AppDirector considers all servers to be available by default.

    If farm connectivity checks were performed

    and then the Connectivity Method becomes disabled, the status of the

    servers remains the same as it was the moment the checks were disabled. If

    connectivity checks are disabled, and a server renews its activity after a

    failure, this server is still regarded by AppDirector as not available.

     

    UDP Port Connectivity Method

    ============================

    When UDP Port Connectivity Method is selected, AppDirector attempts to

    connect to the specified application port, according to the UDP protocol.

     

    Ping Connectivity Method

    ========================

    AppDirector pings servers to verify valid communication. AppDirector

    performs this by sending an ICMP echo request to the server. If a server

    is available, it sends an ICMP echo reply. When a Ping fails, the server

    is down.

    Methods to check Apache Ends

    ****************************************************

    Best Regards

    Neeraj

    Tata Consultancy Services Limited

    Mailto: neeraj.gupta@tcs.com

    Website: http://www.tcs.com



  • 4.  Re: FrontEnding SPS with LoadBalancer
    Best Answer

    Broadcom Employee
    Posted Jul 09, 2014 02:03 AM

    Hi Neeraj

     

    Via google I did find :

    http://www.itdiversified.com/configuring-health-checks-using-radware-appdirector/

     

    I do not know the specific model, but that implies there is range of health checks that can be used :

    The AppDirector provides a wide range of health checks, with or without the health monitoring module, allowing you to health check everything from a simple ping all the way to specific HTTP content checks.


    That link also gives some good instructions on setting up a HTTP health check.  Usually a reference for a static page, such as one of the gif or .fcc pages are the ones I see customers using to determine if SPS is alive.   You could also specify a backend page, if you want to determine if the whole request pathway is working.


    Cheers - Mark



  • 5.  Re: FrontEnding SPS with LoadBalancer

    Posted Jul 15, 2014 02:13 AM

    Thanks a Lot Mark, for your help.

     

    The issue is resolved now.

     

    Best Regards

    Neeraj

    Tata Consultancy Services Limited

    Mailto: neeraj.gupta@tcs.com

    Website: http://www.tcs.com