www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

No 'Sticky Sessions' so shop carts, banking etc drop out

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell
View previous topic :: View next topic  
Author Message
AussieWISP



Joined: 17 Oct 2010
Posts: 27
Location: Western Australia

PostPosted: Thu Aug 04, 2011 7:35 am    Post subject: No 'Sticky Sessions' so shop carts, banking etc drop out Reply with quote

Our system works very well (3 x Zeroshells) but we need stick sessions as shopping carts often suddenly go to empty if a round robin occurs, forum logins also have trouble and some other ip sensitive sites have issues. Besides ip specific to wan configs under NB, is there a way?
_________________
When all is said and done, often more is said than done
Back to top
View user's profile Send private message Send e-mail AIM Address
atheling



Joined: 24 Sep 2009
Posts: 212

PostPosted: Thu Aug 04, 2011 3:14 pm    Post subject: Reply with quote

Do you have my NB and QoS patch installed? The later versions of that dealt with the issue of "stickyness" of connections. Basically the last set of changes to that patch set up a different method for routing the pings that are used to determine if the WAN links are good. The original way resulting in the Linux routing cache being flushed every few seconds which resulted in the behaviour you are reporting.

If you have installed the latest version of the patch, there are still some things that can lead to the routing cache being cleared. Unfortunately they are arcane and badly documented kernel routing tuning parameters... I'll cross my fingers and hope that you either don't have my patch installed or don't have the latest version installed before we go into that area.

http://dl.dropbox.com/u/19663978/ZS_nb_quo_b14_b.tar.gz

(Patch is for b14 which is what I am still running, but I believe is should apply okay to b15.)
Back to top
View user's profile Send private message
DrmCa



Joined: 12 Apr 2011
Posts: 214

PostPosted: Tue Aug 09, 2011 8:32 pm    Post subject: Reply with quote

After the NB patch was installed the issues started happening - specifically with one site using AJAX chat which must be validating the IP of the user logging in.
When round robin occurs, chat boots me out.
Back to top
View user's profile Send private message
atheling



Joined: 24 Sep 2009
Posts: 212

PostPosted: Tue Aug 09, 2011 9:51 pm    Post subject: Reply with quote

[quote="DrmCa"]After the NB patch was installed the issues started happening - specifically with one site using AJAX chat which must be validating the IP of the user logging in.
When round robin occurs, chat boots me out.[/quote]

It has been a while since I went through all this. And Linux routing seems to have wheel within wheels within wheels so my recollection could be off.

That said, having connections "sticky" (subsequent TCP connections use the same gateway as previous ones with the same source and destination) is made possible because for new connections Linux looks in the routing cache before going through the IP rules which then specify a "routing policy database" which specifies the default route with a round robin setup in the case of multiple WAN interfaces. (For existing connections we have a bunch of logic in iptables to use tags to direct packets to the same interface the started on.)

So it sounds like your routing cache is being cleared. The way I checked this when creating/debugging the patch was to use the "ip route show cache" command at the bash prompt along with wc and/or grep to see when the cache was being cleared.

For example:
[code]# ip route show cache | wc -l
234
# [/code]

When the number goes down, or if it stays very low, then something is reseting the cache. In the unmodified version of ZS and in early versions of my patch it was because a "ip rule set" operation was being performed to setup the routing for the pings that detect WAN link failures and that operation has the side effect of flushing the cache.

Anyway, log into the command line and use the above command to monitor the cache and see if it is being cleared and if the session issues you are experiencing are time wise correlated with when the cache is flushed. That will tell us if the problem is with the cache or elsewhere.
Back to top
View user's profile Send private message
DrmCa



Joined: 12 Apr 2011
Posts: 214

PostPosted: Thu Aug 11, 2011 7:02 pm    Post subject: Reply with quote

root@router root> ip route show cache | wc -l
62
root@router root> ip route show cache | wc -l
80
root@router root> ip route show cache | wc -l
84
root@router root> ip route show cache | wc -l
114
root@router root> ip route show cache | wc -l
134
root@router root> ip route show cache | wc -l
152
root@router root> ip route show cache | wc -l
156
root@router root> ip route show cache | wc -l
172
root@router root> ip route show cache | wc -l
190
root@router root> ip route show cache | wc -l
10 --------------------------------------------------it booted me out here
root@router root> ip route show cache | wc -l
40
root@router root> ip route show cache | wc -l
60
root@router root> ip route show cache | wc -l
98
root@router root> ip route show cache | wc -l
134

Disabling the ICMP failover checking fixed the issue with AJAX chat site but broke download speed. I'd rather have fast d/l than chat room.
Back to top
View user's profile Send private message
atheling



Joined: 24 Sep 2009
Posts: 212

PostPosted: Thu Aug 11, 2011 7:46 pm    Post subject: Reply with quote

[quote="DrmCa"]root@router root>Disabling the ICMP failover checking fixed the issue with AJAX chat site but broke download speed. I'd rather have fast d/l than chat room.[/quote]

So it does appear your stickyness issue is related to the flushing of the routing cache and it is being caused by the logic that sets up the ICMP pings for WAN health checks.

Do you have my latest patch installed from http://dl.dropbox.com/u/19663978/ZS_nb_qos_b14_b.tar.gz

That patch was supposed to fix that problem.

But, of course, it will "break" the download speed as all connections associated with the download would be over the same WAN interface.
Back to top
View user's profile Send private message
DrmCa



Joined: 12 Apr 2011
Posts: 214

PostPosted: Fri Aug 12, 2011 1:07 pm    Post subject: Reply with quote

Only one patch is installed: ZS_nb_quo_b14_b.tar.gz
Back to top
View user's profile Send private message
atheling



Joined: 24 Sep 2009
Posts: 212

PostPosted: Fri Aug 12, 2011 3:48 pm    Post subject: Reply with quote

[quote="DrmCa"]Only one patch is installed: ZS_nb_quo_b14_b.tar.gz[/quote]

That's the same one. I put it up with "QoS" miss typed to quo, the link in my previous response is to an identical file.

Unfortunately, that now means I have to re-investigate why the routing cache is getting flushed... Crying or Very sad
Back to top
View user's profile Send private message
DrmCa



Joined: 12 Apr 2011
Posts: 214

PostPosted: Fri Aug 12, 2011 7:06 pm    Post subject: Reply with quote

Could it be because I missed the check box to activate the Cron command?
So it did not run.
Back to top
View user's profile Send private message
DWJames



Joined: 20 Oct 2011
Posts: 7

PostPosted: Wed Oct 26, 2011 11:09 am    Post subject: Reply with quote

hi,
same issue here, but I'm running B16.
Will this patch work for me or is there some way I can manually make the changes required?

ip route show cache | wc -l
shows that the routes are being regularly cleared and we are running the icmp failover monitoring so I guess that's it.

Thanks,
James
Back to top
View user's profile Send private message
atheling



Joined: 24 Sep 2009
Posts: 212

PostPosted: Wed Oct 26, 2011 2:04 pm    Post subject: Reply with quote

DWJames wrote:
hi,
same issue here, but I'm running B16.
Will this patch work for me or is there some way I can manually make the changes required?

ip route show cache | wc -l
shows that the routes are being regularly cleared and we are running the icmp failover monitoring so I guess that's it.

Thanks,
James


Don't know if the patch will work for B16 or not.... I've been maintaining the patch for well over a year now hoping that it would be incorporated in Fulvio's releases.

I am still running b14 as the release notes for b15 and b16 indicate no changes that I particularly needed or wanted. I did check the changes for b15 and it seems the patch for b14 should work on it. But I have not yet downloaded b16 and checked to see if the patch would work on it.
Back to top
View user's profile Send private message
DWJames



Joined: 20 Oct 2011
Posts: 7

PostPosted: Thu Oct 27, 2011 9:19 am    Post subject: Reply with quote

ok, thanks.
If the patch needs to go into the pre boot script, does that mean that it is applied each time the zeroshell boots and that it doesn't rewrite any standard code?
So this way I can try it and if it doesn't work for me I can just remove the pre boot code and revert to standard?

Do you have some more information on what this patch does aside from the sticky routes?
Also, how does it deal with a sticky route if there is a line failure?

thanks,
James
Back to top
View user's profile Send private message
atheling



Joined: 24 Sep 2009
Posts: 212

PostPosted: Thu Oct 27, 2011 3:49 pm    Post subject: Reply with quote

DWJames wrote:
ok, thanks.
If the patch needs to go into the pre boot script, does that mean that it is applied each time the zeroshell boots and that it doesn't rewrite any standard code?
So this way I can try it and if it doesn't work for me I can just remove the pre boot code and revert to standard?


Correct. Removing the snippet from the pre-boot script and rebooting will remove the patch.

DWJames wrote:

Do you have some more information on what this patch does aside from the sticky routes?


Route stickiness was the last thing that that I fixed on the patch. Smile

1. The primary reason I started on the patch was to get net balancing and QoS to co-exist. They both use fwmarks and in the non-patched version they are used in such a way that they conflict with one another.

2. Then I addressed the return paths for connections originating on the Internet. This is needed if you are running an externally accessible server on your LAN and wish it to be available over any of the WAN links. Think mail server with your DNS having multiple MX records, one for each of your external IP addresses.

My two links have very different speeds so with normal balancing on them I seldom ran into the stickiness issue. But others did so the later versions of the patch addressed that.

DWJames wrote:

Also, how does it deal with a sticky route if there is a line failure?

thanks,
James


If/when there is a failure on a WAN link the routing tables are changed and that has the side effect of clearing the routing cache. So stickiness is reset when a WAN link fails or recovers.
Back to top
View user's profile Send private message
alexemil



Joined: 21 Dec 2012
Posts: 1

PostPosted: Fri Dec 21, 2012 12:24 pm    Post subject: Reply with quote

There is need to install.. NB.. If I will not install this, then any alternate??
Back to top
View user's profile Send private message
atheling



Joined: 24 Sep 2009
Posts: 212

PostPosted: Fri Dec 21, 2012 7:07 pm    Post subject: Reply with quote

alexemil wrote:
There is need to install.. NB.. If I will not install this, then any alternate??


Latest version(s) of Zeroshell have the net balancing code included so the old patches should no longer be needed.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group