I'm trying to diagnose some connectivity issues between a remote proxy (EZProxy) which is having trouble connecting to a load balanced webserver. Looking at a tshark dump from the load balancer, I can see the initial SYN packet to establish a port 80 connection. This is swiftly followed by an Out-Of-Order SYN packet. Then there's a sequence of 2 SYN retransmissions after 3 seconds, then again after a further 6 seconds, then 12, 24, 48 and then 96 seconds when finally I see an ACK and an HTTP request packet.
Pointers on where to look next much appreciated. (note, I would reply to comments but all my responses have tripped the spam filter!) asked 06 Sep '13, 08:25  Paul Dixon edited 06 Sep '13, 09:24 |
One Answer:
Solved - the problem was the assumption that it was a specific client causing the problem. It was actually rather simple - one of the realservers in the cluster was not configured with the IP address of the cluster, so was rejecting any connection attempts directed to it. Ultimately, I would have found this by analysing the traffic on each realserver in turn, but as I was setting up tshark on the problem server, I noticed it was missing some IP address assignments. Doh! answered 06 Sep '13, 09:50 Paul Dixon |
Did you capture the client-side and server-side traffic on the load balancer?
Is it possible to provide (parts) of the capture file on google docs, dropbox, cloudshark, etc.?