https://communities.vmware.com/t5/VMware-NSX-Discussions/LB-works-fine-in-ssl-passthru-but-it-does-not-work-properly-in/m-p/1388263#M4799 <HTML><HEAD></HEAD><BODY><P>@<STRONG style="font-size: 12.6px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"><A _jive_internal="true" data-avatarid="-1" data-userid="1680823" data-username="ddesmidt" href="https://communities.vmware.com/people/ddesmidt" name="&amp;amp;lpos=apps_scodevmw : 83" style="padding: 0 3px 0 0; font-weight: inherit; font-style: inherit; font-size: 1.1em; font-family: inherit; color: #3399cc; text-decoration: underline;">ddesmidt</A>ddesmidt</STRONG> you're outstanding!!!</P></BODY></HTML> Fri, 17 Feb 2017 05:46:00 GMT OptimalDesign 2017-02-17T05:46:00Z https://communities.vmware.com/t5/VMware-NSX-Discussions/LB-works-fine-in-ssl-passthru-but-it-does-not-work-properly-in/m-p/1388261#M4797 <HTML><HEAD></HEAD><BODY><P>Hi, Experts</P><P>I just test LB with web server pool and it works fine when LB works as Passthrough mode.</P><P>But it does not work at all when LB configured as SSL-offload... Welcome any technical advice!</P><P></P><P>1) When I configured LB as a Passthrough mode, then it can be connected to web server and I've got log as below;</P><P>#show log follow</P><P><SPAN style="font-size: 8pt;">2017-02-16T10:55:38+00:00 NSX-edge-9-0 loadbalancer[12792]: [default]:&nbsp; [local0.info] 192.168.110.10:58941 [16/Feb/2017:10:55:38.123] passthru1 Web-Tier-Pool-new/<SPAN style="color: #ff0000;">web-03a</SPAN> 1/0/38 1736 -- 1/1/1/0/0 0/0</SPAN></P><P><SPAN style="font-size: 8pt;">2017-02-16T10:55:38+00:00 NSX-edge-9-0 loadbalancer[12792]: [default]:&nbsp; [local0.info] 192.168.110.10:58942 [16/Feb/2017:10:55:38.124] passthru1 Web-Tier-Pool-new/<SPAN style="color: #0000ff;">web-02a</SPAN> 1/1/42 1736 -- 0/0/0/0/0 0/0</SPAN></P><P><SPAN style="font-size: 8pt;">2017-02-16T10:55:38+00:00 NSX-edge-9-0 loadbalancer[12792]: [default]:&nbsp; [local0.info] 192.168.110.10:58943 [16/Feb/2017:10:55:38.508] passthru1 Web-Tier-Pool-new/<SPAN style="color: #ff0000;">web-03a</SPAN> 1/1/15 1736 -- 0/0/0/0/0 0/0</SPAN></P><P><SPAN style="font-size: 8pt;">2017-02-16T10:55:38+00:00 NSX-edge-9-0 loadbalancer[12792]: [default]:&nbsp; [local0.info] 192.168.110.10:58944 [16/Feb/2017:10:55:38.524] passthru1 Web-Tier-Pool-new/<SPAN style="color: #0000ff;">web-02a</SPAN> 1/0/78 4435 -- 0/0/0/0/0 0/0</SPAN></P><P>...</P><P></P><P>2) However, when I configure LB as SSL-offload, then it returns HTTP code 502 and "Bad Gateway" on the webpage.</P><P><SPAN style="font-size: 8pt;">#show log follow</SPAN></P><P><SPAN style="font-size: 8pt;">2017-02-16T10:32:27+00:00 NSX-edge-9-0 loadbalancer[1381]: [default]:&nbsp; [local0.info] 192.168.110.10 - - [16/Feb/2017:10:32:27 +0000] "GET /cgi-bin/hol.cgi HTTP/1.1" <SPAN style="color: #ff6600;"><STRONG>502</STRONG></SPAN> 757 "" "" 58747 920 "LB_ssl_offload2_2~" "Web-Tier-Pool-new" "<SPAN style="color: #ff0000;">web-03a</SPAN>" 1 0 1 -1 4 PH-- 0 0 0 0 0 0 0 "" ""</SPAN></P><P><SPAN style="font-size: 8pt;">2017-02-16T10:34:03+00:00 NSX-edge-9-0 loadbalancer[1381]: [default]:&nbsp; [local0.info] 192.168.110.10 - - [16/Feb/2017:10:34:03 +0000] "GET /cgi-bin/hol.cgi HTTP/1.1" <SPAN style="color: #ff6600;"><STRONG>502</STRONG></SPAN> 766 "" "" 58762 400 "LB_ssl_offload2_2~" "Web-Tier-Pool-new" "<SPAN style="color: #0000ff;">web-02a</SPAN>" 2 0 1 -1 4 PH-- 0 0 0 0 0 0 0 "" ""</SPAN></P><P><SPAN style="font-size: 8pt;">2017-02-16T10:43:37+00:00 NSX-edge-9-0 loadbalancer[1381]: [default]:&nbsp; [local0.info] 192.168.110.10 - - [16/Feb/2017:10:43:37 +0000] "GET /cgi-bin/hol.cgi HTTP/1.1" <SPAN style="color: #ff6600;"><STRONG>502</STRONG></SPAN> 757 "" "" 58815 332 "LB_ssl_offload2_2~" "Web-Tier-Pool-new" "<SPAN style="color: #ff0000;">web-03a</SPAN>" 2 0 1 -1 5 PH-- 0 0 0 0 0 0 0 "" ""</SPAN></P><P><SPAN style="font-size: 8pt;">2017-02-16T10:43:39+00:00 NSX-edge-9-0 loadbalancer[1381]: [default]:&nbsp; [local0.info] 192.168.110.10 - - [16/Feb/2017:10:43:39 +0000] "GET /cgi-bin/hol.cgi HTTP/1.1" <SPAN style="color: #ff6600;"><STRONG>502</STRONG></SPAN> 766 "" "" 58819 698 "LB_ssl_offload2_2~" "Web-Tier-Pool-new" "<SPAN style="color: #0000ff;">web-02a</SPAN>" 2 0 1 -1 6 PH-- 0 0 0 0 0 0 0 "" ""</SPAN></P><P><SPAN style="font-size: 8pt;">...</SPAN></P><P><SPAN style="font-size: 8pt;"><BR /></SPAN></P><P><SPAN style="font-size: 8pt;">web-02a : 172.16.10.12/24 , GW 172.16.10.1/24 (vxlan 5000)</SPAN></P><P><SPAN style="font-size: 10.6667px;">web-03a : 172.16.10.13/24 , GW 172.16.10.1/24 <SPAN style="font-size: 10.6667px;">(vxlan 5000)</SPAN></SPAN></P><P><SPAN style="font-size: 8pt;">LB : <SPAN style="font-size: 10.6667px;">172.16.10.10/24 <SPAN style="font-size: 10.6667px;">(vxlan 5000)</SPAN></SPAN></SPAN></P><P><SPAN style="font-size: 10.6667px;">192.168.110.10 (My PC)</SPAN></P><P><SPAN style="font-size: 10.6667px;"><BR /></SPAN></P><P><SPAN style="font-size: 10.6667px;">Thanks alot!</SPAN></P><P><SPAN style="font-size: 10.6667px;"><BR /></SPAN></P><P><SPAN style="font-size: 8pt;"><BR /></SPAN></P><P><SPAN style="font-size: 8pt;"><BR /></SPAN></P><P><SPAN style="font-size: 8pt;"><BR /></SPAN></P></BODY></HTML> Thu, 16 Feb 2017 11:10:10 GMT https://communities.vmware.com/t5/VMware-NSX-Discussions/LB-works-fine-in-ssl-passthru-but-it-does-not-work-properly-in/m-p/1388261#M4797 OptimalDesign 2017-02-16T11:10:10Z https://communities.vmware.com/t5/VMware-NSX-Discussions/LB-works-fine-in-ssl-passthru-but-it-does-not-work-properly-in/m-p/1388262#M4798 <HTML><HEAD></HEAD><BODY><P>When you do "SSL-Passthrough" the clients terminate their HTTPS traffic on the pool members. So your Pool members are on https TCP 443.</P><P></P><P>When you do "SSL-Offload" the clients terminate their HTTPS traffic on the Edge-LB and then Edge-LB talks to the Pool members on http TCP 80.</P><P></P><P>Did you do change your pool member configuration and healthchecks?</P><P></P><P>Dimitri</P></BODY></HTML> Thu, 16 Feb 2017 11:14:13 GMT https://communities.vmware.com/t5/VMware-NSX-Discussions/LB-works-fine-in-ssl-passthru-but-it-does-not-work-properly-in/m-p/1388262#M4798 ddesmidt 2017-02-16T11:14:13Z https://communities.vmware.com/t5/VMware-NSX-Discussions/LB-works-fine-in-ssl-passthru-but-it-does-not-work-properly-in/m-p/1388263#M4799 <HTML><HEAD></HEAD><BODY><P>@<STRONG style="font-size: 12.6px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"><A _jive_internal="true" data-avatarid="-1" data-userid="1680823" data-username="ddesmidt" href="https://communities.vmware.com/people/ddesmidt" name="&amp;amp;lpos=apps_scodevmw : 83" style="padding: 0 3px 0 0; font-weight: inherit; font-style: inherit; font-size: 1.1em; font-family: inherit; color: #3399cc; text-decoration: underline;">ddesmidt</A>ddesmidt</STRONG> you're outstanding!!!</P></BODY></HTML> Fri, 17 Feb 2017 05:46:00 GMT https://communities.vmware.com/t5/VMware-NSX-Discussions/LB-works-fine-in-ssl-passthru-but-it-does-not-work-properly-in/m-p/1388263#M4799 OptimalDesign 2017-02-17T05:46:00Z