Hi, Experts
I just test LB with web server pool and it works fine when LB works as Passthrough mode.
But it does not work at all when LB configured as SSL-offload... Welcome any technical advice!
1) When I configured LB as a Passthrough mode, then it can be connected to web server and I've got log as below;
#show log follow
2017-02-16T10:55:38+00:00 NSX-edge-9-0 loadbalancer[12792]: [default]: [local0.info] 192.168.110.10:58941 [16/Feb/2017:10:55:38.123] passthru1 Web-Tier-Pool-new/web-03a 1/0/38 1736 -- 1/1/1/0/0 0/0
2017-02-16T10:55:38+00:00 NSX-edge-9-0 loadbalancer[12792]: [default]: [local0.info] 192.168.110.10:58942 [16/Feb/2017:10:55:38.124] passthru1 Web-Tier-Pool-new/web-02a 1/1/42 1736 -- 0/0/0/0/0 0/0
2017-02-16T10:55:38+00:00 NSX-edge-9-0 loadbalancer[12792]: [default]: [local0.info] 192.168.110.10:58943 [16/Feb/2017:10:55:38.508] passthru1 Web-Tier-Pool-new/web-03a 1/1/15 1736 -- 0/0/0/0/0 0/0
2017-02-16T10:55:38+00:00 NSX-edge-9-0 loadbalancer[12792]: [default]: [local0.info] 192.168.110.10:58944 [16/Feb/2017:10:55:38.524] passthru1 Web-Tier-Pool-new/web-02a 1/0/78 4435 -- 0/0/0/0/0 0/0
...
2) However, when I configure LB as SSL-offload, then it returns HTTP code 502 and "Bad Gateway" on the webpage.
#show log follow
2017-02-16T10:32:27+00:00 NSX-edge-9-0 loadbalancer[1381]: [default]: [local0.info] 192.168.110.10 - - [16/Feb/2017:10:32:27 +0000] "GET /cgi-bin/hol.cgi HTTP/1.1" 502 757 "" "" 58747 920 "LB_ssl_offload2_2~" "Web-Tier-Pool-new" "web-03a" 1 0 1 -1 4 PH-- 0 0 0 0 0 0 0 "" ""
2017-02-16T10:34:03+00:00 NSX-edge-9-0 loadbalancer[1381]: [default]: [local0.info] 192.168.110.10 - - [16/Feb/2017:10:34:03 +0000] "GET /cgi-bin/hol.cgi HTTP/1.1" 502 766 "" "" 58762 400 "LB_ssl_offload2_2~" "Web-Tier-Pool-new" "web-02a" 2 0 1 -1 4 PH-- 0 0 0 0 0 0 0 "" ""
2017-02-16T10:43:37+00:00 NSX-edge-9-0 loadbalancer[1381]: [default]: [local0.info] 192.168.110.10 - - [16/Feb/2017:10:43:37 +0000] "GET /cgi-bin/hol.cgi HTTP/1.1" 502 757 "" "" 58815 332 "LB_ssl_offload2_2~" "Web-Tier-Pool-new" "web-03a" 2 0 1 -1 5 PH-- 0 0 0 0 0 0 0 "" ""
2017-02-16T10:43:39+00:00 NSX-edge-9-0 loadbalancer[1381]: [default]: [local0.info] 192.168.110.10 - - [16/Feb/2017:10:43:39 +0000] "GET /cgi-bin/hol.cgi HTTP/1.1" 502 766 "" "" 58819 698 "LB_ssl_offload2_2~" "Web-Tier-Pool-new" "web-02a" 2 0 1 -1 6 PH-- 0 0 0 0 0 0 0 "" ""
...
web-02a : 172.16.10.12/24 , GW 172.16.10.1/24 (vxlan 5000)
web-03a : 172.16.10.13/24 , GW 172.16.10.1/24 (vxlan 5000)
LB : 172.16.10.10/24 (vxlan 5000)
192.168.110.10 (My PC)
Thanks alot!
When you do "SSL-Passthrough" the clients terminate their HTTPS traffic on the pool members. So your Pool members are on https TCP 443.
When you do "SSL-Offload" the clients terminate their HTTPS traffic on the Edge-LB and then Edge-LB talks to the Pool members on http TCP 80.
Did you do change your pool member configuration and healthchecks?
Dimitri
When you do "SSL-Passthrough" the clients terminate their HTTPS traffic on the pool members. So your Pool members are on https TCP 443.
When you do "SSL-Offload" the clients terminate their HTTPS traffic on the Edge-LB and then Edge-LB talks to the Pool members on http TCP 80.
Did you do change your pool member configuration and healthchecks?
Dimitri
@ddesmidtddesmidt you're outstanding!!!