NSX load balancer pool DOWN, and not sending GET r...

remo_williams · ‎02-15-2017

We have a Load Balancer deployed as one-arm proxy, with pool members using non-standard port for HTTP/HTTPS. The POOL never comes UP, unless we use L4 monitoring. When using L7 Monitoring via HTTP or HTTPS, there are no GET requests being sent by the LB to the pool. We have this working fine in the lab environment, using HTTP/HTTPS. The load balancer has been redoployed, with all devices within the tenant environment rebooted. I cannot find any articles that reference such an issue. We know the web-application server is fine, because we tested using wget with 200 OK being returned. If using the L4 monitor option, as stated the POOL will show UP, however either 503 or 502 error is received.

<Setup>

LB = one-arm proxy

Self Sign Cert = which is issued when requesting page

Pool = Up if using L4, Down if using L7 (pool members listen on 16310 (http) 16311 (https)

*Not sure if there is a limitation, but after the 'ack' the load balancer should 'push' a GET request as seen below. The

Capture = Captures packets from client to VIP, and all packets from LB to Pool and vice versa.

15:33:52.125845 IP 10.149.172.237.40663 > 10.149.172.226.16310: Flags [.], ack 998976781, win 3650, length 0

15:33:52.125868 IP 10.149.172.237.40663 > 10.149.172.226.16310: Flags [P.], seq 0:18, ack 1, win 3650, length 18

15:33:52.126267 IP 10.149.172.237.40663 > 10.149.172.226.16310: Flags [.], ack 331, win 3784, length 0

15:33:52.126296 IP 10.149.172.237.40663 > 10.149.172.226.16310: Flags [R.], seq 18, ack 331, win 3784, length 0

15:33:57.126678 IP 10.149.172.237.40669 > 10.149.172.226.16310: Flags [S], seq 2271436282, win 29200, options [mss 1460,nop,nop,sackOK,nop,w scale 3], length 0

15:33:57.126914 IP 10.149.172.237.40669 > 10.149.172.226.16310: Flags [.], ack 185838359, win 3650, length 0

15:33:57.126990 IP 10.149.172.237.40669 > 10.149.172.226.16310: Flags [P.], seq 0:18, ack 1, win 3650, length 18

15:33:57.127394 IP 10.149.172.237.40669 > 10.149.172.226.16310: Flags [.], ack 331, win 3784, length 0

15:33:57.127474 IP 10.149.172.237.40669 > 10.149.172.226.16310: Flags [R.], seq 18, ack 331, win 3784, length 0

16:11:17.558165 IP 192.168.10.2.10228 > 192.168.10.11.80: Flags [S], seq 1693057426, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 3], length 0

16:11:17.558463 IP 192.168.10.2.10228 > 192.168.10.11.80: Flags [.], ack 4071988379, win 3650, length 0

16:11:17.558533 IP 192.168.10.2.10228 > 192.168.10.11.80: Flags [P.], seq 0:18, ack 1, win 3650, length 18: HTTP: GET / HTTP/1.0

16:11:17.558920 IP 192.168.10.2.10228 > 192.168.10.11.80: Flags [.], ack 946, win 3886, length 0

16:11:17.558963 IP 192.168.10.2.10228 > 192.168.10.11.80: Flags [F.], seq 18, ack 946, win 3886, length 0

bayupw · ‎02-15-2017

How is your HTTP/HTTPS service configuration look like?

Do you use any Service Monitor Extension?

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw

remo_williams · ‎02-15-2017

Bayu,

Not sure if that extension should have worked. But applied it and it did not. The health monitoring via L7 shows UP now...however still not GET request being sent; and again, the POOL is UP w/o that extension shown in your screenshot.

bayupw · ‎02-15-2017

Hi, sorry I didn't mean to ask you to put that extension.

My intention was to ask if you have anything on that extension.

I'll see if I can simulate this in a lab

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw

bayupw · ‎02-15-2017

Do you mind to share a screenshot of your service monitor?

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw

All

NSX load balancer pool DOWN, and not sending GET request via Healt Monitor