[lvs-users] Bizarre problem with SSL and Internet Explorer

Joseph Mack NA3T jmack at wm7d.net
Thu May 22 13:20:15 BST 2008

On Thu, 22 May 2008, Benoit Gauthier wrote:

> A problem appeared last week soon after we migrated the cluster from
> using public IP addresses for real servers

you don't need public IPs on realservers for LVS-DR

> to using local (192.168) IP
> addresses (i.e., we went from DR to NAT). Non-SSL requests are handled
> fine. SSL requests made directly to the backend server (i.e., avoiding
> the LVS cluster) are handled fine. SSL request handled by the LVS
> cluster are fine if they are issued by any browser other than Internet
> Explorer 5 (and Internet Explorer 6 in the case of one tester). But
> Internet Explorer 5 SSL requests to the load balancer are sometimes
> handled correctly, but, other times, they either return the same page
> instead of the requested page or they return a browser error page
> (browser cannot reach the page).
> To add to the difficulty, it appears that these errors are not
> actually produced by the Apache server: one of the testers has a slow
> Internet connection and can clearly feel a lag when the next page is
> being properly processed; when an error page is returned, it comes up
> immediately, suggesting that no Internet communication took place.

erk. Microsoft doesn't obey the tcpip standards. Anything 
could be happening here. I can only think of things that 
would go wrong moving from LVS-DR to LVS-NAT that would 
affect all clients (like the requests are sent to the VIP 
but they arrive on a machine with IP=RIP).


Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!

More information about the lvs-users mailing list