[8.301] Server Load Balancing Error

Question

Hi there!

I've a fresh active/passive cluster installation of Astaro Security Gateway V8.300 on a new Dell PowerEdge R310 running with
eval license at the moment.

If i configure a Server Load Balancing, the state of the real servers goes on/off all the time - so it isn't working.

I've found following in the Service Monitor daemon-Log:

2012:03:03-00:01:47 rzfw-1 service_monitor[12403]: id="4000" severity="info" sys="System" sub="loadbalancing" name="Starting real server checker with 2 threads"
2012:03:03-00:01:52 rzfw-1 service_monitor[12403]: id="4000" severity="info" sys="System" sub="loadbalancing" name="REF_PacLoaHttpToInter 1 TCP 10.0.70.44:80 changed state to OFFLINE"
2012:03:03-00:01:52 rzfw-1 service_monitor[12403]: id="4000" severity="info" sys="System" sub="loadbalancing" name="REF_PacLoaHttpToInter 0 TCP 10.0.70.31:80 changed state to OFFLINE"
2012:03:03-00:01:53 rzfw-1 service_monitor[12403]: id="4003" severity="error" sys="System" sub="loadbalancing" name="Cant open file /proc/net/ip_scheduler/REF_PacLoaHttpToInter!"
2012:03:03-00:01:53 rzfw-1 service_monitor[12403]: id="4003" severity="error" sys="System" sub="loadbalancing" name="Cant open file /proc/net/ip_scheduler/REF_PacLoaHttpToInter!"

I logged in to the shell and this is the output of the directory:

loginuser@rzfw:/proc/12419/net/ip_scheduler > ls -l
total 0
-r--r--r-- 1 root root 0 2012-03-03 12:00 cluster_ftp
-r--r--r-- 1 root root 0 2012-03-03 12:00 cluster_http
-r--r--r-- 1 root root 0 2012-03-03 12:00 cluster_ipsec
-r--r--r-- 1 root root 0 2012-03-03 12:00 cluster_pop3
-r--r--r-- 1 root root 0 2012-03-03 12:00 cluster_smtp
-r--r--r-- 1 root root 0 2012-03-03 12:00 cluster_snort
-r--r--r-- 1 root root 0 2012-03-03 12:00 cluster_waf

In my other Astaro-Installations, there are some additional files created for each loadbalancing-rule but here aren't any.

Has anyone an idea where to look?

I've tried to reproduce it in a fresh test-installation on a XEN host with V8.300 but there everything worked fine.

I've updated to V8.301 but nothing changed (so the servers where rebooted too).
At the time where the "slave" was primary, i've created a load balancing too but the files weren't created at this host too.

Everything else seems to work fine...but the Firewall isn't at productive use right now so I havent tested much.

Thank you for you help...

Hardware:
Dell PowerEdge R310
XEON CPU
8GB RAM
PERC H700 Raid1 (2x250GB SAS)
2x Broadcom LAN onboard
4x Intel LAN (quad-port card)

Cluster: active/passive with direct link @ eth0
License: evaluation (13 days left)

This thread was automatically locked due to age.

da_merlin · Answer

Thanks for sending your configuration file!

I'm not so familiar with stripped backups. After importing your backup, most interfaces were reseted and disabled. So I'm not sure if your running system has the Internet interface disabled.

If yes, thats the reason. Packet filter rules matching local IP addresses (and load balancing rules) are only installed, if the Interface is enabled and up.

Cheers
Ulrich