Jump to content


Photo

Old service config won't go away, continues to be used after change to service

service

  • Please log in to reply
1 reply to this topic

#1 David G. Bucci

David G. Bucci
  • Members
  • 2 posts

Posted 12 March 2014 - 01:41 AM

Hi, all. Weird one ... we have a Layer 7 service with SSL offload that fronts for a series of real servers (with content rules that perform a somewhat complex traffic mgmt). We are in the process of using a proxy to implement the same traffic mgmt scheme, and want to change the Barracuda service to just point at this proxy, sending all traffic to it.

 

First we tried adding the proxy as a real server, and disabling all the other real servers. But for some reason, the now-disabled real servers were still receiving traffic requests. So we went a step further, and deleted all the real servers other than the proxy ... and the formerly-present real servers were STILL receiving active requests. So we literally deleted the service, rebooted the balancer, and created the service anew with just the proxy as a real server. And ... yes, the old real servers STILL were getting requests.

 

We assumed that possibly some other device was implementing the service IP ... even though no such device is known to us. But arping -D only detects a single implementation of the service IP. Further, when we reboot the balancer, during the reboot period the IP is unavailable, then becomes available again at the expected time as the balancer finishes booting back up (though still directing traffic to the old, no-longer-referenced real servers).

 

This is a one-armed deployment, but the WAN and LAN are on different VLANs, and the real server's HTTP daemons are not available on the WAN address space, the IIS servers involved only listen on the LAN VLAN. So there's no way our clients could be somehow directly accessing the real servers, from a network perspective.

 

HTTP Caching is off for the service involved (actually, it's off for all services). And we can see in the real server's web access log that the requests ARE in fact occurring, with a source address of the balancer's LAN VLAN IP address. So we're really pretty sure the balancer is in effect using the "old", deleted service configuration (rules and all) for the service, instead of what we changed the service to. Our changes persist in the GUI, e.g., even after reboot we see our changes in place.

 

Has anyone else seen such a "ghosts of service configurations past" re-asserting itself in spite of the correct service configuration appearing on the GUI?

 

This is on a 640, running firmware 3.6.0.012 (it's on a closed gov't network, and updating the firmware is a bit of an issue).



#2 R V Shiva Kumar

R V Shiva Kumar
  • Barracuda Team Members
  • 44 posts
  • LocationBangalore KA, IN

Posted 12 March 2014 - 05:04 AM

Hi David,

Can you please open up a support case with the Barracuda Support Team as we need to debug it further and even analyze the way network has been setup in order to determine the source of these requests which are being sent to your mentioned real servers?

Please feel free to drop a mail on linkandloadsupport_team@barracuda.com with the SN# of the device and the above description and a support personal should be at your service ASAP!

Regards
Shiva Kumar RV
Barracuda Team
Regards Shiva Kumar RV