Hi, all. Weird one ... we have a Layer 7 service with SSL offload that fronts for a series of real servers (with content rules that perform a somewhat complex traffic mgmt). We are in the process of using a proxy to implement the same traffic mgmt scheme, and want to change the Barracuda service to just point at this proxy, sending all traffic to it.
First we tried adding the proxy as a real server, and disabling all the other real servers. But for some reason, the now-disabled real servers were still receiving traffic requests. So we went a step further, and deleted all the real servers other than the proxy ... and the formerly-present real servers were STILL receiving active requests. So we literally deleted the service, rebooted the balancer, and created the service anew with just the proxy as a real server. And ... yes, the old real servers STILL were getting requests.
We assumed that possibly some other device was implementing the service IP ... even though no such device is known to us. But arping -D only detects a single implementation of the service IP. Further, when we reboot the balancer, during the reboot period the IP is unavailable, then becomes available again at the expected time as the balancer finishes booting back up (though still directing traffic to the old, no-longer-referenced real servers).
This is a one-armed deployment, but the WAN and LAN are on different VLANs, and the real server's HTTP daemons are not available on the WAN address space, the IIS servers involved only listen on the LAN VLAN. So there's no way our clients could be somehow directly accessing the real servers, from a network perspective.
HTTP Caching is off for the service involved (actually, it's off for all services). And we can see in the real server's web access log that the requests ARE in fact occurring, with a source address of the balancer's LAN VLAN IP address. So we're really pretty sure the balancer is in effect using the "old", deleted service configuration (rules and all) for the service, instead of what we changed the service to. Our changes persist in the GUI, e.g., even after reboot we see our changes in place.
Has anyone else seen such a "ghosts of service configurations past" re-asserting itself in spite of the correct service configuration appearing on the GUI?
This is on a 640, running firmware 3.6.0.012 (it's on a closed gov't network, and updating the firmware is a bit of an issue).