Connection problems with bbproxy
list Shaun Kasperowicz
Hello, I have a BB server (and clients) running 1.8b. Most of our systems are inside the firewall and are monitored easily. For the few external servers we used bbfetch with good results for several years. Recently we added a large amount of servers outside the private network, which caused some bottlenecking and performance issues with bbfetch, so I decided to try bbproxy. So far I have been able to make the external clients send to the bbproxy server, and the bbproxy server can make contact through the firewall to the BBDISPLAY server on tcp1984. However, the BBDISPLAY server is not doing anything with the data. Both the bbproxy and the external client are in bb-hosts, and I can see tcp connections being made on both ends via snoop. I also don't see any errors in BBOUT, even when I run bbd in debug mode. I've eliminated the firewall as well, and still have the same results. This is how I am starting bbproxy: /opt/bb/bin/bbproxy \ --bbdisplay=10.88.19.48 \ --pidfile=/var/run/bbproxy.pid \ --logfile=/opt/bb/tmp/bbproxy.log \ --log-details \ --debug And this is what I see when I tail the bbproxy logs: 2005-08-08 16:48:12 10.88.19.38 : status btndev8.disk 2005-08-08 16:48:14 10.88.19.38 : status btndev8.top 2005-08-08 16:48:38 Server not responding, message lost 2005-08-08 16:48:38 Server not responding, message lost 2005-08-08 16:48:38 Server not responding, message lost 2005-08-08 16:48:38 Server not responding, message lost 2005-08-08 16:48:40 Server not responding, message lost Has anyone run into this before? Do I need to be running BB/Hobbit on the proxy server too? Any insight is appreciated. Thanks, -Shaun Kasperowicz
list Henrik Størner
▸
On Mon, Aug 08, 2005 at 06:38:12PM -0600, Kasperowicz, Shaun (Contractor) wrote:
So far I have been able to make the external clients send to the bbproxy server, and the bbproxy server can make contact through the firewall to the BBDISPLAY server on tcp1984. However, the BBDISPLAY server is not doing anything with the data. Both the bbproxy and the external client are in bb-hosts, and I can see tcp connections being made on both ends via snoop. And this is what I see when I tail the bbproxy logs: 2005-08-08 16:48:12 10.88.19.38 : status btndev8.disk 2005-08-08 16:48:14 10.88.19.38 : status btndev8.top 2005-08-08 16:48:38 Server not responding, message lost
BB uses the file $BBHOME/etc/security to list the IP-adresses that are allowed to connect to the bbd daemon. My first guess would be that the IP-address that bbd sees for the incoming connections from the proxy is not listed in this file, which causes the bbd daemon to drop the connection immediately. I believe you need to restart BB after changing this file. Regards, Henrik
list Shaun Kasperowicz
Henrik, I did forget to mention that I updated the security file after I saw rejections from the bbproxy in BBOUT. After updating the file the rejections stopped, but the BB server is still not updating the display. Thanks, -Shaun
▸
-----Original Message-----
From: Henrik Stoerner [mailto:user-ce4a2c883f75@xymon.invalid]
Sent: Monday, August 08, 2005 10:32 PM
To: user-ae9b8668bcde@xymon.invalid
Subject: Re: [hobbit] Connection problems with bbproxy
On Mon, Aug 08, 2005 at 06:38:12PM -0600, Kasperowicz, Shaun
(Contractor) wrote:So far I have been able to make the external clients send to the bbproxy server, and the bbproxy server can make contact through the firewall to the BBDISPLAY server on tcp1984. However, the BBDISPLAY server is not doing anything with the data. Both the bbproxy and the external client are in bb-hosts, and I can see tcp connections being made on both ends via snoop. And this is what I see when I tail the bbproxy logs: 2005-08-08 16:48:12 10.88.19.38 : status btndev8.disk 2005-08-08 16:48:14 10.88.19.38 : status btndev8.top 2005-08-08 16:48:38 Server not responding, message lost
BB uses the file $BBHOME/etc/security to list the IP-adresses that are allowed to connect to the bbd daemon. My first guess would be that the IP-address that bbd sees for the incoming connections from the proxy is not listed in this file, which causes the bbd daemon to drop the connection immediately. I believe you need to restart BB after changing this file. Regards, Henrik
list Shaun Kasperowicz
Well after some more snooping, we find that bbproxy never makes a complete tcp connection with the BB server. You can see several connection attempts, but they are never completed, and the data is never sent from bbproxy to the BB server. On any regular client, the connection is established and you can see the BB data sent in plain text:
0: 0800 209f 58f0 0800 20c7 8e53 0800 4500 .. .X... ..S..E.
16: 05dc a1e7 4000 ff06 996c 0a58 130d 0a58 .... at ....l.X...X
32: 130b c249 07c0 0ec9 f02e 889b fce3 5010 ...I........ü.P.
48: 2238 8271 0000 636f 6d62 6f0a 7374 6174 "8.q..combo.stat
64: 7573 206d 7774 6573 7431 2e64 6973 6b20 us mwtest1.disk
80: 6772 6565 6e20 5475 6520 4175 6720 2039 green Tue Aug 9
96: 2031 313a 3431 3a35 3420 5044 5420 3230 11:41:54 PDT 20
112: 3035 202d 2044 6973 6b20 7061 7274 6974 05 - Disk partit
128: 696f 6e73 206f 6e20 6d77 7465 7374 3120 ions on mwtest1
144: 4f4b 0a0a 7377 6170 2020 2020 2020 2020 OK..
The bbproxy never gets that far...as if it's doing something during the negotiation that our old BB server doesn't like, so it drops the connections. I'm beginning to think that our BB1.8b clients and server are too old for us to use bbproxy with them. Is this possible? I'm not sure how far back Hobbit is compatible with BB. Also, is there a way to make logging more verbose with bbproxy? That might help the troubleshooting.
Thanks,
-Shaun Kasperowicz
▸
-----Original Message-----
From: Kasperowicz, Shaun (Contractor) [mailto:user-b86a185566a6@xymon.invalid]
Sent: Monday, August 08, 2005 5:38 PM
To: user-ae9b8668bcde@xymon.invalid
Subject: [hobbit] Connection problems with bbproxy
Hello,
I have a BB server (and clients) running 1.8b. Most of our systems are inside the firewall and are monitored easily. For the few external servers we used bbfetch with good results for several years. Recently we added a large amount of servers outside the private network, which caused some bottlenecking and performance issues with bbfetch, so I decided to try bbproxy.
So far I have been able to make the external clients send to the bbproxy server, and the bbproxy server can make contact through the firewall to the BBDISPLAY server on tcp1984. However, the BBDISPLAY server is not doing anything with the data. Both the bbproxy and the external client are in bb-hosts, and I can see tcp connections being made on both ends via snoop. I also don't see any errors in BBOUT, even when I run bbd in debug mode. I've eliminated the firewall as well, and still have the same results.
This is how I am starting bbproxy:
/opt/bb/bin/bbproxy \
--bbdisplay=10.88.19.48 \
--pidfile=/var/run/bbproxy.pid \
--logfile=/opt/bb/tmp/bbproxy.log \
--log-details \
--debug
And this is what I see when I tail the bbproxy logs:
2005-08-08 16:48:12 10.88.19.38 : status btndev8.disk
2005-08-08 16:48:14 10.88.19.38 : status btndev8.top
2005-08-08 16:48:38 Server not responding, message lost
2005-08-08 16:48:38 Server not responding, message lost
2005-08-08 16:48:38 Server not responding, message lost
2005-08-08 16:48:38 Server not responding, message lost
2005-08-08 16:48:40 Server not responding, message lost
Has anyone run into this before? Do I need to be running BB/Hobbit on the proxy server too? Any insight is appreciated.
Thanks,
-Shaun Kasperowicz
list Henrik Størner
▸
On Tue, Aug 09, 2005 at 01:03:21PM -0600, Kasperowicz, Shaun (Contractor) wrote:
Well after some more snooping, we find that bbproxy never makes a complete tcp connection with the BB server. You can see several connection attempts, but they are never completed, and the data is never sent from bbproxy to the BB server.
I assume what you see in the snoop are the outgoing SYN packets from the proxy, but not SYN-ACK packets coming back from the BB server ? Could you run snoop on both servers - the one running bbproxy and the BB server at the same time ? I'd like to have a look at that traffic.
▸
The bbproxy never gets that far...as if it's doing something during the negotiation that our old BB server doesn't like, so it drops the connections. I'm beginning to think that our BB1.8b clients and server are too old for us to use bbproxy with them. Is this possible? I'm not sure how far back Hobbit is compatible with BB.
It *should* work - I dont think there's been any change in the BB daemon for a very long time. I haven't tested bbproxy with a 1.8b server, but I don't know of anything that would make it fail like this. There's really nothing special in the way bbproxy sets up the connection to the BB server - it just invokes the standard "connect()" routine.
▸
Also, is there a way to make logging more verbose with bbproxy? That might help the troubleshooting.
Start bbproxy as a foreground process with debugging enabled. Run it with all of the usual options, plus "--debug --no-daemon". One thing I come to think of ... what's the MAXLINE setting on your BB server (in the $BBHOME/src/bb.h file) ? bbproxy will combine status- messages into combo-messages - if it ends up building larger messages than your BB server can accept, they could end up being discarded. But then you should see the message going over the wire ... Henrik
list Shaun Kasperowicz
I had already been using the --debug and --log-details options, but the logs weren't telling me much. I went ahead and ran bbproxy with the --no-daemon option that you mentioned, and I started seeing quite a bit more info on screen, including what looked like successful connections: 2005-08-09 15:25:10 state 0: connecting to server 2005-08-09 15:25:10 Connecting to BBDISPLAY at 10.88.19.48 2005-08-09 15:25:10 state 1: connecting to server 2005-08-09 15:25:10 Connecting to BBDISPLAY at 10.88.19.48 2005-08-09 15:25:10 state 0: request sent 2005-08-09 15:25:10 state 1: sending to server 2005-08-09 15:25:10 state 0: cleanup 2005-08-09 15:25:10 state 1: request sent 2005-08-09 15:25:11 state 0: cleanup I opened the BBDISPLAY web page, and what do you know, it's working!? However it only seems to work when invoked with the --no-daemon switch, which really has us puzzled. I'd like to get it working in daemon mode, but I'm not sure what the issue is here. Oh, and I am seeing SYN-ACK packets coming back from the BB server, but after that there is nothing. I will get you the snoop files for both machines asap, if you still want to see them. Thanks Henrik
▸
-Shaun
-----Original Message-----
From: Henrik Stoerner [mailto:user-ce4a2c883f75@xymon.invalid]
Sent: Tuesday, August 09, 2005 2:20 PM
To: user-ae9b8668bcde@xymon.invalid
Subject: Re: [hobbit] Connection problems with bbproxy
On Tue, Aug 09, 2005 at 01:03:21PM -0600, Kasperowicz, Shaun
(Contractor) wrote:Well after some more snooping, we find that bbproxy never makes a complete tcp connection with the BB server. You can see several connection attempts, but they are never completed, and the data is never sent from bbproxy to the BB server.
I assume what you see in the snoop are the outgoing SYN packets from the proxy, but not SYN-ACK packets coming back from the BB server ? Could you run snoop on both servers - the one running bbproxy and the BB server at the same time ? I'd like to have a look at that traffic.
The bbproxy never gets that far...as if it's doing something during the negotiation that our old BB server doesn't like, so it drops the connections. I'm beginning to think that our BB1.8b clients and server are too old for us to use bbproxy with them. Is this possible? I'm not sure how far back Hobbit is compatible with BB.
It *should* work - I dont think there's been any change in the BB daemon for a very long time. I haven't tested bbproxy with a 1.8b server, but I don't know of anything that would make it fail like this. There's really nothing special in the way bbproxy sets up the connection to the BB server - it just invokes the standard "connect()" routine.
Also, is there a way to make logging more verbose with bbproxy? That might help the troubleshooting.
Start bbproxy as a foreground process with debugging enabled. Run it with all of the usual options, plus "--debug --no-daemon". One thing I come to think of ... what's the MAXLINE setting on your BB server (in the $BBHOME/src/bb.h file) ? bbproxy will combine status- messages into combo-messages - if it ends up building larger messages than your BB server can accept, they could end up being discarded. But then you should see the message going over the wire ... Henrik