trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eagen, Dave" <David.Ea...@biworldwide.com>
Subject RE: 502 errors with DIRECT connections
Date Wed, 04 May 2011 12:47:44 GMT
Yes, we are using ATS as a forward proxy.

The error log shows this:

20110503.07h17m50s CONNECT: could not connect to 206.169.246.146 for 'http://download.nai.com:8080/Products/CommonUpdater/SiteStat.xml'
(setting last failure time)
20110503.07h17m50s CONNECT: could not connect to 206.169.246.146 for 'http://download.nai.com:8080/Products/CommonUpdater/SiteStat.xml'
(setting last failure time)
20110503.07h18m21s RESPONSE: sent 172.16.88.240 status 502 (Connect Error <internal error
- server connection terminated/-19999>) for 'http://download.nai.com:8080/Products/CommonUpdater/SiteStat.xml'
20110503.07h44m22s RESPONSE: sent 172.16.88.240 status 502 (Tunnel Connection Failed) for
'interface.gta-travel.com:443/'

The first two failed connection attempts to download.nai.com are from misconfigured PCs trying
to connect to a site that is no longer available so the connect failures and 502 for those
are correct. But the gta-travel 502 appears by itself with no corresponding previous failure
message.

We have the following set in records.config:

CONFIG proxy.config.http.connect_attempts_max_retries INT 10
CONFIG proxy.config.http.connect_attempts_max_retries_dead_server INT 4
CONFIG proxy.config.http.connect_attempts_rr_retries INT 3
CONFIG proxy.config.http.connect_attempts_timeout INT 30
CONFIG proxy.config.http.post_connect_attempts_timeout INT 1800
CONFIG proxy.config.http.down_server.cache_time INT 180
CONFIG proxy.config.http.down_server.abort_threshold INT 10

If I understand it correctly this should try retry failed connections up to 10 times before
returning an error but we don't see that. We do see retries for the download.nai.com (http)
connection attempts in the error log but nothing for gta-travel (https).

The 172.16.88.240 IP address in the log entries is the load-balancer that clients connect
to. The load-balancer then sends requests to multiple proxy servers.

The messages file has these entries three minutes after the suspect 502:

May  3 07:47:46 appproxy3 traffic_manager[17861]: {47459379403920} ERROR: [TrafficManager]
==> Cleaning up and reissuing signal #15
May  3 07:47:46 appproxy3 traffic_manager[17861]: {47459379403920} ERROR:  (last system error
2: No such file or directory)
May  3 07:47:46 appproxy3 traffic_manager[17861]: {47459379403920} ERROR: [TrafficManager]
==> signal #15
May  3 07:47:46 appproxy3 traffic_manager[17861]: {47459379403920} ERROR:  (last system error
2: No such file or directory)

-Dave

From: Leif Hedstrom [mailto:zwoop@apache.org]
Sent: Tuesday, May 03, 2011 11:48 PM
To: users@trafficserver.apache.org
Cc: Eagen, Dave
Subject: Re: 502 errors with DIRECT connections

On 05/03/2011 07:21 AM, Eagen, Dave wrote:
We continue to see occasional 502 errors on DIRECT connections to sites. These never happen
when running through Squid so there is some difference between ATS and Squid. Examples:

1304426660.849 1322 172.16.88.240 TCP_MISS/200 11469 CONNECT interface.gta-travel.com:443/
- DIRECT/interface.gta-travel.com - -
1304426661.614 762 172.16.88.240 TCP_MISS/200 6869 CONNECT interface.gta-travel.com:443/ -
DIRECT/interface.gta-travel.com - -
1304426662.759 79 172.16.88.240 ERR_CONNECT_FAIL/502 460 CONNECT interface.gta-travel.com:443/
- DIRECT/interface.gta-travel.com text/html -
1304426665.474 5949 172.16.88.240 TCP_MISS/200 77316 CONNECT interface.gta-travel.com:443/
- DIRECT/interface.gta-travel.com - -

Is there anything else in any of the error logs, or /var/log/messages?

I assume you are using ATS as a forward proxy, since all your errors are for CONNECT requests.
Do you see the same problem for any other types of requests (GET or POST etc.)?

-- leif

This e-mail message is being sent solely for use by the intended recipient(s) and may contain
confidential information.  Any unauthorized review, use, disclosure or distribution is prohibited.
 If you are not the intended recipient, please contact the sender by phone or reply by e-mail,
delete the original message and destroy all copies. Thank you.
Mime
View raw message