[squid-users] "NF getsockopt(SO_ORIGINAL_DST)" filling cache.log due to AWS ELB healthchecks
Amos Jeffries
squid3 at treenet.co.nz
Thu Oct 29 21:31:31 UTC 2015
On 30/10/2015 9:51 a.m., John Smith wrote:
> The outbound traffic from the L1proxy instance in question connects to a
> public IP / DNS name of an ELB in another AWS region.
> We need to send some traffic to a different AWS region, thus the mess below:
>
> AWS instances (clients) ->
> AWS internal ELB for L1 proxies -> AWS L1 proxy instances ->
> a different AWS internal ELB for L1 proxy cluster -> a different AWS L1
> proxy instance (this is where we have the problem is with 'intercept or
> transparent) ->
> *One AWS region above, a different AWS region below*
> AWS external (publicly addressable) ELB for L2 proxies in a different AWS
> region -> AWS L2 proxy instances -> the Internet
>
> These AWS instances have both internal IPs and public IPs, and they don't
> really know about their own public IPs. That may be part or all of the
> confusion.
>
> AWS ELBs are published as DNS names, they have multiple IPs, and we are
> using DNS to connect to them.
Okay. I suspect I know what is going on now. Before I confuse things any
more by mentioning it...
Could you send me a wireshark trace of a small bunch of the connections
coming to Squid? Along with the DNS name for the ELB the clients are
connecting to.
Amos
More information about the squid-users
mailing list