Network load balancing sessionAffinity NONE doesn't work

152 views
Skip to first unread message

dorel vaida

unread,
Aug 9, 2014, 7:00:32 PM8/9/14
to gce-dis...@googlegroups.com
Hey, I have a functional load balancer in us central, 2 test instances, both healthy, and they both receive traffic. However, the load balancing seems to have some sessionAffinity even though the setting is clearly NONE. 

When I access the app from the same browser window or from the load testing tool (wrk) all requests go to the same instance. If I switch to another browser it sends the requests to the second instance. So this sounds very weird, like HTTP session based session affinity (but then I cannot explain wrk's behavior since all requests from it go to the same instance and wrk doesn't send session information)

Has anyone encountered this? Is there something I am missing?

Thanks,
Dorel

Leif Pedersen

unread,
Aug 9, 2014, 7:44:12 PM8/9/14
to dorel vaida, gce-dis...@googlegroups.com
I suspect HTTP Keep-Alive. I'm guessing if the web browser sends all the requests in the same TCP session, the load balancer also sends them all to the backend in a single TCP session.

I haven't checked or anything; I'm just suggesting a place to look. For example, try multiple HTTP requests in the same TCP session with nc or socat and see if it matches the pattern. If that's the case, it's probably desirable behavior.

- Leif



--
© 2014 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
 
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-dis...@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussio...@googlegroups.com.
To post to this group, send email to gce-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/b327b2e5-cf8d-4980-8255-bf0de06e8606%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



--

As implied by email protocols, the information in this message is not confidential.  Any middle-man or recipient may inspect, modify, copy, forward, reply to, delete, or filter email for any purpose unless said parties are otherwise obligated.  As the sender, I acknowledge that I have a lower expectation of the control and privacy of this message than I would a post-card.  Further, nothing in this message is legally binding without cryptographic evidence of its integrity.

http://bilbo.hobbiton.org/wiki/Eat_My_Sig

dorel vaida

unread,
Aug 10, 2014, 3:14:21 AM8/10/14
to gce-dis...@googlegroups.com, dorel...@gmail.com
I can confirm that this is correct. As GCE doesn't yet support SSL offloading at the load balancer I have nginx on all balanced instances and there was a ssl session cache setting enabled. Once removed, the browser behavior still remains the same because of the keepalive (expected and somewhat desired) but the API access (through the wrk benchmarking tool) is load balanced between all the instances as expected.

Thanks Leif,
Dorel
Reply all
Reply to author
Forward
0 new messages