Hello,
I have been using Stunnel 3.5.44 (latest for Ubuntu 18) to connect to my remote load balancer which serves traffic to several backend nodes.
After recent O/S update, I have noticed one weird issue. I am seeing frequent TIMEOUTconnect and TIMEOUTclosed exceeded errors when stunnel service tries to connect to backend nodes via load balancer in round robin mode.
If I replace load balancer or multiple backends (to rule out DNS issue) entries:
connect = remote-load-balancer:8080 Or connect = remote-backend-node1:8080 connect = remote-backend-node2:8080
With single backend entry like this:
connect = remote-backend-node1:8080 Or, connect = remote-backend-node2:8080
Then those errors go away.
I have tested on multiple servers with different backends and timeout configuration and all are showing same issues so the problem seems like not related to specific server of backend.
Any idea what could cause this issue?
Thanks in advance, Ferdous
Reference: https://launchpad.net/ubuntu/bionic/+package/stunnel4
Stunnel sample config:
pid = /var/run/stunnel4/stunnel.pid output = /var/log/stunnel4/stunnel.log
socket = l:SO_KEEPALIVE=1 socket = r:SO_KEEPALIVE=1 socket = r:TCP_KEEPIDLE=120 socket = r:TCP_KEEPINTVL=30 socket = r:TCP_KEEPCNT=6 socket = l:TCP_KEEPIDLE=120 socket = l:TCP_KEEPINTVL=30 socket = l:TCP_KEEPCNT=6
[remote] client = yes accept = 127.0.0.1:6500 connect = remote-load-balancer:8080 cert = /opt/service/etc/cert.d/remote.crt key = /opt/service/etc/key.d/remote.key sslVersion = TLSv1.2 debug = info verifyChain = no verifyPeer = no
Just to add, it seemed like, previously the stunnel service was connecting to single backend service node via load balancer, even though it was supposed to connect to all backends in round robin mode.
After recent O/S or other update, stunnel service is now connecting to multiple backends in round robin mode (the way it is supposed to do) and is throwing frequent (2+ out of ~10) TIMEOUT connect or closed exceeds errors.
-
Ferdous K