This is easier to explain with a diagram.
Instance One -> Port 5000 - > Forward to router 5000
Instance Two -> Port 5000 - > Forward to router 5001
Connect to instance One using WANIP:5000, this works fine until I connect to instance two (WANIP:5001).
Web browser logs me out of instance one when I log in to instance two.
How can I stop the web browser from logging me out of Instance one when I connect to instance Two?
I was expecting Instance 1 and Instance 2 to be useable simultaneously.
What have I tried?
Check that instance one and instance Two are not on the same IP address. They use the same port currently 5000 - > forward port is differnt for each instance.
I changed the port running on the instance to a differnt one and forwarded that port.
I switched UDP off on the router.
I unticked NAT on the router.
These actions did not resolve my issue.
I can connect to both instances if I use a separate web browser
to connect to each instance. For example, firefox (instance one), Edge (Instance 2).
This does not happen when the instances are on a local lan, behaviour only manifests when the instances are forwarded through the router. If it helps the instance is running .netCore MVC.
Answering my own question in case anyone else has issues with this.
This seems to be a well known problem involving cookies and the way they are shared via the web browser. Cookies are not (the way we use them anyway) independent for each instance and a new cookie is not generated when the port number changes.
You can use an alias for the IP you are connecting to which then will allow the web browser to have a cookie for each instance.
Related
I have deployed my services in one of GCP compute engine where we make external HTTP service calls to pull data and process them for our purposes. From last two days, this call is failing with connection timeout. I have tried the same in my system. Things do work smoothly. No changes which are applied in the cloud account at all. Any possible issues which is causing this issue?
I have validated the firewall rules. Everything looks to be fine. Appreciate your valuable suggestions.
regards
Manjunath
it's been a while now since you've asked. Is this still happening? If yes please read on. Otherwise please close the posting.
Your message is quite short on details. I'm going to recap what I got:
What I got from your description
The GCE VM should be connected to the public net (I suppose it's having one of the setups: a direct public IP or an instance group member with Load Balancer or an inter connected VPC with another cloud subscription or GCP project through which it connects to the internet, without an own public IP for the VM)
The VM is not a GKE cluster instance
The VM is hosting some kind of "services" (I suppose this is some kind of containerized services?)
These services relay on establishing outbound connection to the internet
From running the same services on your local machine you can see no malfunction, the service code is ok (I suppose you deploy exactly the same code and an almost identical configuration to the VM?)
No changes have happened to the cloud account (I suppose you mean the subspriction and the project as well?)
Nothing from all this has been changed at all??
Things I'd be controlling in this situation
As your descriptin of the situation is unfortunately very rough, I'd try to give you a rough overview how I'd propose you to proceed in this order. Meanwhile please provide more details on the VM situation described above:
Public IP - No instance group with Load Balancer, No inter connected VPC:
Go to Compute Engine > VM Instances and check the External IP column. Go to Column Display Options in the top right corner of the table and enable the column if you don't see it. Make sure there is an IP here.
If the external IP exists, log in to your VM and make sure that you can ping any public internet site you know working
Trace the connection to the public site to get the route your network flow is taking
Ping the host from the next hop to your local network connection and make sure it's "really" reachable
Check whether you are having a local Firewall on your VM and disable it for a testing moment, ping again the router (or next host on the route towards the public site, from your tracing step above)
Meanwhile please provide more details on the VM situation described above
I have a ServiceFabric with two applications. On application gets invoked from outside the ServiceFabric and then issues HTTP get requests to the other application inside the ServiceFabric.
My first attempt was to address the second application with the ServiceFabric's reverse proxy IP, the same as the first application is addressed with:
http://10.0.0.1:19081/App2/App2.Service/
This led to unreliable communication inside the ServiceFabric and the first request always failed, while the second mostly succeeded.
Then I read about internal ServiceFabric communication at https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-reverseproxy. Now I address my second application with localhost and it seems to work as expected:
http://localhost:19081/App2/App2.Service/
The only open question is: Does addressing applications inside the ServiceFabric with localhost only work because the application is also running on the same node? Or does it work because there is real reverse proxy behavior and even if the application does not run on the same node, the request gets to it regardless?
The reverse proxy runs on all nodes, so it can be reached on localhost at all times. It forwards your call to the second service, which is resolved automatically.
You could also use the built-in DNS service to resolve internal services. This way, you save some of the overhead of the reverse proxy.
Opposed to using the ip address, you don't need to know whether the service runs on localhost or on a different node. Also, you don't get into trouble if your service is moved at run-time.
If I'm running multiple web server instances can a client application (like a user using a web browser) be using the different instances or would they be routed to the same instance every time? Let's say they duplicate a tab or open a new tab are those tabs still using the same instance too?
This would be in Azure with IIS/ASP.NET.
When you are using load balance in any environment, you almost always have the option to set session affinity. It means basically, a client who is directed to server 1 on his first request will always be routed to the same server. Azure does provide this flexibility too without question. Here is the documentation with some details on how to do that configuration.
There are a couple of ways how you could configure session affinity. One prominent way is by source IP. So, using a different tab or a different browser instance will not make any difference. Requests from a client machine will always carry the same IP address and hence will go to the same server.
Here is the Powershell sample to set source IP based affinity:
Set-AzureLoadBalancedEndpoint -ServiceName MyService -LBSetName LBSet1 -Protocol TCP -LocalPort 80 -ProbeProtocolTCP -ProbePort 8080 –LoadBalancerDistribution sourceIP
Here is some detail on a more specific scenario that happens when users access a load balanced site from behind a company;s firewall.
In one of my applications (ASP.NET/VB.NET), I need to read the Client Machine Name. Based on the Client Machine we trigger a Point of Sale payment device to accept the payment. On each of these systems we have a stand alone software installed which communicates to the bank using HTTP requests. I am using the following .NET code to read the Client Computer Name.
Dim name As String = String.Empty
Dim hostEntry = Dns.GetHostEntry(HttpContext.Current.Request.UserHostAddress)
If hostEntry.HostName.Contains(".") Then
name = hostEntry.HostName.Substring(0, hostEntry.HostName.IndexOf("."))
Else
name = hostEntry.HostName.Trim
End If
In the development environment, all our systems are in a domain ("xyz.com") and we don't have any issues. In the customer location they don't have a domain name setup. My above logic works well in some of the systems in the client environment and is able to make payments but in most of the systems our logic fails and is not able to read the host name. Any help will be appreciated.
Your question doesn't have the specifics required to answer your question. There are many questions that need to be answered about both environments to give a correct answer. Since I can't ask questions, I will make some assumptions which might apply to future readers of this post and be able to help them out.
I would ask a question but my profile was forked for some unknown reason and I don't have the required reputation to ask a question. That being said I will run through the list of issues I can identify off the bat and suggest solutions for the issue and hopefully one will lead you to a solution.
So...
1) You state you need to read the client machine name. However, if your application isn't running on an internal LAN (aka an intranet) you can't read client machine names period. So this could be your first problem.
2) Combining point 1 and given that you are reading the IP Address from UserHostAddress of the client to look up a DNS host name and when the host look up succeeds you are taking the first part of the name up until the first "." it should be safe to assume that this an intranet application running on a LAN in both your development environment and at the client environment. With that assumption and given the statement that all machines are given an domain of xyz.com it can be assumed that DNS in your development environment is being dynamically updated from presumably through Active Directory (AD). In such case, whenever a client machine on development network requests an IP address, presumably through AD, the DHCP server integrated with AD issues the new IP Address. When it does and the DHCP offer is acknowledged and accepted by the client AD updates DNS (which on a windows network is also AD integrated) by adding a host entry with the computer name of the client machine pointing to the IP Address. Additionally a DNS pointer, depending on configuration, can be added to AD's DNS which allows an IP Address lookup to resolve to the record (which in this case would be the Client's machine name). So with your development environment (presumably running on Windows Active Directory Domain) everything works. Addi tonally, by default the top level domain name (XYZ.COM) gets appended to the clients computer name in initial DNS requests from the client.
3) Your client is not running a domain which leaves further questions. Are they running windows? If they are running windows is it as a non-Ad environment, for example a work group. First assumption would be they are not AD integrated or otherwise you most likely wouldn't be having this problem although I can think of a few rare case scenarios where they might. However, odds are the relevant questions are What DNS server are they running and what DHCP sever are they running? Your application is trying to use a client IP Address on their network and the host name lookup based on their IP is failing so it tells me in their environment for one reason or another you can't get a host name from the IP Address of the client. Mind you if they could be on AD and configured entirely correctly their DNS server is just overwhelmed and not responding within 2 seconds causing the name lookup failure but that is the rate case. With more information I could help more.
3) Assuming in 2 that they are not on AD, do you have the ability manually code host names on the computer your application is running? For example, lets say yourapp.exe runs client-server-01 and clients connect to it. Then on client-server-01 you could add static DNS entries in the host file for each PC on the client network that you expect to connect. On the other hand if your application is running locally on the client PCs you could pass the machine name as a header in the web request and then read it from the Request.Headers variable on the server.
4) Again, making another assumption the clients are web based and your application in the client environment is being hosted on the server... Is the server on a DMZ outside the client environment? If so the client environment may likely be configured, per best practices, that the server host your web app is in a DMZ and DNS requests to the box are forwarded to the client's ISP and not back into their network that has the DNS server capable of resolving an internal IP to a client machine name. If this is the case you need to send the client machine name as a variable from your client or code local IPs to host names in the servers host file (assuming the internal network isn't behind NAT and exposes the real client machine's IP) or request that the DMZ'd server can access the internal DNS and configure the access accordingly.
....
The list really goes on and on but I think I highlighted the problems for 99% of the situations and provided answers to their various solutions.
You can try to take it from X-Forwarded-For header
The X-Forwarded-For (XFF) HTTP header field is a common method for
identifying the originating IP address of a client connecting to a web
server through an HTTP proxy or load balancer.
This is what X-Forwarded-For should return:
X-Forwarded-For: client, proxy1, proxy2
Here some example code:
string ip = Request.ServerVariables["HTTP_X_FORWARDED_FOR"] ;
if (!string.IsNullOrEmpty(ip))
{
string[] ipRange = ip.Split(',');
ip = ipRange[0];
}
else
{
ip = Request.ServerVariables["REMOTE_ADDR"];
}
There was an issue with Firewall setup on the client machine.Due to that our .NET code was failing. After adding an exception to all the incoming requests from xyz.com. My code is working without any issues.
Thank you guys #Alexander Higgins, #halfer for the help.
Let's say that I'm building a web app that will be required to exchange data with 3 possible entities:
Another open browser window open on the same machine.
A browser on a different machine that is still within the same intranet.
A browser on a machine outside of the intranet.
Is it possible to somehow finagle to HTTP protocol so that the data is optimally routed?
If the transfer is on the same machine, then the request should never even reach the router.
If the transfer is in the intranet, then the request should never make it onto the internet at large.
If the transfer is outside of the intranet - then so be it.
This has nothing to do with HTTP.
What you want is exactly what properly configured routing does.
You need a combination of a properly configured DNS and a router and communication with local hosts will never pass the router.