Only one tunnel gets checked by the load balancer ...
# general-helpn
Noah Kennedy | Oxy
01/13/2024, 9:09 PMI have a load balancer with two tunnels attached. For some reason, only one tunnel seems to get monitor checks. I think this might also apply to health check traffic, but I need to double check.
Traffic is otherwise split roughly equally between the two tunnels, and when there is an outage in that cluster that affects both, the tunnel that doesn't seem to get monitor checks will still register as "healthy".
Does anyone have any idea what might be going on here?
Noah Kennedy | Oxy
01/13/2024, 9:24 PMconfirmed that all the health checks also seem to go to one tunnel
c
Cyb3r-Jok3
01/13/2024, 10:09 PMRandom shot in the dark. Are the tunnels connected to the same DCs? Tunnel traffic typically through the closest location (not officially though). Wondering if the health checks are coming from a DC where the tunnel is connected to
n
Noah Kennedy | Oxy
01/13/2024, 10:25 PMThey are both connected to the DFW-A PoP, though different colos
Noah Kennedy | Oxy
01/13/2024, 10:26 PMI've turned off the health check's right now to reduce the noise a bit and focus on the knobs I have around the monitors
c
Cyb3r-Jok3
01/13/2024, 10:31 PMThere might be some internals of how the tunnel is traffic is being routed but no clue
n
Noah Kennedy | Oxy
01/13/2024, 10:33 PMthat's what i'm wondering
Noah Kennedy | Oxy
01/14/2024, 12:24 AMi've uninstalled and reinstalled that tunnel to no avail
Noah Kennedy | Oxy
01/14/2024, 12:42 AMstrange, removing the tunnel that gets all the monitor requests still leaves the other tunnel getting none
Noah Kennedy | Oxy
01/14/2024, 12:45 AMumm, why are they both one connector?
Noah Kennedy | Oxy
01/14/2024, 12:45 AMhow did i get myself into this situation?
Noah Kennedy | Oxy
01/14/2024, 1:00 AMwait a minute
Noah Kennedy | Oxy
01/14/2024, 1:01 AMon worker 1 (the one getting all the traffic),
cloudflared tunnel infoNoah Kennedy | Oxy
01/14/2024, 1:01 AMwat
Noah Kennedy | Oxy
01/14/2024, 1:02 AMi am bamboozled
c
Cyb3r-Jok3
01/14/2024, 1:03 AMThat’s uh funky. Like the connector or the tunnel IDs?
n
Noah Kennedy | Oxy
01/14/2024, 1:13 AMfrom heavy-worker-1
Copy code
➜ ~ cloudflared tunnel info heavy-worker-1
NAME: heavy-worker-1
ID: aff69054-<REST>
CREATED: 2023-05-19 22:41:36.32161 +0000 UTC
CONNECTOR ID CREATED ARCHITECTURE VERSION ORIGIN IP EDGE
7b612dfc-<REST> 2024-01-14T00:34:27Z linux_arm64 2024.1.2 104.13.171.136 1xdfw01, 1xdfw05, 2xmci01
➜ ~ cloudflared tunnel info heavy-worker-2
NAME: heavy-worker-1
ID: aff69054-<REST>
CREATED: 2023-05-19 22:41:36.32161 +0000 UTC
CONNECTOR ID CREATED ARCHITECTURE VERSION ORIGIN IP EDGE
7b612dfc-<REST> 2024-01-14T00:34:27Z linux_arm64 2024.1.2 104.13.171.136 1xdfw01, 1xdfw05, 2xmci01 Copy code
➜ ~ cloudflared tunnel info heavy-worker-1
NAME: heavy-worker-1
ID: aff69054-<REST>
CREATED: 2023-05-19 22:41:36.32161 +0000 UTC
CONNECTOR ID CREATED ARCHITECTURE VERSION ORIGIN IP EDGE
7b612dfc-<REST> 2024-01-14T00:34:27Z linux_arm64 2024.1.2 104.13.171.136 1xdfw01, 1xdfw05, 2xmci01
➜ ~ cloudflared tunnel info heavy-worker-2
NAME: heavy-worker-2
ID: b7561864-<REST>
CREATED: 2024-01-14 00:49:37.245692 +0000 UTC
CONNECTOR ID CREATED ARCHITECTURE VERSION ORIGIN IP EDGE
d537845f-<REST> 2024-01-14T00:51:00Z linux_arm64 2024.1.2 104.13.171.136 1xdfw06, 1xdfw09, 2xmci01Noah Kennedy | Oxy
01/14/2024, 1:13 AMheavy-worker-1 gets all the monitor traffic
Noah Kennedy | Oxy
01/14/2024, 1:13 AMhow is this possible
Noah Kennedy | Oxy
01/14/2024, 1:15 AMi continue to find novel ways of breaking computers lol
Noah Kennedy | Oxy
01/14/2024, 1:23 AM@Cyb3r-Jok3 i legitimately have no idea how i did this lmao
c
Cyb3r-Jok3
01/14/2024, 2:57 AMlol heavy-worker-1 work seems cursed
n
Noah Kennedy | Oxy
01/14/2024, 3:09 AMreally is lol
Noah Kennedy | Oxy
01/14/2024, 3:10 AMi'm just gonna delete the tunnel and make a new one
c
Cyb3r-Jok3
01/14/2024, 3:28 AMRemote managed tunnels for the win
n
Noah Kennedy | Oxy
01/14/2024, 4:08 AMthat did not fix the issue
Noah Kennedy | Oxy
01/14/2024, 4:08 AMi am bamboozled
Noah Kennedy | Oxy
01/14/2024, 4:17 AMneither did making the tunnels remote
f
Flop
01/14/2024, 5:00 AMCan you try setting the ha connections to 1 and set them each to different regions (1 and 2, not us or global) I’m very curious how you got this to happen
Flop
01/14/2024, 5:45 AMwhat do the debug logs look like for API requests to/from argotunnels.com from both tunnels?
n
Noah Kennedy | Oxy
01/14/2024, 5:57 PMhow would one do this?
Noah Kennedy | Oxy
01/14/2024, 5:57 PMalso, i too am curious about how i got myself into this mess 😂
Noah Kennedy | Oxy
01/14/2024, 5:58 PMi'll go check these
Noah Kennedy | Oxy
01/14/2024, 7:21 PMCloudflared tunnel metrics show even rps to each tunnel
Noah Kennedy | Oxy
01/14/2024, 7:22 PMweird
Noah Kennedy | Oxy
01/14/2024, 7:22 PMbut this disagrees with what logs show when i tail journalctl
Noah Kennedy | Oxy
01/14/2024, 7:52 PMi'll do more digging, wonder if something is borked on my end
Noah Kennedy | Oxy
01/14/2024, 7:52 PMwill be double checking my logging
f
Flop
01/14/2024, 9:44 PMtunnel --ha-connections 1 (undocumented), I thought there was a way to force it to region 1 or 2, but i cant seem to find it. the same effect probably from restarting one till its on a seperate region
Flop
01/14/2024, 9:45 PMbut given heavy-worker-1 seems to think that both tunnels have the same UUID I think there is a config issue somewhere
Flop
01/14/2024, 9:45 PMhow are you starting the tunnels (cmdline and config)?