<div dir="ltr">Hi Andrei!<div class="gmail_extra"><br><div class="gmail_quote">On Tue, Mar 19, 2013 at 2:49 AM, Andrei Belov <span dir="ltr"><<a href="mailto:defan@nginx.com" target="_blank">defan@nginx.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Hello Jay,<div class="im">
<br>
</div>If I understand you right, issue can be repeated in the following cases:<br>
<br>
1) client and server are on different EC2 instances, public IPs are used;<br>
2) client and server are on different EC2 instances, private IPs are used;<br>
3) client and server are on a single EC2 instance, public IP is used.<br>
<br>
And there are no problems when:<br>
<br>
1) client and server are on a single EC2 instance, either loopback or private IP is used.<br>
<br>
Please correct me if I'm wrong.<br></blockquote><div><br></div><div style>If by "client" you mean nginx, and by "server" you mean our upstream HTTP service ... That is exactly correct. You could also throw in another permutation by changing where ApacheBench is run, but it doesn't change the occurrence of dropped packets; only increases average latency when AB and nginx are on separate EC2 instances.</div>
<div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
What about EC2 security group - do the client and the server use the same group?<br>
How many rules are present in this group? Have you tried to either decrease<br>
a number of rules used, or create "pass any to any" simple configuration?<br></blockquote><div><br></div><div style>That's a great point! We have been struggling with the number of firewall rules as a separate matter, in fact. There may be some relation here. Thank you for reminding me.</div>
<div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
And just to clarify the things - under "external IP address" do you mean EC2<br>
instance's public IP, or maybe Elastic IP?</blockquote><div><br></div><div style>I'm talking about the instance public IPs. Elastic IPs are only used for client access to nginx. And specifically only for managing DNS. Between nginx and upstream servers, the public IPs are used.</div>
</div></div></div>