LVS hangs in SYN_RECV state

Scott Jones scott at
Fri Oct 15 02:29:51 BST 2004

We are experiencing a problem with our lvs cluster today where people
cannot get to our LVS-NAT cluster.  It works perfectly except that
intermittently that people's connections get stuck in a SYN_RECV state. 
ipvsadm -lcn
TCP 00:44  SYN_RECV    XX.XX.XX.XX:1080  yy.yy.yy.yy:80   zz.zz.zz.zz:80

After that times out it goes into an ERR! state.  A "netstat -t" on the
real server shows the connection in the same state on that server as
well.  The real server is able to ping the end-user's machine, and is
configured with a VIP on the director as it's gateway.  

It's as though the ACK packets are getting dropped somehow, but it only
happens on a small percentage of connections.  Does anyone have any
suggestions for things that we could do to help debug or solve this

This problem is happening both with kernels and 2.4.26.  If it's
important, we are also using keepalived 1.1.7 to handle our director
failover and real server monitoring.  

Thank you for any help.


