Director not sending icmp unreachable to expired clients

Joseph Mack NA3T jmack at wm7d.net
Fri Jan 19 22:55:29 GMT 2007 

On Fri, 19 Jan 2007, Janusz Krzysztofik wrote:

> Hi,
>
> I am using LVS director with no VIP for load balancing ipsec servers accessed 
> by NATed clients (udp 500/4500, fwmark method). When I remove a relaserver 
> (ipvsadm -d ...), its clients are not notified after their connections 
> expire.

hmm, expire == timeout?

does the client get a new realserver? Why does the client 
need to know that the old realserver is no longer there?

> I suspect that icmp responses are simply not generated on the 
> director as they sholud be -

possibly. The icmp code was written before anyone thought of 
VIP-less directors.



> I can not see them with tcpdump nor trace them 
> with iptables rules. I could not find any piece of code in the IPVS sources 
> (linux 2.6.18) that would generate such error responses. Are these icmp 
> messages supposed to be generated by other means?

Well there used to be icmp error handling code there.

> If so, could it be that a 
> director with no VIP is not able to respond?

Horms, Julian

any ideas?

Thanks Joe

-- 
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list