[lvs-users] Recursive SYN packets sent from Director to RealServer

Malcolm Turnbull malcolm at loadbalancer.org
Mon Aug 11 21:38:14 BST 2008


Lee,

Its unlikely to be a bug.
Sounds like its related to the real server configuration.

Just a thought do you have more than one network card on the LVS box?
You're only blocking ARPs on eth0 at the moment.
Get DR working first and then move on to TUN (have you seen the recent posts
on MTU size?





2008/8/11 Calcote, Lee <lcalcote at pelco.com>

> Hi,
>
> We¹re having intermittent luck using LVS/TUN and LS/DR while trying to
> load-balance web services running on high port numbers: 10000, 60000, and
> 60001. To handle the ARP issue, we¹re using the hidden interface approach
> with the following sysctl settings on the real servers:
>
> > net.ipv4.conf.eth0.arp_ignore = 1
> > net.ipv4.conf.eth0.arp_announce = 2
> > net.ipv4.conf.all.arp_ignore = 1
> > net.ipv4.conf.all.arp_announce = 2
> > net.ipv4.conf.tunl0.arp_ignore = 1
> > net.ipv4.conf.tunl0.arp_announce = 2
>
> We find that client making HTTP requests at <VIP>:10000 (Webmin),
> <VIP>:60000 and <VIP>:60001 (both in-house web services) are able to
> successfully connect to real servers only intermittently. During failed
> requests, we find the Director is generating SYN after SYN request to the
> real server. The real server receives these (many thousand) SYN requests
> but
> sends no reply (SYN, ACK). One of the mysteries here is that at other times
> the same client will make a request and successfully connect to the web
> service. We¹ve test the load-balancing of SSH and had a 100% success rate.
>
> Does anyone know if this is a bug with LVS or have suggestions on what
> further troubleshooting may be done to identify the issue? Any help would
> be
> appreciated.
>
> Thanks,
> Lee
>
> -
> ------------------------------------------------------------------------------
> Confidentiality Notice: The information contained in this transmission is
> legally privileged and confidential, intended only for the use of the
> individual(s) or entities named above. This email and any files transmitted
> with it are the property of Pelco. If the reader of this message is not the
> intended recipient, or an employee or agent responsible for delivering this
> message to the intended recipient, you are hereby notified that any review,
> disclosure, copying, distribution, retention, or any action taken or omitted
> to be taken in reliance on it is prohibited and may be unlawful. If you
> receive this communication in error, please notify us immediately by
> telephone call to +1-559-292-1981 or forward the e-mail to
> administrator at pelco.com and then permanently delete the e-mail and destroy
> all soft and hard copies of the message and any attachments. Thank you for
> your cooperation.
> -
> ------------------------------------------------------------------------------
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> Send requests to lvs-users-request at LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>



-- 
Regards,

Malcolm Turnbull.

Loadbalancer.org Ltd.
Phone: +44 (0)870 443 8779
http://www.loadbalancer.org/



More information about the lvs-users mailing list