[lvs-users] Recursive SYN packets sent from Director to RealServer

Graeme Fowler graeme at graemef.net
Tue Aug 12 09:29:14 BST 2008

Hi Lee

On Mon, 2008-08-11 at 13:26 -0700, Calcote, Lee wrote:
> We¹re having intermittent luck using LVS/TUN and LS/DR while trying to
> load-balance web services running on high port numbers: 10000, 60000, and
> 60001.
> We find that client making HTTP requests at <VIP>:10000 (Webmin),
> <VIP>:60000 and <VIP>:60001 (both in-house web services) are able to
> successfully connect to real servers only intermittently. During failed
> requests, we find the Director is generating SYN after SYN request to the
> real server. The real server receives these (many thousand) SYN requests but
> sends no reply (SYN, ACK). One of the mysteries here is that at other times
> the same client will make a request and successfully connect to the web
> service. We¹ve test the load-balancing of SSH and had a 100% success rate.

This sounds very much like the problem caused in "streamlined" setups
where the realservers are also the directors. In that case it's quite
possible that packets get continually "balanced" - if you search the
archives for the words "reflected", "reflection" or variations on
"amplification" you may find similar problems and a set of solutions for

Can you give us a bit more detail about your architecture, please?


