[lvs-users] LVS/keepalived dropping client's packets after sending server's FIN

Israel Hsu israelhsu at gmail.com
Tue Apr 26 01:21:54 BST 2011

I'm having a problem with TCP connections not being properly closed.

I'm setting up a simple LVS director using keepalived.
Director and server are running Linux
Director is running keepalived 1.2.2.
Firewall is stopped on all three computers.

There are three computers: one client, one director, and one HTTP
server. I am using LVS-NAT.

Apparently (observed via tcpdump on all three computers) this is what happens:

The client has just requested an HTTP document.

    client <---> director <---> server
            ...           ...
1.               data1    <--- data1 to client (HTTP response)
2.  data1   <--- data1
3.  ack of
    data1   ---> ...
4.                        <--- data2 to client
5.  data2   <--- data2
6.  ack of
    data2   ---> ...
5.               data3,F  <--- data3 to client with FIN
6.  data3,F <--- data3,F
7.               ack of
                 data1    ---> ack of data1
8.               ack of
                 data2    ---> ack of data2
9.               data3,F  <--- retransmit data3,FIN
10. data3,F <--- data3,F
11. (repeat step 9)
12. (repeat step 10) ...

So, you can see that the client never acknowledges data3,F with a
FINACK. Now you may say this is a problem with the client, but the
client is just "telnet server 80". The output at the client is the
HTTP page requested up to and not including the data3 packet.

Furthermore, when removing the director/virtual server, the connection
from client to HTTP server is setup and closed correctly.

Is the LVS setup causing the problem or is there something else I'm missing?

Israel Hsu

More information about the lvs-users mailing list