[lvs-users] LVS/keepalived dropping client's packets after sending server's FIN

Israel Hsu israelhsu at gmail.com
Thu May 5 07:54:06 BST 2011

A colleague of mine discovered the problem, and I'm posting here so
anyone with the same problem can see the workaround.

On Mon, Apr 25, 2011 at 5:21 PM, Israel Hsu <israelhsu at gmail.com> wrote:
> I'm having a problem with TCP connections not being properly closed.
> I'm setting up a simple LVS director using keepalived.
> Director and server are running Linux
> Director is running keepalived 1.2.2.
> Firewall is stopped on all three computers.
> There are three computers: one client, one director, and one HTTP
> server. I am using LVS-NAT.
> ...
> So, you can see that the client never acknowledges data3,F with a
> FINACK. Now you may say this is a problem with the client, but the
> client is just "telnet server 80". The output at the client is the
> HTTP page requested up to and not including the data3 packet.

One detail I neglected to mention because I thought it had no impact
was that my directors and real servers were all running as PV virtual
machines under the Xen hypervisor.

Apparently, there is a bug in Xen's virtual devices that affects TCP
checksum offloading, causing the symptom I was seeing.

The workaround is to disable TCP checksum offloading on the servers:

ethtool -K eth0 tx off

Connections close properly now!

Now my connections are closing properly.

More information about the lvs-users mailing list