[lvs-users] ipvsadm problem

Dmitry Akindinov dimak at stalker.com
Sat Aug 25 07:07:05 BST 2012


Hello,

On 2012-08-24 18:05, Graeme Fowler wrote:
> On Fri, 2012-08-24 at 16:58 +0400, Dmitry Akindinov wrote:
>> It looks like the problem is not in the ipvs rules, but in the ipvs
>> "connection table" that it gets from the "active" balancer via the
>> syncing daemon: as soon as we stop the syncing daemon, the problem
>> disappears.
>
> I wonder... is this symptomatic of a connection tracking issue?
>
> Could it be that the incoming packets are not being seen as
> ESTABLISHED,RELATED by netfilter and therefore being dropped? Although
> that begs the question as to why with an empty sync table the problem
> goes away.
>
> Unless... netfilter *is* detecting them as ESTABLISHED,RELATED and
> therefore trying to pass them into an ipvs table which is currently
> empty?
>
> If you have connection tracking setup in iptables, could you remove it
> for a little while to see what happens? I smell an interaction.

It is unlikely. The iptables on all those servers has connection 
tracking switched off:

*raw
:PREROUTING ACCEPT []
:OUTPUT ACCEPT []
-A PREROUTING -d VIP/32 -j NOTRACK
COMMIT



> Graeme


-- 
Best regards,
Dmitry Akindinov




More information about the lvs-users mailing list