[lvs-users] "Failover" ldirectord, udp and loadbalancing "cycles"

Sascha Schneider lists at suntsu.org
Tue Oct 15 16:41:06 BST 2013


Hello there,

I'm quite new with LVS and ldirectord, so please be patient if what I'm 
asking has been asked before. I tried to solve my problem by searching 
this list's archive but either my search-fu left me or nobody has 
encountered this issue yet.

I currently have a 4 machine setup, all running a service on port 1234 
udp. Machines a and b both run both the service and ldirectord, c and d 
only run my service. Machines a and b have a failover ip address, 
ldirectord state is not synched (yet). The scheduler is rr.

Currently the machine (the active one, either a or b) that has the 
failover ip address marks it's incoming packaged with 0x9, my virtual 
server uses fwm as protocol, matches mark 9 and distributes to all 4 
servers. The other machine (the passive one) does not mark packages at 
all. Active/passive is done with pacemaker.

My problem is this: If I do a failover and switch over my ip address for 
whatever reasons, let's say from machine a to machine b, I get circling 
packages and therefore some connections remain. Normally this shouldn't 
happen because incoming packages at the passive machine should not get 
tagged anymore and therefore should get handed to my service directly 
without lvs involved. This somehow is not the case. To me it looks like 
lvs ignores my virtual server config as long as it already has a 
matching "connection" already. This is only a wild guess, though. What I 
see is that lvs/ldirectord on my active machine dispatches packages to 
my now-passive machine which dispatches them right back. ipvsamin -Ln 
shows me that those circling packages keep alive previously existing 
connections and therefore keep on circling.

My ldirectord.cf looks like this:
autoreload = yes
checkinterval = 1
checktimeout = 2
quiescent = no
readdquiescent = yes
failurecount = 3
fork = yes
cleanstop = yes
logfile = "/var/log/ldirectord.log"
virtual = 9
         checktype = negotiate
         checkport = 1234
         protocol = fwm
         real = 192.168.1.2:1234 gate
         real = 192.168.1.3:1234 gate
         real = 192.168.1.4:1234 gate
         real = 192.168.1.5:1234 gate
         scheduler = rr
         service = http

I mark packages on my active machine using this iptables/netfilter rule:
/usr/sbin/iptables -t mangle -I PREROUTING -i ethX -p udp -m udp -d 
192.168.1.1 --dport 1234 -j MARK --set-mark 0x9

Obviously 192.168.1.1 is my virtual server/failover ip, 192.168.1.2-4 
are my physival servers. 2 and 3 are my machines a and b.

This is what my ipvsadm -Ln looks like when the above problem occurs:

Machine a:
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
   -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
FWM  9 rr
   -> 192.168.1.2:1234            Route   1      0          0
   -> 192.168.1.3:1234            Route   1      0          5
   -> 192.168.1.4:1234            Route   1      0          0
   -> 192.168.1.5:1234            Route   1      0          0

Machine b:
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
   -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
FWM  9 rr
   -> 192.168.1.2:1234            Route   1      0          5
   -> 192.168.1.3:1234            Route   1      0          0
   -> 192.168.1.4:1234            Route   1      0          0
   -> 192.168.1.5:1234            Route   1      0          0

These 5 connections stay there for a long time. If I use iptables to 
block port 1234/udp between those machines these connections die away 
quickly.

Please give me a hint on how to resolve this issue or where to find 
documentation that describes how to resolve it.

Thanks in Advance,
Sascha Schneider



More information about the lvs-users mailing list