[lvs-users] LVS-DR Cluster Some Real Servers Stuck in SYN_RECV

Bruce Rudolph brudolph at admantx.com
Thu Mar 13 21:35:44 GMT 2014


Figured I'd update all with the discovered problem in case it happens to 

My bare-metal vendor enabled uRFP on a some routers in their environment 
which causes the outgoing SYN-ACKs from the Real Server to the Client to 
be dropped. On the one working Real Server the network segment did not 
have uRFP enabled. Frustrating for two weeks they didn't let me know of 
this change.


On 3/3/14 12:28 PM, Julian Anastasov wrote:
> 	Hello,
> On Mon, 3 Mar 2014, Bruce Rudolph wrote:
>>      18:21:12.346386 Out e4:11:5b:ae:f9:e5 ethertype IPv4 (0x0800),
>>      length 76: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP
>>      (6), length 60)
>>           <VIP>.80 > <CIP//>.62628: Flags [S.], cksum 0xf2a9 (correct),
>>      seq 4207299083, ack 4011092519, win 14480, options [mss
>>      1460,sackOK,TS val 82369115 ecr 3844971164,nop,wscale 7], length 0
> 	Response is going to e4:11:5b:ae:f9:e5 ? Do
> you see it reaching there? Also, simple test with
> client on LAN can reveal the problem, just check with
> tcpdump on client box. It can show if problem comes
> from router or from real servers. Sometimes, smart
> switches can be the culprit too.
> 	Also, check on real servers (mostly the working
> one) with tcpdump that you don't see the VIP in
> outgoing ARP packets, only director can expose the VIP
> in ARP packets. This can be also checked from client on
> LAN with 'arping -c 1 VIP', only the director should
> reply for VIP.
> Regards
> --
> Julian Anastasov <ja at ssi.bg>

