[lvs-users] IPVS stops tunneling with ipip on SSL traffic causing session failures
Phillip Moore
pdm at pobox.com
Fri Aug 28 22:20:11 BST 2015
Well now for the facepalm moment. I updated our kernel for Scientific
Linux for a security update and it seems to have solved this problem.
I will endeavor to find what bug was fixed now.
failing kernel: kernel-2.6.32-504.30.3.el6.x86_64
working kernel: kernel-2.6.32-573.el6.x86_64
Julian, thank you so much for your help. It is really appreciated.
Phillip Moore
On Fri, Aug 28, 2015 at 3:16 PM, Phillip Moore <pdm at pobox.com> wrote:
> Thank you for the suggestion.
>
> We didn't have the netfilter module loaded at all so I don't think it
> would have having any impact. However I loaded it and set this setting
> and it didn't change the behavior.
> The ip_conntrack_tcp_be_liberal setting wasn't available on our kernel
> version looks like I can't find a module to load to enable that.
>
> We did find something interesting. If we add additional headers to the
> working http request we can make it fail.
>
> WORKS: curl -H "X:1" http://10.64.96.10/healthcheck
> FAILS: curl -H "X:12" http://10.64.96.10/healthcheck
>
> 190 bytes works, 191 bytes fails with the failure to tunnel problem.
>
>
>
More information about the lvs-users
mailing list