[lvs-users] IPVS stops tunneling with ipip on SSL traffic causing session failures

Alex Lopez alxmlpz at gmail.com
Fri Aug 28 23:02:29 BST 2015


Do you use IPIP tunnel on the real servers ?


On Fri, Aug 28, 2015 at 2:15 PM, Julian Anastasov <ja at ssi.bg> wrote:

>
>         Hello,
>
> On Fri, 28 Aug 2015, Phillip Moore wrote:
>
> > Thank you for the suggestion.
> >
> > We didn't have the netfilter module loaded at all so I don't think it
> > would have having any impact. However I loaded it and set this setting
> > and it didn't change the behavior.
> > The ip_conntrack_tcp_be_liberal setting wasn't available on our kernel
> > version looks like I can't find a module to load to enable that.
> >
> > We did find something interesting. If we add additional headers to the
> > working http request we can make it fail.
> >
> > WORKS: curl -H "X:1" http://10.64.96.10/healthcheck
> > FAILS:  curl -H "X:12" http://10.64.96.10/healthcheck
> >
> > 190 bytes works, 191 bytes fails with the failure to tunnel problem.
>
>         What is the model/revision of the incoming network device?
> Do you have IPVS debugging enabled to check if IPVS works
> with these dropped packets? Or they are lost before reaching
> IPVS at LOCAL_IN?
>
> Regards
>
> --
> Julian Anastasov <ja at ssi.bg>
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> Send requests to lvs-users-request at LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>


More information about the lvs-users mailing list