[lvs-users] Best way to collect number of packets dropped by IPVS?
unicell at gmail.com
Thu Jun 1 02:47:46 BST 2017
I'm wondering what is the best way to see / check / collect number of
packets dropped by IPVS. There're several scenarios, I can think of, when
packet drop can happen:
- established connection + destination not available + expire_nodest_conn
- drop_packet defense being triggered
Either case IPVS is returning NF_DROP verdict to Netfilter framework. But
no metrics is being collected by IPVS. I'm wondering what is the best
approach to gain some visibility to how many packets being dropped by IPVS
(either for troubleshooting or monitoring purpose).
Has anyone done this before? Any feedback is appreciated.
More information about the lvs-users