[lvs-users] Best way to collect number of packets dropped by IPVS?

Qiu Yu unicell at gmail.com
Thu Jun 1 02:47:46 BST 2017


Hi,

I'm wondering what is the best way to see / check / collect number of
packets dropped by IPVS. There're several scenarios, I can think of, when
packet drop can happen:

- established connection + destination not available + expire_nodest_conn
disabled
- drop_packet defense being triggered

Either case IPVS is returning NF_DROP verdict to Netfilter framework. But
no metrics is being collected by IPVS. I'm wondering what is the best
approach to gain some visibility to how many packets being dropped by IPVS
(either for troubleshooting or monitoring purpose).

Has anyone done this before? Any feedback is appreciated.

QY


More information about the lvs-users mailing list