[lvs-users] Best way to collect number of packets dropped by IPVS?

Julian Anastasov ja at ssi.bg
Wed Jun 7 06:48:58 BST 2017


On Wed, 31 May 2017, Qiu Yu wrote:

> Hi,
> I'm wondering what is the best way to see / check / collect number of
> packets dropped by IPVS. There're several scenarios, I can think of, when
> packet drop can happen:
> - established connection + destination not available + expire_nodest_conn
> disabled
> - drop_packet defense being triggered
> Either case IPVS is returning NF_DROP verdict to Netfilter framework. But
> no metrics is being collected by IPVS. I'm wondering what is the best
> approach to gain some visibility to how many packets being dropped by IPVS
> (either for troubleshooting or monitoring purpose).
> Has anyone done this before? Any feedback is appreciated.

	I'm not aware of any existing solutions. May be based on
other examples in kernel we can add per-CPU mib structure
in our struct netns_ipvs, shown in new file /proc/net/ip_vs_snmp ?

grep -r SNMP include/net/ net/


Julian Anastasov <ja at ssi.bg>

