[lvs-users] Reroute SYN packet when it could not be delivered to the backend

kay kay.diam at gmail.com
Thu Apr 12 15:28:42 BST 2018


Hi,

I have a special use case for the Direct Routing (DR) mode.
Is there a possibility to reroute SYN packets, when they can not be
delivered to the backend? It could be easily detected by several SYN
packets being sent.

Here is how you can reproduce this situation:
1) configure ipvs with direct routing for two backends
2) run "while true; do curl vip; sleep 0.1; done" on some remote client
3) run tcpdump on the ipvs host
4) create a DROP iptables rule for the 80th port on the second backend
5) monitor multiple identical SYN requests on the ipvs host
6) monitor multiple identical SYN requests on the ipvs host, even when
you remove failed backend

My assumption was, that ipvs should redirect SYN packets, since there
is no established connection yet. Did I miss something?

I'd appreciate any help.

Regards



More information about the lvs-users mailing list