[lvs-users] Reroute SYN packet when it could not be delivered to the backend

kay kay.diam at gmail.com
Fri Apr 13 13:13:31 BST 2018

Hi Graeme,

Actually this issue occurred within Keepalived with `per second` loop
delay_loop and 1 second TCP verification check, but since it uses IPVS
under the hood, I sent the question into this mail list.

What I found so far, is `secure_tcp` sysctl option:
I was hoping that it will help to reroute the SYN packet to the
different backend, but it doesn't happen.


On Fri, Apr 13, 2018 at 1:34 PM, Graeme Fowler <graeme at graemef.net> wrote:
> On 13 Apr 2018, at 10:45, kay <kay.diam at gmail.com> wrote:
>> I have a special use case for the Direct Routing (DR) mode.
>> Is there a possibility to reroute SYN packets, when they can not be
>> delivered to the backend? It could be easily detected by several SYN
>> packets being sent.
> Repeating the earlier answer:
> You need an extra application to do this. There are several, but I’d suggest you look at keepalived as a first option.
> There was much discussion many years ago (20 or so) about putting realserver/backend monitoring into IPVS, but it was felt at the time that this wasn’t a kernel function and should be handled by a userspace application. That still applies today.
> Graeme
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
> LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> Send requests to lvs-users-request at LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users

More information about the lvs-users mailing list