[lvs-users] IPVS adding a 1s delay on connection establishment under moderately high number of TCP req/s
Toni Martí
ppicachu at gmail.com
Thu May 24 12:58:21 BST 2018
Sorry, the last message went accidentally out while being written.
Many thanks Julian.
Really good options you provide me :-)
> There was recent discussion about this 1-second delay.
> May be you will find the needed answers here:
>
> https://marc.info/?t=151683118100004&r=1&w=2
So bascially the proposed solutions are the same as below.
> Basicly, you have 3 options:
>
> - echo 0 > conn_reuse_mode: do not attempt to reschedule on
> port reuse (new SYN hits unexpired conn), just use the same real
> server. This can be bad, we do not select alive server if the
> server used by old connection is not available anymore (weight=0
> or removed).
Already tried this, but has the ugly effect of IPVS not to balancing to newly
added servers to the balanced set under high throughput (and connections
being effectively reused).
> - echo 0 > conntrack: if you do not use rules to match
> conntrack state for the IPVS packets. This is slowest,
> conntracks are created and destroyed for every packet.
Also tried this one, but I think docker (the main IPVS user) is using
ipfilter rules that require conntrack, and TCP connections were not
being established at all.
> - use NOTRACK for IPVS packets: fastest, conntracks are
>not created, less memory is used
So I think this is the only good remaining option.
Rewriting iptables rules (created by docker swarm) so that they don't use
tracking.
So many many thanks again for your help.
I will try 3rd option and come back here with the result.
Regards,
Toni
More information about the lvs-users
mailing list