LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] LVS-DR generates TONS of icmp unreachables

To: Jerry Glomph Black <black@xxxxxxxx>
Subject: Re: [lvs-users] LVS-DR generates TONS of icmp unreachables
Cc: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
From: Julian Anastasov <uli@xxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 20 Jan 2000 11:14:05 +0200 (EET)
        Hi,

On Wed, 19 Jan 2000, Jerry Glomph Black wrote:

> 1. We already tried the specific REDIRECT line as you state below.  same
> ICMP problem.
> 
> 2.  Yes, the web server is running, very busy, in fact, on all the RealServer
> boxes.

        Probably these ICMP packets are generated due to
missing daemon in the real server. In situations where
the RST packet is returned (for TCP), for example if nobody
listens on the server side, the ICMP Port Unreachable error
is returned when the Transparent Proxy support is used.
If your daemon is running fine you are probably under
SYN flood attack.

        Redirecting 0.0.0.0 instead of the VirtualIP is very
good reason the real server to return PORT_UNREACHABLE due to
missing listen() for the destination in the received packet.
You capture packets to any daddr using 0.0.0.0 but probably
your daemon is not listening on 0.0.0.0.

        Or may be there is another reason for this behaviour.

Regards,

Julian Anastasov


----------------------------------------------------------------------
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe, e-mail: lvs-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxx
For additional commands, e-mail: lvs-users-help@xxxxxxxxxxxxxxxxxxxxxx

<Prev in Thread] Current Thread [Next in Thread>