"John P . Looney" <john@xxxxxxxxxxxxx> said:
> > > Is there a reason that no one has put some login in the kernel to "try
> > > open the connection, if it's there, then let it through, otherwise go onto
> > > the next one", like Cisco Local Directors do ?
> > That sounds like a kernel space proxy server. Such setup
> > works for NAT mode only?
> Maybe. But is it for ipvs to do this, or should it be done by something
> else ? Is there a reason why ipvs can't/shouldn't do it ? (I was thinking
> of trying to do it myself, and wondered about the best way of starting..)
This depends - if what happens is that the failed node sends back an error
reply (RST or port unreachable), LVS could probably pretty easily set the
weight of the server to 0 automatically, or even completely drop it from the
However, you would still get a single refused connection because the packet
would be send back to the client. Hrm, one could drop the reply packet, and
the client would be reassigned to another real server when it sends the second
SYN packet (because it would just assume that the initial SYN was lost).
This just works with LVS NAT, as we don't see the reply packets from the real
servers in any of the other cases.
However, should the error occur at any later stage than the first packet, the
connection is broken for good, obviously.
If the server doesn't send back a connection refused but silently doesn't
reply (lets say, it was turned off), you will still need external monitoring
(mon, ldirectord) to catch this - however, as nothing was send back to the
client, it would still assume dropped packets and resend, resulting in the
connection succeeding, albeit delayed.
Lars Marowsky-Brée <lmb@xxxxxxx>
Perfection is our goal, excellence will be tolerated. -- J. Yahl