RE: why does my lvs/dr director stop at 65k connections?

[Matthijs van der Klip <matthijs.van.der.klip@xxxxxx>]

On Sun, 11 Nov 2001, Julian Anastasov wrote:
>> - I have a custom hit tester (run from an Origin 200) which can generate
>> between 3000 and 3500 hits/connections per second.
>
>       You are missing one reason for this problem: the fact that
> your client(s) create connections from limited number of addresses
> and ports. Try to answer yourself from how many different client
> saddr/sport pairs you hit the LVS cluster. IMO, you reach this
> limit. I'm not sure how many test client hosts you are using. If the
> client host is only one then there is a limit of 65536 TCP ports per
> src IP addr. Each connection has expiration time according to its
> proto state. When the rate is high enough not to allow the old entries
> to expire, you reach a situation where the connections are reused,
> i.e. the connection number showed from ipvsadm -L does not increase.

Hi Julian,

Just 20 minutes ago I realised the same (and slammed my head to the wall :-).
One client just can't create more than 65536 connections to my LVS.

>> The reason I switched from LVS/NAT to LVS/DR was exactly because I hit this
>> limit of 65536 simultaneous connections (which I then believed was to blame
>> the NAT tables).
>>
>> I hope I have explained the situation/problem clear enough. This setup has
>> to be able to handle >3000 hits/s in the near future, so I hope you will be
>> able to help me.
>
>       Use more client hosts. These days one client host can not load a
> director from the same CPU class. You are lucky that the TCP timestamp
> support allows you not to hit the 65536ports/120sec conn/sec limit.

I will be looking for some more 'victims' to use as clients.
Thanks for your help.

Best regards,

Matthijs van der Klip