Re: Persistence and source port of connections

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: Persistence and source port of connections
From:	Horms <horms@xxxxxxxxxxxx>
Date:	Tue, 18 Nov 2003 11:35:34 +0900

On Tue, Nov 18, 2003 at 11:18:37AM +1100, Guy Waugh wrote:
> Hi all,
> 
> In my LVS-NAT system (IPVS-1.0.9 + ldirectord), I have an Oracle server on 
> the inside (web-db1) that primarily services the two realservers within the 
> LVS. However, I also have a webserver (www1) on the VIP side of the network 
> whose apache processes make Oracle connections through to the Oracle server 
> on the inside of the LVS. To allow this, I have the Oracle listener service 
> (port 1521) as an LVS service, with persistence set to 25200 seconds (7 
> hours).
> 
> I'm noticing a couple of different types of connections from www1 to the 
> Oracle listener port on the VIP: one with a source port of 0, and one with 
> a random source port, like so (the VIP is 'learn'):
> 
> [root@lvs1 gwaugh]# ipvsadm -Lc
> IPVS connection entries
> pro expire state       source             virtual            destination
> TCP 419:41 NONE        www1:0      learn:1521     web-db1:1521
> TCP 01:38  TIME_WAIT   www1:2509 learn:1521  web-db1:1521
> TCP 01:43  TIME_WAIT   www1:2560 learn:1521  web-db1:1521
> 
> Connections with a source port of 0 take on the persistence of 25200 
> seconds (as I have specified in ldirectord.cf), but connections out of a 
> non-zero source port take on a persistence of 15 minutes (900 seconds). I 
> see from 
> http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO.persistent_connection.html
>  
> that:
>    * For LVS persistence, the client is recognised by its IP (CIP) or in 
> recent versions of ip_vs, by CIP:dst_port (i.e. by the CIP and the port 
> being forwarded by the LVS). If only the CIP is used to schedule 
> persistence, then the entries in the output of ipvsadm will be of the form 
> VIP:0 (i.e. with port=0), otherwise the output of ipvsadm will be of the 
> form VIP:port.
> Can anyone tell me why I get both types of connections (source port 0 and 
> source port non-zero)? Perhaps the 'source port 0' connection is some sort 
> of 'master' connection, and the 'source port non-zero' connections are some 
> sort of 'slave' connections?
> 
> What I'm really wondering is if it is possible to effectively make the 
> persistence for this connection infinite? Perhaps I shouldn't use LVS to do 
> this, but should use iptables instead...?
> 
> The problem underlying all this is that some apache processes on www1 seem 
> to lose their Oracle connection over time, so any client hitting www1 who 
> happens to get serviced by an apache process that has lost its Oracle 
> connection gets Oracle connection errors all over the page. I see from 
> http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO.services.single-port.html#tcpip_idle_timeout
>  
> that one can set TCP idle timeouts for connections with ipvsadm - perhaps 
> this is what I should be doing?

Hi,

I think that you are confused between the concept of persistance and
connection-timeouts. Persistance effects which real server LVS will
choose for new connections. If persistance is in effect and the
persistant-timeout has not expired then the same real server will
be used for subsequent connections from the same CIP. But in
your case you only have one real server so persistance is a moot point.

You are correct in asserting that the CIP:0 entry you see
is a master entry. Actually in the code it is refered to as a template.
When a new connection comes in LVS looks for VIP:Vport+CIP:0. If it is present
then it will use the attached RIP:Rport. If not it just chooses
one of the available real servers as per the scheduling algorithm 
that is in effect. But again this is a moot point, as you only have
one real server.

The CIP:0 entry does not acctually represent
a connection at all. Just a template for creating new connections. Its
timeout should be set to the persistance-timeout each time the template
is used to create a new connection. 

The other entries are the connections themselves. Their timeouts
are set by the various timeouts that can be manipulated through
/proc/sys/net/ipv4/vs/timeout_*. This is where the value of
900 seconds comes from. __It has nothing to do with persistancy__

As per the HOWTO entry you listed above, some of these values can 
also be manipulated using ipvsadm --set

-- 
Horms

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Using LVS for servers on same subnet with real serverslistening ondifferent ports, (continued) Re: Using LVS for servers on same subnet with real serverslistening ondifferent ports, Bruno Vincent Re: Using LVS for servers on same subnet with real serverslistening on different ports, Horms LVS-NAT, Salah Abdulla Re: LVS-NAT, 崔涛 Re: LVS-NAT, Salah Abdulla LVS & MAC ADDRESS ISSUES, Alex Tsalik Re: LVS & MAC ADDRESS ISSUES, Joseph Mack Re: LVS & MAC ADDRESS ISSUES, tsalik Re: LVS & MAC ADDRESS ISSUES, Joseph Mack Persistence and source port of connections, Guy Waugh Re: Persistence and source port of connections, Horms <= Re: Persistence and source port of connections, Guy Waugh Re: Persistence and source port of connections, Horms Re: LVS & MAC ADDRESS ISSUES, Horms RE: LVS & MAC ADDRESS ISSUES, Alex Tsalik LVA-NAT, Salah Abdulla Re: LVA-NAT, Horms Re: LVA-NAT, Joseph Mack Re: LVS-NAT, Horms

Previous by Date:	Persistence and source port of connections, Guy Waugh
Next by Date:	Re: LVS & MAC ADDRESS ISSUES, Horms
Previous by Thread:	Persistence and source port of connections, Guy Waugh
Next by Thread:	Re: Persistence and source port of connections, Guy Waugh
Indexes:	[Date] [Thread] [Top] [All Lists]