|
Janno de Wit wrote:
> /proc/sys/net/ipv4/vs# ipvsadm --list -n
> IP Virtual Server version 1.2.0 (size=32768)
> Prot LocalAddress:Port Scheduler Flags
> -> RemoteAddress:Port Forward Weight ActiveConn InActConn
> TCP 212.xx.xx.xx:8080 rr persistent 360
> -> 10.0.0.21:8080 Tunnel 50 2521 18336
> -> 10.0.0.20:8080 Tunnel 50 2549 17606
>
> It's working fine, but i got some messages from our servicedesk saying
> there are problems with long-term connecties especcially like
> HTTPS-CONNECTS.
> Problem is, I cannot reproduce the problem for know, at home I can't
> reproduce, at work I can't reproduce too...
LVS assumes all realservers (here your squids) have identical content
and it doesn't matter which realserver you get the content from.
This assumption fails for https, when people use persistence normally
(I don't think you should be squid'ing https, just let it through)
and for squids, which in an LVS will develope different content.
There is a scheduler designed for squids (see the HOWTO), but some
people finds that it doesn't work well and use the original scheduler.
I don't know what the problem is.
> Other clients had problems with logging in to sites, some people now
> set their proxy directly to one of the realservers and problems are
> over...
they shouldn't know about a proxy. They should be sending to whatever:80
and you should rewrite it to 3128 on the way out and then back to 80 on the
way back in.
> (they had troubles logging in to hotmail, Dutch MediaMarkt (to
> upload foto's for print service, see www.mediamarkt.nl -> foto print
> service)). There are other people complaining about Windows Update not
> want to start (searching for updates ................. and are then
> terminating with errorcode xxx and: try again later). At the same time,
> same realserver, i do not have problems.
hmm, these are all stateful uses of http, something that wasn't part of
the original design of http. I think you're going to have to use persistence
or fwmarks with persistence.
> No there are still questions:
> - Can this be the MTU (both on WAN and LAN: 1500 bytes, at LB and
> Realservers)? What is MTU's impact on LVS-TUN (maybe ip-encap?)?
MTU and LVS-Tun are written up in the HOWTO. I don't think it's a solved
problem.
> - Why is the InActConn so high?
If the server drops the tcpip connection after servicing the request
-ie you've got your gif and there's no http sesssion persistence, then
the activeconn for that connection is 0, while the inactconn is 1
until the end of TIME_WAIT.
So for http without netscape style persistence (not lvs persistence)
the Inactconn will be high and the Act conn 0.
> When I restart the load balancer,
> everything is zeroed. Then within no-time inactconn is filled, and then
> establishing at around 18000.
you've reached equilibrium. If TIME_WAIT=90secs, you're getting 18000/90
hits/sec.
> - What's the impact of size=32768. Is it high enough for my setup?
read the HOWTO. Don't mess with it unless you really know what you're doing.
> - How can I see if connectiontable is full? `dmesg` gives no output.
hmm, don't know. probably you can get it with ipvsadm.
Joe
--
Joseph Mack PhD, High Performance Computing & Scientific Visualization
LMIT, Supporting the EPA Research Triangle Park, NC 919-541-0007
Federal Contact - John B. Smith 919-541-1087 - smith.johnb@xxxxxxx
|
