LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: Director not sending icmp unreachable to expired clients

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Director not sending icmp unreachable to expired clients
Cc: Horms <horms@xxxxxxxxxxxx>
Cc: Julian Anastasov <ja@xxxxxx>
From: Joseph Mack NA3T <jmack@xxxxxxxx>
Date: Fri, 19 Jan 2007 14:55:29 -0800 (PST)
On Fri, 19 Jan 2007, Janusz Krzysztofik wrote:

Hi,

I am using LVS director with no VIP for load balancing ipsec servers accessed by NATed clients (udp 500/4500, fwmark method). When I remove a relaserver (ipvsadm -d ...), its clients are not notified after their connections expire.

hmm, expire == timeout?

does the client get a new realserver? Why does the client need to know that the old realserver is no longer there?

I suspect that icmp responses are simply not generated on the director as they sholud be -

possibly. The icmp code was written before anyone thought of VIP-less directors.



I can not see them with tcpdump nor trace them with iptables rules. I could not find any piece of code in the IPVS sources (linux 2.6.18) that would generate such error responses. Are these icmp messages supposed to be generated by other means?

Well there used to be icmp error handling code there.

If so, could it be that a director with no VIP is not able to respond?

Horms, Julian

any ideas?

Thanks Joe

--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!

<Prev in Thread] Current Thread [Next in Thread>