|
On Fri, Aug 01, 2008 at 09:17:29AM -0700, Joseph Mack NA3T wrote:
> On Fri, 1 Aug 2008, Marco Lorig wrote:
>
>>> With the tunnel in place, can you initiate an outbound SSH connection
>>> from the realserver to the client machine? Are you absolutely sure
>>> that the path this will follow the same route as the data from the
>>> realserver under normal conditions?
>>>
>>> I have a sneaking feeling that the realserver is sending packets of
>>> 1460 bytes (ethernet MTU less L2 framing) but the "secondary"
>>> director, ie. the tunnel endpoint at the realserver's end, is
>>> dropping them because they don't fit inside the tunnel.
>>
>> I do a scp both times only from the client to the server:
>>
>> client:# scp file root@IPVSADM-address:/tmp/
>>
>> This works. The client sends the first packets with a mtu which doesn´t
>> fit into the tunnel and recieves ICMP UNREACHABLE Need to fragment.
>>
>> client:# scp root@IPVSADM-address:/tmp/file .
>>
>> This doesn´t work. The Realserver tries to send packets which doesn´t
>> fit into the tunnel but DOES NOT receive any ICMP packet.
The asymmetry of this seems quite bizarre.
I did spend some time trying to reproduce this problem
using 2.6.27-rc1 with no success (by which I mean pmtu worked
fine and I did not see the problem you see). Are you still using the
etch kernel?
My testing involved setting the ttl on the tunnel (to 64 from memory)
and not using nopmtudisc.
I will try again with something much closer to the setting that
you posted in a different message[1]
[1] http://archive.linuxvirtualserver.org/html/lvs-users/2008-07/msg00110.html
--
Horms
|
