LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] ipvsadm and packets leaving a gre tunnel

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] ipvsadm and packets leaving a gre tunnel
From: Joseph Mack NA3T <jmack@xxxxxxxx>
Date: Sun, 3 Aug 2008 18:28:15 -0700 (PDT)

On Sun, 3 Aug 2008, Marco Lorig wrote:

From:  Joseph Mack NA3T
we may have talked about this before but have you tried setting the mtu on the realserver's NIC? You only need set it for the route RIP:22->0/0, but setting it (or mss) for the nic will at least see if this method handles the problem.

This works. Setting up a fixed mtu to the realservers default route (e.g. 1400) fixes the problem. In other words: If the realservers send packets, which are small enough to fit into the gre tunnell, everything works fine.

will this work as a solution?

I can demonstrate this by loggin in from the client to the server via ssh. Itīs possible to login and work with the shell (small tcp packets) but if you do a "ls -la" in /etc for example (causes a tcp packet which is too big for the GRE) the connection freezes.

much simpler test than ssh'ing. Thanks

ip_vs() does its own nat'ing, so using commands from iptables will not help.

I thought this is only for ip_vs: /proc/sys/net/ipv4/vs/nat_icmp_send ?

my mistake
sorry

IMHO the question is, why doesnt the RS receives any ICMP need to frag from director2. In case of an iptables-only connection (SNAT/DNAT) without ipvsadm everything works fine.

either because to be fast, lvs messes with just about everything and breaks all sorts of routing rules and the defrag couldn't be written, or noone bothered to write it in the first place. You're the first person to have this problem, so it hasn't been a pressing coding priority. That doesn't mean it shouldn't have been fixed.

Speed was needed in the old days with 33MHz computers and 10MBps networking. Now with 3GHz computers and internet connections still not much more than 10Mbps, lvs could probably be rewritten to be nice and cooperative and easy to work with, without anyone noticing the decrease in speed. However there is a *BSD equivalent of LVS which plays nicely with the routing rules, but comments here have said that it's too slow to use. So maybe it isn't possible to rewrite lvs and have it behave nicely and be fast enough at the same time.

Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!




<Prev in Thread] Current Thread [Next in Thread>