LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

[lvs-users] FIN_WAIT connection on DSR mode.

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: [lvs-users] FIN_WAIT connection on DSR mode.
From: taqu <taqumd@xxxxxxxxx>
Date: Thu, 14 Aug 2008 15:23:50 +0900
Hi,

Sorry , I noticed big mistake in last mail I sent 'TIME_WAIT
connection on DSR mode.'
All ''TIME_WAIT' should be replaced to 'FIN_WAIT' !!
So, I changed Subject and re-send question.

I have a question about TCP FIN_WAIT connection for ipvs DSR mode.
In DSR topology, 'ipvsadm -L -c' show multiple FIN_WAIT entry in
connection table.

[root@lvs1 ~]# ipvsadm -L -c
IPVS connection entries
pro expire state       source             virtual            destination
TCP 01:51  FIN_WAIT    10.0.0.1:60121     172.16.1.200:http  lvs2:http
TCP 01:43  FIN_WAIT    10.0.0.1:59701     172.16.1.200:http  lvs2:http
TCP 01:48  FIN_WAIT    10.0.0.1:59991     172.16.1.200:http  lvs2:http
TCP 01:52  FIN_WAIT    10.0.0.1:60193     172.16.1.200:http  lvs2:http
TCP 01:49  FIN_WAIT    10.0.0.1:60043     172.16.1.200:http  lvs2:http
TCP 01:42  FIN_WAIT    10.0.0.1:59652     172.16.1.200:http  lvs2:http
TCP 01:44  FIN_WAIT    10.0.0.1:59742     172.16.1.200:http  lvs2:http
TCP 01:52  FIN_WAIT    10.0.0.1:tfido     172.16.1.200:http  lvs2:http

I think this is normal behavior because LVS can see only one-direction
packets, from client
 to VIP of LVS.
My question is,
 1. Is my understanding is correct?(which means a lot of FIN_WAIT on
DSR topology is normal)
 2. How do I know the amount of resources consumed by FIN_WAIT connection.
    Is there any guidline to tweak this?
       example)One FIN_WAIT conn consume N byte of memory so "CPS x
tcpfin timeout x N" bytes
               of memory is always consumed, and can make it small by
"ipvsadm --set" command.


-----------------
# Topology
-----------------
.n is the 4th octet of the IP address.


           ( Client )
            .1|
              |
      --- 10.0.0.0/24----
              |
          .254|
           ( L3 Cisco3750 )
          .254|
              |
      --- 172.16.1.0/24---
         |             |
       .1|           .2|
     ( LVS DR )     ( Web )
 VIP:172.16.1.200:80

-----------------
# Routing Table
-----------------
 Client: default via 10.0.0.254
 LVS DR: default via 172.16.1.254
 Web   : default via 172.16.1.254
 L3    : 172.16.1.200 via 172.16.1.1

-----------------
# LVS setting
-----------------
* keepalived.conf
virtual_server 172.16.1.200 80 {
  delay_loop   3
  lb_algo wrr
  lb_kind DR
  protocol     TCP

  virtualhost  example.org
  real_server  172.16.1.2 80 {
    weight 5
    TCP_CHECK {
      connect_timeout 10
    }
  }
}

* by adding ip to lo, vip address is injected local routing table
ip addr add  172.16.1.200/32 dev lo scope host

-----------------
# Web setting
-----------------
* sysctl.conf to avoid respoinding against arp req to vip
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.eth0.arp_announce = 2

* dding ip to lo so that web can accept connection distined to vip
ip addr add  172.16.1.200/32 dev lo scope host
------------------------------------------------------------
Taku


<Prev in Thread] Current Thread [Next in Thread>