A colleague of mine discovered the problem, and I'm posting here so
anyone with the same problem can see the workaround.
On Mon, Apr 25, 2011 at 5:21 PM, Israel Hsu <israelhsu@xxxxxxxxx> wrote:
> I'm having a problem with TCP connections not being properly closed.
> I'm setting up a simple LVS director using keepalived.
> Director and server are running Linux 18.104.22.168.
> Director is running keepalived 1.2.2.
> Firewall is stopped on all three computers.
> There are three computers: one client, one director, and one HTTP
> server. I am using LVS-NAT.
> So, you can see that the client never acknowledges data3,F with a
> FINACK. Now you may say this is a problem with the client, but the
> client is just "telnet server 80". The output at the client is the
> HTTP page requested up to and not including the data3 packet.
One detail I neglected to mention because I thought it had no impact
was that my directors and real servers were all running as PV virtual
machines under the Xen hypervisor.
Apparently, there is a bug in Xen's virtual devices that affects TCP
checksum offloading, causing the symptom I was seeing.
The workaround is to disable TCP checksum offloading on the servers:
ethtool -K eth0 tx off
Connections close properly now!
Now my connections are closing properly.
Please read the documentation before posting - it's available at:
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users