Re: [lvs-users] LVS/keepalived dropping client's packets after sending s

To: lvs-users <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] LVS/keepalived dropping client's packets after sending server's FIN
From: Israel Hsu <israelhsu@xxxxxxxxx>
Date: Wed, 4 May 2011 23:54:06 -0700
A colleague of mine discovered the problem, and I'm posting here so
anyone with the same problem can see the workaround.

On Mon, Apr 25, 2011 at 5:21 PM, Israel Hsu <israelhsu@xxxxxxxxx> wrote:
> I'm having a problem with TCP connections not being properly closed.
> I'm setting up a simple LVS director using keepalived.
> Director and server are running Linux
> Director is running keepalived 1.2.2.
> Firewall is stopped on all three computers.
> There are three computers: one client, one director, and one HTTP
> server. I am using LVS-NAT.
> ...
> So, you can see that the client never acknowledges data3,F with a
> FINACK. Now you may say this is a problem with the client, but the
> client is just "telnet server 80". The output at the client is the
> HTTP page requested up to and not including the data3 packet.

One detail I neglected to mention because I thought it had no impact
was that my directors and real servers were all running as PV virtual
machines under the Xen hypervisor.

Apparently, there is a bug in Xen's virtual devices that affects TCP
checksum offloading, causing the symptom I was seeing.

The workaround is to disable TCP checksum offloading on the servers:

ethtool -K eth0 tx off

Connections close properly now!

Now my connections are closing properly.

Please read the documentation before posting - it's available at: mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to

<Prev in Thread] Current Thread [Next in Thread>
  • Re: [lvs-users] LVS/keepalived dropping client's packets after sending server's FIN, Israel Hsu <=