[lvs-users] IPVS stops tunneling with ipip on SSL traffic causing sessio

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: [lvs-users] IPVS stops tunneling with ipip on SSL traffic causing session failures
From: Phillip Moore <pdm@xxxxxxxxx>
Date: Thu, 27 Aug 2015 23:00:24 -0500
I have IPVS setup with 2 VIPs talking to the same real server
configured for direct server return (ie TUN type).
One vip is port 80 http and one vip is 443 for https/SSL. The SSL vip
doesn't work properly. There is initial communication that happens but
then it appears as though IPVS stops tunneling the incoming packets to
the real server and the connection stalls and times out. If I switch
ports to just verify there is nothing crazy going on with filtering
and I put SSL on port 80 (or any port) it still fails.

I've put the relevant info in a gist in hope it might be helpful and
not clutter up the email.

In various test scenarios we found that the client is having to
retransmit packets after some initial successful back and forth. On
the IPVS node a tcpdump shows that for some reason IPVS stops
forwarding the packets onto the real server over the tunnel. You can
see in the tcpdump IPVS is forwarding things over ipip just fine until
it stops around line 15 in the dump

http traffic doesn't do this at all only SSL.

I'm really puzzled and hope i am missing something obvious. I
appreciate any insights or suggestions.

OS Info:

Linux adc-ipvs-lb2001 2.6.32-504.30.3.el6.x86_64 #1 SMP Tue Jul 14
11:18:03 CDT 2015 x86_64 x86_64 x86_64 GNU/Linux

 /sbin/modinfo ip_vs
srcversion:     6C3CC9C055045FA0ECA1774
depends:        ipv6,libcrc32c
vermagic:       2.6.32-504.30.3.el6.x86_64 SMP mod_unload modversions
parm:           conn_tab_bits:Set connections' hash size (int)

/sbin/modinfo ip_vs_sh
srcversion:     2EAF6C9DD83264246DBA82C
depends:        ip_vs
vermagic:       2.6.32-504.30.3.el6.x86_64 SMP mod_unload modversions


Thank you,
Phillip Moore

Please read the documentation before posting - it's available at: mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to

<Prev in Thread] Current Thread [Next in Thread>