Re: [lvs-users] IPVS stops tunneling with ipip on SSL traffic causing se

To: Phillip Moore <pdm@xxxxxxxxx>
Subject: Re: [lvs-users] IPVS stops tunneling with ipip on SSL traffic causing session failures
Cc: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
From: Julian Anastasov <ja@xxxxxx>
Date: Sat, 29 Aug 2015 00:15:25 +0300 (EEST)

On Fri, 28 Aug 2015, Phillip Moore wrote:

> Thank you for the suggestion.
> We didn't have the netfilter module loaded at all so I don't think it
> would have having any impact. However I loaded it and set this setting
> and it didn't change the behavior.
> The ip_conntrack_tcp_be_liberal setting wasn't available on our kernel
> version looks like I can't find a module to load to enable that.
> We did find something interesting. If we add additional headers to the
> working http request we can make it fail.
> WORKS: curl -H "X:1"
> FAILS:  curl -H "X:12"
> 190 bytes works, 191 bytes fails with the failure to tunnel problem.

        What is the model/revision of the incoming network device?
Do you have IPVS debugging enabled to check if IPVS works
with these dropped packets? Or they are lost before reaching


Julian Anastasov <ja@xxxxxx>

Please read the documentation before posting - it's available at: mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to

<Prev in Thread] Current Thread [Next in Thread>