Re: [lvs-users] IPVS adding a 1s delay on connection establishment under

To: Julian Anastasov <ja@xxxxxx>
Subject: Re: [lvs-users] IPVS adding a 1s delay on connection establishment under moderately high number of TCP req/s
Cc: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
From: Toni Martí <ppicachu@xxxxxxxxx>
Date: Thu, 24 May 2018 13:58:21 +0200
Sorry,  the last message went accidentally out while being written.

Many thanks Julian.

Really good options you provide me :-)

>         There was recent discussion about this 1-second delay.
> May be you will find the needed answers here:

So bascially the proposed solutions are the same as below.

>         Basicly, you have 3 options:
> - echo 0 > conn_reuse_mode: do not attempt to reschedule on
> port reuse (new SYN hits unexpired conn), just use the same real
> server. This can be bad, we do not select alive server if the
> server used by old connection is not available anymore (weight=0
> or removed).

Already tried this, but has the ugly effect of IPVS not to balancing to newly
added servers to the balanced set under high throughput (and connections
being effectively reused).

> - echo 0 > conntrack: if you do not use rules to match
> conntrack state for the IPVS packets. This is slowest,
> conntracks are created and destroyed for every packet.

Also tried this one, but I think docker (the main IPVS user) is using
ipfilter rules that require conntrack, and TCP connections were not
being established at all.

> - use NOTRACK for IPVS packets: fastest, conntracks are
 >not created, less memory is used

So I think this is the only good remaining option.

Rewriting iptables rules (created by docker swarm) so that they don't use

So many many thanks again for your help.

I will try 3rd option and come back here with the result.


Please read the documentation before posting - it's available at: mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to

<Prev in Thread] Current Thread [Next in Thread>