Re: [lvs-users] Performance issues and optimization UDP LVS-NAT

To: Marco Lorig <mlorig@xxxxxxx>
Subject: Re: [lvs-users] Performance issues and optimization UDP LVS-NAT
Cc: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
From: Julian Anastasov <ja@xxxxxx>
Date: Tue, 17 Mar 2020 17:02:15 +0200 (EET)

On Tue, 17 Mar 2020, Marco Lorig wrote:

> Am 17.03.2020 um 14:23 schrieb Julian Anastasov:
> >
> >     Yes, when nf_conntrack is used it would be better to
> > set /proc/sys/net/ipv4/vs/conntrack to 1, as reported by different
> > users, for example:
> >
> >
> >
> >     In this case, you have to increase nf_conntrack_max sysctl var
> > to allow the desired number of conntracks to be created.
> >
> Ok, i will give it a try. nf_conntrack_max is set to 262144 (default?).
> I would set it to 1024000. Do you have any recommondation for this
> value? ip_vs_conn shows 18753 entries.

        Make sure nf_conntrack_count does not reach the nf_conntrack_max

> >     Another option is to use NOTRACK to disable nf conntracks just for
> > the IPVS traffic:
> >
> > iptables -t raw -A PREROUTING -p tcp -d VIP --dport VPORT -j CT --notrack
> >
> > For local clients use -A OUTPUT -o lo
> As we do not use any iptables rule or connection tracking (except for
> ipvs) on the loadbalancer, could it be an option for performance
> optimization to disable nf_conntrack (like ip_conntrack in the past) or
> is it essentially needed for proper ipvs functionality?

        If you do not use iptables rules, you can disable it, it is
not needed for the IPVS traffic. Only IP_VS_NFCT, IP_VS_FTP and IP_VS_PE_SIP
depend on it. But as IP_VS_NFCT is not a separate module, may be you have
to compile IPVS without these features.


Julian Anastasov <ja@xxxxxx>

Please read the documentation before posting - it's available at: mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to

<Prev in Thread] Current Thread [Next in Thread>