LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] SYN spiraling between master and slave IPVS balancers

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] SYN spiraling between master and slave IPVS balancers
From: Jan-Aage Frydenbø-Bruvoll <jan@xxxxxxxxxxxxxxxxxxxx>
Date: Wed, 6 Feb 2013 10:54:38 +0000
Dear Graeme,

On 6 February 2013 10:34, Graeme Fowler <graeme@xxxxxxxxxxx> wrote:

> My solution to this was to use the iptables MARK module to apply an
> fwmark value to incoming traffic on the directors which is NOT from the
> MAC address of the other director(s) in the system, and then setup the
> LVS using the ipvsadm -f parameter to match those packets.
>
> This way the incoming packets from the upstream router are marked, but
> those being sent from the other director are not. In turn, those from
> the upstream router are then handled using LVS; those from the other
> director are not.
>

We have this in place already, and in our case it does not work. It seems
we have spurious packets somewhere in the system that trigger the packet
flood. Note - the flood does not escalate - it just keeps bouncing the same
packet back and forth, and at some stage that ping-ponging also stops.

I am wondering whether in our case this is related to the bridge set-up,
however I have not been able to find out how to track this down yet.

Best regards
Jan
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread] Current Thread [Next in Thread>