Hello, conntrack=1 allows the IPVS traffic to be under netfilter control, such as, matching by conntrack state (NEW, ESTABLISHED, RELATED), additional NAT, etc. You do not need netfilter conntracks t
Hi Julian, Thank you very much for such a valuable answer. I'd like to add some more information about my use case. In our system client and load-balancer work on the same server, and remote servers
Hello, It should be this code that leads to delay: if (uses_ct) return NF_DROP; What happens is that we drop SYN packet that hits IPVS connection in TIME_WAIT state if such connection uses Netfilter
Hi Andrew, Thank you for your response. Initially Ive found the issue on another complex network configuration. There was the same 1 second delay. I hope Its the same issue as on 127.0.0.1 network fr
Author: Andrew Smalley <asmalley@xxxxxxxxxxxxxxxx>
Date: Wed, 24 Jan 2018 22:11:16 +0000
Hello Sergey I had a quick look at your configuration and the first thing that comes to mind is can you do this on a single host? First what I see is you are in SYN_RECV as shown below. this means yo
Hi all, I encountered an issue with IPVS load balancing in case of short-lived connections. I've seen it in masqurading mode on CentOS 7 (kernel 3.10.0-693.11.6) and CoreOS 1235.12.0 (4.7.3-coreos-r3