RE: masquerading table slowdown

To:	Dan <dan@xxxxxxxxxxx>
Subject:	RE: masquerading table slowdown
Cc:	"''lvs-users@xxxxxxxxxxxxxxxxxxxxxx' '" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
From:	Julian Anastasov <uli@xxxxxxxxxxxxxxxxxxxxxx>
Date:	Sat, 6 May 2000 21:19:33 +0300 (EEST)

        Hello Dan,

On Sat, 6 May 2000, Dan wrote:

> Hi Julian:
> 
> This is a proxy server. So the actual number of masqueraded
> connections will be larger than the inbound connnections 
> reported by lvs.

        Well, I can't understand your setup!

> 
> I have seen this under actual client load, although I have
> been inducing it recently with either a server near the cluster
> (100Mps local net) or from a server remotely (dual T1 on the
> remote system - cluster on a 10Mpbs feed). This system has been
> live during these tests, so there is a consistent client load 
> of 120 active connections. The load I'm adding is (at a minimum)
> 200 simultaneous connections for 10000 connections.

        I can't imagine what is your topology. Anyway, this
message is reported when the MASQ box can't allocate free mport
for the internal host (the client). If one client creates large
number of connections through a MASQ box to specific external
service the limit of these connections is 4096 for all internal
hosts. N internal hosts connecting to same external service, with
each connection registered in the MASQ box for min 2 minutes (TIME_WAIT),
the result is 4096/(N*120), i.e. 34/N connections/sec for each of the
internal hosts.

        Please, send me a picture. Where is the normal masquerade
involved and where the LVS. LVS creates normal MASQ entries only
for the FTP service, if I remember correctly. So, the only reason
for this message is when all internal hosts access one external
service.

        Is your setup something like this:


PROXY CLIENTS           WORLD
        \           /
        LVS Director
        /         \
 Proxy1         Proxy7


        The LVS is used to balance the proxy requests but it
is used from the real servers as a masquerade box?

        The problem can occur if the proxy servers create more
than 4096 connections to one external service.

        Are my assumptions near the real situation? The current
limit of the masqueraded connections from the MASQ box to one
external service is 4096 (mport=61000..65095). This is a very
high limit in the real world :)

        I just received your mail about BEGIN..END. Yes,
you can change them but it will be very good if you explain
the connections rates. Do you flood one external service through
the MASQ box? This is very interesting :)


Regards

--
Julian Anastasov <uli@xxxxxxxxxxxxxxxxxxxxxx>

<Prev in Thread]	Current Thread	[Next in Thread>
masquerading table slowdown, Dan Re: masquerading table slowdown, Julian Anastasov RE: masquerading table slowdown, Dan RE: masquerading table slowdown, Julian Anastasov <= RE: masquerading table slowdown, Dan RE: masquerading table slowdown, Julian Anastasov

Previous by Date:	RE: masquerading table slowdown, Dan
Next by Date:	Re: Ultra Monkey Released, Buddy Lee Haystack
Previous by Thread:	RE: masquerading table slowdown, Dan
Next by Thread:	RE: masquerading table slowdown, Dan
Indexes:	[Date] [Thread] [Top] [All Lists]