Re: LVS Timeouts

To:	lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject:	Re: LVS Timeouts
From:	"Jesse W. Asher" <jasher1@xxxxxxxxxxxxxxx>
Date:	Mon, 08 Oct 2001 18:25:26 -0400

This discussion was focusing on using ipchains, but how about iptables? How do you deal with these kinds of issues (timeouts) when using iptables?

Wayne wrote:

If you have unlimited resources, then you will be able to
configure infinite timeout.  Each connection takes a little
bit of memory.  We found at 10 hours, that is already
stretching -- all the connections in last 10 hours taking
quite bit of memory.   Since no one can have unlimited
resources in one computer, I don't think infinite timeout
can be done easily.

At 02:22 PM 10/5/2001 -0700, Michael McConnell wrote:

How about an Infinite timeout?


----- Original Message -----
From: "Wayne" <wayne@xxxxxxxxxxxxxxx>
To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>; <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Cc: <kodland@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sent: Friday, October 05, 2001 9:28 AM
Subject: Re: LVS Timeouts

Julian had posted answer about two years ago:

to alter this timeout value to something > 8 hours to avoid flak

from

users.

On the director:

ipchains -M -S 36000 0 0

36000 is 10 hours TCP timeout. man ipchains. You can try
with different value.

At 12:19 PM 10/5/2001 -0400, mack@xxxxxxxxxxxx wrote:

On Fri, 5 Oct 2001, Kris Odland wrote:

Here's whats going on.  We are using LVS for load balancing imap

servers,

we have the tunneling option set up so the individual servers reply to
the client.

I don't have an answer, but I do have some more questions..

I assume all the imap realservers are writing to one common filesystem?

We are seeing a problem if you have your email client set up to copy
sent messages to a "Sent" folder on the imap server.  The client opens
a seperate connection to the imap server for the sent folder.

Is this to the same VIP:port as the first connection?

If it's different, you could be connecting to a different realserver
than for the first imap connection. Is this a problem?

 The

problem is if you are typing a message and you have it open for a while
(20 or 30 minutes) the imap connection for the sent folder is timed

out.

It tries sending it through the old connection (port) and gets "Port
Unreachable" error from the imap server (not the LVS server) when it

tries

copying the message to sent mail.  It will re-open the connection after

bit, but not when it is trying to to the sent mail thing.

The tcp connection through the director will be dropped in about 15mins
(depending on your kernel).

http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO-11.html#ss11.

It seems that after 30 minutes the imap server sends a "BYE" message
because it has been idle too long, and it does an autologout for the
corresponding folder.  This should be followed by a FIN, and then ACK

from

the client.  In this case the ACK is not making it to the server, but
being rejected with "Port Unreachable" messages, so the server keeps on
trying to close the connection.

I would assume this is because the director has already dropped the link
(look at the output of ipvsadm if you can do it with a machine and only
one connection and you can sit around and wait - you could reduce the
tcp timeout as listed above to speed things up a bit).


Joe

--
Joseph Mack, mack@xxxxxxxxxxxx
Linux Virtual Server project
http://www.linuxvirtualserver.org


_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@LinuxV
irtualServer.org
or go to http://www.in-addr.de/mailman/listinfo/lvs-users


_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users


_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users



_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users

-- 
Jesse W. Asher
Virtual Avalon, Inc.

"Security is mostly a superstition.  It does not exist in nature...  Life
is either a daring adventure or it is nothing."  - Helen Keller

<Prev in Thread]	Current Thread	[Next in Thread>
LVS Timeouts, Kris Odland Re: LVS Timeouts, mack@xxxxxxxxxxxx Re: LVS Timeouts, Kris Odland Re: LVS Timeouts, Michael E Brown Re: LVS Timeouts, Joseph Mack Message not available Re: LVS Timeouts, Wayne Re: LVS Timeouts, Michael McConnell Re: LVS Timeouts, Wayne Re: LVS Timeouts, Michael McConnell Re: LVS Timeouts, Jesse W. Asher <=

Previous by Date:	Re: Reseting / Clearing MASQ Table, Michael McConnell
Next by Date:	Re: Reseting / Clearing MASQ Table, Julian Anastasov
Previous by Thread:	Re: LVS Timeouts, Michael McConnell
Next by Thread:	about Persistent connection, charles huang
Indexes:	[Date] [Thread] [Top] [All Lists]