|
Hi Julian,
Comments below:
>> I am experiencing a problem using LVS behind a CheckPoint firewall.
>>
>> It seems as though several packets are dropped by the
>firewall as a result of being "out of sequence" When I ask the
>firewall administrator what the problem is, he tells me that he
>can't be sure, but he has seen this problem before when he has had
>other load balancers using a Virtual IP (eth0:0) to balance
>incoming packets.
>>
>> So... with that being said, I have to admit I am a little
>skeptical of this assumption that just because I am using a
>Virtual IP, TCP packets are getting out of sync... however, with
>that being said, the firewall administrator seems to be pretty
>savvy when it comes to TCP, where as I am hardly TCP savvy, so I
>pose the question to the group... Has anyone seen anything similar
>to this problem? and if so, what was done to correct it?
>
> LVS does not change the order of packets. The sequence numbers
>are not changes (except for FTP may be). There are no checks that will
>restrict packets based on sequence numbers. Which LVS?
I don't believe it has to do with LVS changing the order of the packets? It
just seems that when an endpoint (some machine outside the firewall) sends a
request to my LVS IP, the majority of the packets are being dropped at the
firewall as a result of TCP out of sequence. I don't see how this can be
related to the LVS at all, but the firewall administrator has said he has seen
something simliar to this before with a different load balnacer (I can't
remember the name... but I will find out)
Rob.
>
>> Regards,
>> Rob.
>
>
>Regards
>
>--
>Julian Anastasov <ja@xxxxxx>
>
>
>_______________________________________________
>LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>
|
