|
Hi,
# ipvsadm -L -n
IP Virtual Server version 1.0.10 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP <VIP>:80 wrr persistent 600
-> 192.168.2.11:80 Masq 1 0 0
-> 192.168.2.12:80 Masq 1 0 0
When i stop Apache processes on my WWWs, i have :
# ipvsadm -L -n
IP Virtual Server version 1.0.10 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP <VIP>:80 wrr persistent 600
-> 127.0.0.1:80 Local 1 0 0
OK. But when i trie to connect to telnet VIP 80 i can see with tcpdump :
# tcpdump -i eth0 -p port 80
tcpdump: listening on eth0
13:40:54.671693 <client IP>.10347 > <VIP>.http: S 481718195:481718195(0)
win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp
1984096830 0> (DF) [tos 0x10]
13:40:54.671751 <VIP>.http > <client IP>.10347: R 0:0(0) ack 481718196
win 0 (DF) [tos 0x10]
This must be from the persistent service template entry which is
lingering despite the fact that the dest service is unavailable.
Who send this TCP reset ?
According to your [edited] tcpdump snippet, I would suggest the
director. It's not yet clear to me why it sends a RST/ACK ... but OTOH
it's morning too.
Do i forget some config on network management in the kernel ?
Well, yes and no; could you please check the output of ipvsadm -Lnc
_after_ you've stopped both apache processes and _after_ your local
service of last resort (127.0.0.1:80) has been set up by ldirectord?
If there are still entries in there, the director will try to forward
them to those RS but of course they are down. This is then announced to
you nicely with a RST/... .
If this is the case (ipvsadm -Lnc still has entries) then you should
flush the persistent template entries by setting the expire_nodest_conn
sysctl variable, which btw should be in the man page of ipvsadm.8 :)
Best regards,
Roberto Nibali, ratz
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc
|
