|
On Wed, 2004-08-11 at 20:15, Horms wrote:
> On Wed, Aug 11, 2004 at 10:28:15AM -0400, Brett Simpson wrote:
> > I have an LVS director that uses wrr with 3600 of persistence for two
> > real servers. I noticed that connections going through a firewall from
> > my internal network tend to get locked into one of my real servers but
> > usually doesn't go to the other real server unless all of the
> > connections have expired to the first real server.
>
> Are all the connections coming from the same source IP address?
> If so that would explain this behaviour.
Yes. They are coming from behind my firewall from a masqueraded internal
network to my DMZ.
> >
> > >From what I understood with LVS is it's support to use the source IP
> > >for persistence but I wasn't sure if it also used a source port.
>
> The source IP address is used, but the source port is not.
> This is because suscessive connections from the same host will
> almost certainly have a different ephemereal source port.
>
> There is no parameter in LVS to change this behaviour.
> Though off the top of my head it would seem like a simple
> hack to alter this if you needed to for some reason.
This would definately be useful.
Thanks,
Brett
|
