|
On Tue, 19 Oct 2004, Graeme Fowler wrote:
> On Thu, 14 Oct 2004, Horms wrote:
> > You should get a "not hit" for all packets that come through the
> > box that are not related to LVS, and a "hit" for all packets that are.
> > If you think that packets are getting "not hit" when they should get
> > "hit" then try looking at ipvsadm -Lcn, this should give you a dump
> > of the connections that LVS is trying to match incoming packets against.
I've worked around the issue by setting an explicit netfiler ruleset to catch
"rogue" packets and map them to their corresponding VIP where at all possible.
Due to the fairly complex nature of the clusters involved this isn't always
the case, sadly (some VIPs share real servers in a strange sort of way!).
This has helped, but it isn't what I want to have to do long term...
I read a similar report in the archives from last year and the workaround was
the same. That one didn't get a fix, either.
Graeme
|
