Re: strange "NOT HIT" messages sometimes

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: strange "NOT HIT" messages sometimes
From:	Wensong Zhang <wensong@xxxxxxxxxxxx>
Date:	Sun, 5 Dec 2004 10:14:53 +0800 (CST)


Hi,

On Thu, 2 Dec 2004, Jakub Suchy wrote:

Hi,
i have setup of one director and two real servers (proxy)
After testing on test server, i managed to move LVS to new server.

After moving, i am in 50% cases getting "proxy server you have configured is
not responding" in firefox and 50% images doesn't load in browser (image = new
request)
I did
echo 10 > debug_level and started watching debug log:

# this is ok
Dec  1 14:07:35 cruzz kernel: IPVS: lookup service: fwm 0 TCP
147.32.127.230:3128 hit

# this is the problem i think
Dec  1 14:07:35 cruzz kernel: IPVS: lookup/in TCP
147.32.121.152:42853->147.32.127.230:3128 not hit

I don't think that the two messages above is for the same packet or inthis order. Usually, after the service lookup hits, a new connection willbe created.

The second message shows that there is no such connection in IPVS for"147.32.121.152:42853->147.32.127.230:3128", which is that connection isnever created before, or its connection has already expired.

Please check your timeout setting for TCP connection in IPVS by "ipvsadm-L --timeout".

-> sometimes, LVS can't match rule for it's settings

my director configuration:
TCP  lvs.sh.cvut.cz:3128 sh
-> cache.sh.cvut.cz:3128        Route   1      0          1
-> cache2.sh.cvut.cz:3128       Route   1      1          6
debian woody stable
keepalived 1.1.7
kernel 2.4.28+grsec level high (lvs already built-in)

eth0:110  Link encap:Ethernet  HWaddr ...
inet addr:147.32.127.230  Bcast:147.32.127.230  Mask:255.255.255.255

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
147.32.127.192  *               255.255.255.192 U     0      0        0 eth0

my realserver configuration (cache2, cache almost the same):
lo:110    Link encap:Local Loopback
         inet addr:147.32.127.230  Mask:255.255.255.255
kernel 2.4.28+grsec level customized

i don't think the problem is in real server, with different director, it worked
fine...

does anybody know anything to do?

Please use some packet capture tool (such as tcpdump/tethereal) to captureall the packet for tcp port 3128 at the your director, in mean whilerecord the connection table by "ipvsadm -Lcn" and debugging messages. Postthese information on the mailing list, we may find what the reason is.


Thanks,

Wensong

<Prev in Thread]	Current Thread	[Next in Thread>
strange "NOT HIT" messages sometimes, Jakub Suchy Re: strange "NOT HIT" messages sometimes, Jakub Suchy Re: strange "NOT HIT" messages sometimes, Jakub Suchy Re: strange "NOT HIT" messages sometimes, Wensong Zhang <= Re: strange "NOT HIT" messages sometimes, Jakub Suchy Re: strange "NOT HIT" messages sometimes, Wensong Zhang

Previous by Date:	Re: [OT] Binding A Second NIC to A Device, Jacob Coby
Next by Date:	Local Load balancing - multiple services per IP, Sergio Freire
Previous by Thread:	Re: strange "NOT HIT" messages sometimes, Jakub Suchy
Next by Thread:	Re: strange "NOT HIT" messages sometimes, Jakub Suchy
Indexes:	[Date] [Thread] [Top] [All Lists]