|
Hi !
Johan van den Berg schrieb:
nigel@xxxxxxxxxxx wrote:
Although, periodically we notice that an incoming request to the
cluster hangs forever. Has anyone else experienced this? Is it LVS
related? But this is a relatively small problem.
We solved this issue now by switching back to a 2.4.29 Kernel, no more
troubles since this change.
I can send a link to our kernel config if this is of interest.
We have the exact same issue with NAT. We've pinpointed it to packets
that are being rerouted back from the real server to the client
incorrectly. When a packet arrives at the director, it stores a
connection entry in ipvs, rewrites the packet and sends it on towards a
real server. When the real server responds, the director is supposed to
do a lookup in the ipvs connection table, and rewrite and forward the
packet to the client to whom the connection exists. This works most of
the time...
Sometimes though, even though the connection entry is actually in the
connection table on the director, the lookup fails, and the packet falls
through ipvs, and ends up in the normal iptables filter, meaning that,
depending on if you director forwards outbound packets from the real
servers using NAT, or if you are dropping packets from the real servers
not assosciated with ipvs, your packet might end up at the client with
the wrong source ip or not end up there at all (hence the hangs).
To get an idea if this happens, simply do a tcpdump on your director,
looking for the tcp reset flag (see the iptables man page on how to do
this). If you find that a lot of clients are sending you resets, then
most likely the client received a response from a real server with the
wrong ip, and therefore rejects the connection, or, your director is
sending resets to your real servers for connections that fell through ipvs.
See the following list archives for some more info:
http://www.in-addr.de/pipermail/lvs-users/2005-March/013450.html
http://www.in-addr.de/pipermail/lvs-users/2005-February/013315.html
Kind regards
Johan van den Berg
--
mit freundlichen gruessen / with best regards
simon schwendemann
____________________________________________
netmonic - your personal isp
http://netmonic.com/ s.schwendemann@xxxxxxxxxxxx
a-1235 wien, khekgasse 35
fon: +43 1 8698400 - 23
mob: +43 676 849970 45
fax: +43 1 8698400 - 50
icq: 61879866
msn: sschwende@xxxxxxxxxxx
|
