|
On Tue, 3 May 2005, Francois JEANMOUGIN wrote:
>
> Mark de Vries:
>
> > No... I'm using gatewaying/direct-routing, see the '-g' in the script.
>
> Sorry, I'm sick not completely awake. Anyway.
>
> > That thread talks about 'ip_dst_cache' groowing.. in my case it is clearly
> > 'ip_vs_conn' that's growing. And also ip_conntrac is not used on the
> > box...
>
> What are the states of the connections in the table (ipvsadm -Lcn)? Did you
> try to reduce some of the timeouts IPVS is using to deduce the state of a
Most are 'UDP' (the state)... I'm balancing DNS remember :)
> connection? In DR mode, IPVS only sees incoming packets, so, it has only one
> information abour connection state. I use the following timeouts:
>
> et.ipv4.vs.secure_tcp = 3
> net.ipv4.vs.timeout_finwait = 2
These are not for UDP...
I did try "ipvsadm --set 0 0 10". Most 'connections' will only ever see
one packet... so the entries can be expired almost right away.
What I (still) don't understand is that when looking at the connections I
see the timer count down from 59 to 0... (shouldn't that be from 10..
considering the command I '--set 0 0 10' ) And then instead of the entry
disapearing the counter starts at 59 again... Is that normal?? Is is
(related to) the problem?
Regards,
Mark.
|
