|
On Mon, 2006-02-06 at 14:02 +0700, Somsak Sriprayoonsakul wrote:
> The problem has been solved. It's something related to iptables.
> Stopping iptables on director and the connection rate goes from 200 to
> Nx2000, where N is the number of real server. After that, I tried to
> figure out which iptables rules conflict with ipvs and found that it's
> default argument generated from system-config-securitylevel that cause
> this. Replace "-m state --state NEW -m tcp -p tcp --dport 80" with just
> "-m tcp -p tcp --dport 80" make everything works perfectly.
That's because in DR mode the connection state as seen by the director
never reaches ESTABLISHED - in the majority of cases, the packets
returning from realserver to client do not go via the director.
Your new rule ignores the connection state and simply processes packets
destined for port 80 regardless. This is what you want, as you've seen.
Graeme
|
