Re: Realserver failover problem using ssl and tomcat

To: "lvs-users" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>, "Horms" <horms@xxxxxxxxxxxx>
Subject: Re: Realserver failover problem using ssl and tomcat
From: "Jason Downing" <jasondowning@xxxxxxxxxxxxxxxx>
Date: Wed, 28 Jun 2006 16:41:29 +1000
I'm talking about existing connections. I'm pretty sure new connections are absolutely fine, but I will test this to make sure, thanks for reminding me. I am not using persistence (although I have tried it and results were the same).

I will try a 2.6 kernel and let you know the results. It will take me a while to do because my previous limited experience of changing kernels has always resulted in considerable head scratching....

I also have found out that there is a 60 second timeout in tomcat cluster to declare a node dead. I am currently checking to see how to change this to 2 seconds.

Thanks very much, Jason

----- Original Message ----- From: "Horms" <horms@xxxxxxxxxxxx>
To: "Jason Downing" <jasondowning@xxxxxxxxxxxxxxxx>
Sent: Wednesday, June 28, 2006 4:15 PM
Subject: Re: Realserver failover problem using ssl and tomcat

On Wed, Jun 28, 2006 at 02:35:56PM +1000, Jason Downing wrote:
Hi Horms,

Thanks very much for your response. The timeout would be either
checktimeout or negotiatetimeout, at least there aren't any others on the
ldirectord man page. I have these set to 3 seconds each.

Also I can see ldirectord (running in debug mode) issue the ipvsadm
commands to remove the realserver within 4 seconds of disconnecting it. But
then it takes another 40 seconds or so for ipvs to stop routing to it.

Could you specify which timeout you are referring to? Are there any others
not listed on the man page? Do you have any other suggestions?

Those timeouts sound right to me. I am very surprised that ipvs is
taking that long to respond, and certainly that does not sound like a
timeout issue (well not a TCP one anyway), but I guess if thats what the
logs say, then thats what is happening. Is there any chance you could
try a 2.6 kernel?

... I had another thought just now. Are you talking about new
connections or existing connections. And are you using persistance?

Is this message the right width?

Width is good, thanks.

If not I'll carriage return each line in
future. Also, since you answered my post, my original post has gone from
the list and been replaced with an edited one. The edited one is missing
the bottom part, which had my and some other stuff that's
missing from your reply. This is the link to the original post:

If you reply to me as you did, should I reply to you as I am now or to
lvs-users@xxxxxxxxxxxxxxxxxxxxxx? Just to keep it in the thread etc.

My preferenec is, in order:

1. Reply to all: that is send the message to me and
  lvs-users@xxxxxxxxxxxxxxxxxxxxxxx Thats a common practice on many
  mailing lists as it allows people to proritise mail
  that is addressed to them, while also keeping the mail in
  the archive and open.

2. Reply to lvs-users@xxxxxxxxxxxxxxxxxxxxxx
  That is more common practice on the lvs-users list,
  though I have to confess that I sometimes don't read it for a while.

3. Reply to me (but its not a bit deal :)

H: W:

<Prev in Thread] Current Thread [Next in Thread>