Re: ip_conntrack and ip_conntrack_max

[Michael Spiegle <mike@xxxxxxxxxxxxxxxx>]

ip_conntrack will register UDP connections as well as traffic going both 
ways.  For example,
I have an LVS pair with 14 high-volume mail servers behind.  I'm pushing 
about 10,000 connections TOTAL.  In the ip_conntrack, about 20K entries 
are from the mail connections, and another 80K connections are from the 
mail servers querying a caching nameserver through the LVS.
I realized this the other day and changed the route for the nameservers 
to go out a different interface on my mailservers thus alleviating some 
load from the LVS.
---
Michael Spiegle
mike@xxxxxxxxxxxxxxxx



Kristoffer Egefelt wrote:
> On another loadbalancer which has 6 times as many connections as this one
> the numbers are:
>
> # cat ip_conntrack |wc -l
> 22039
>
> # cat /proc/sys/net/ipv4/ip_conntrack_max
> 65536
>
> Hmmm... Strange?
>
>
> On 11/13/06, Kristoffer Egefelt <dr.fersken@xxxxxxxxx> wrote:
> > Hello,
> >
> > We're experiencing connection problems on a HTTP (iis) service behind a
> > lvs-nat on debian 2.6.
> >
> > Trying to figure out if the load director could be the problem, I came
> > across this:
> >
> > From the lvs server:
> >
> > # cat ip_conntrack |wc -l
> > 65478
> >
> > # cat ip_conntrack_max
> > 65528
> >
> >
> > Having read various places that conntrack does not mean anything on 
> > kernel
> > 2.6 / iptables, just wanted to double check if our connection problems
> > simply isn't the masquarading on the loadbalancer that reaches the 
> > limit?
> > Thanks
> >
> > /Kristoffer
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users