|
Hi,
We're experiencing connection problems on a HTTP (iis) service behind a
lvs-nat on debian 2.6.
What kind of problems? How is the IIS configured? What are your HTTP
requests like, HTTP 1.0, 1.1, pipelined? What are your keepalive
settings? Do you have enabled max connections on IIS? Which version of IIS?
Trying to figure out if the load director could be the problem, I came
across this:
From the lvs server:
# cat ip_conntrack |wc -l
65478
Make sure you don't call this too often, since:
a) It's racy and might crash your box when you've exhausted the buckets
b) It's only temporary and changes very quickly on most boxes that have
moderate connection attempts and tear-down.
# cat ip_conntrack_max
65528
These numbers don't mean too much. Are there any indications logged in
the kernel log file? dmesg -s 1000000 ...
Generally this number is set quiet low on you node. Another question is
if you really need the connection tracking? LVS-NAT does not need it.
Having read various places that conntrack does not mean anything on kernel
2.6 / iptables, just wanted to double check if our connection problems
simply isn't the masquarading on the loadbalancer that reaches the limit?
Could very well be, but you'd see some messages in the kernel log file.
Best regards,
Roberto Nibali, ratz
--
echo
'[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc
| 