|
All,
this is LVS related, although not actually an LVS problem - I've got an
LVS director distributing SMTP traffic to 4 backends over IPIP tunnels.
The IPIP links have an MTU of 1480.
On the director, I've been seeing lots of "timeout after DATA" (Postfix)
which apparently is a typical indicator of an MTU problem. And sure
enough, tcpdump shows plenty of "ICMP need to frag" being sent.
Fair enough I guess - path MTU discovery will not be able to discover
that my SMTP traffic is being distributed by LVS etc.. It would also
_appear_ that my hosting provider (Hetzner) may not be letting the ICMP
"need to frag" through their switches etc. - I have queried Hetzner,
but am still waiting for an answer.
After many attempts, lots of research, wielding a magic wand and
uttering the odd curse, I ended up with the following iptables setup on
each of my real servers:
iptables -I OUTPUT -p tcp --tcp-flags SYN,RST,ACK SYN,ACK -j TCPMSS
--clamp-mss-to-pmtu
This seems to have done the trick, but can anyone can explain to me
exactly why?
/Per Jessen, Zürich
|
