Re: firewall marks + tunneling + persistence = ERR! state

To: Jaroslav Libák <jarol1@xxxxxxxxx>
Subject: Re: firewall marks + tunneling + persistence = ERR! state
Cc: " users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
From: Horms <horms@xxxxxxxxxxxx>
Date: Wed, 29 Nov 2006 16:57:09 +0900
On Tue, Nov 28, 2006 at 09:32:09PM +0100, Jaroslav Libák wrote:
> When i run that I get some connections with ERR! state. Persistence is
> 600 = 10 minutes, after that these connections dissappear. Without
> persistence there are no such connections. If I don't use firewall
> marks then they aren't there either. If I don't use firewall marks,
> then there are "NONE" connections which from what I have read LVS uses
> to handle persistence. These "connections" resemble my ERR!
> connections in this sence. After they dissappear client can be routed
> to a different real server.
> Could anyone confirm that in this case this ERR! state is harmless?
> I'm thinking that it might be happening because usage of firewall
> marks was added to LVS later and ipvsadm wasn't updated to handle this
> properly. Or when using firewall marks and persistence, somebody
> forgot to change the state of the connection to "NONE" in the C code.

That does sound a little odd.

I don't think that is is to do with ipvsadm, as I think that the
strings come from the kernel. Can you see if the same problem shows
up when you cat /proc/net/ip_vs_conn ?

Once these connections get into that state, do they stay in that state
until they timeout, or do they progress to a different state?

Could you send some examples of this behaviour?
I suspect that it is harmless, but I also think it is
a bug in the the reporting functionality.


<Prev in Thread] Current Thread [Next in Thread>