|
On Tue, 13 Mar 2007, Klaas Jan Wierenga wrote:
Hi all,
thanks for the nice complete report.
short answer - I don't know, but I'm not as close to the
code as others on the ml.
I have a problem where sometimes some long standing mp3 streaming sessions
over HTTP are terminated because the LVS-DR director sends an "ICMP type 3
code 10 - host unreachable" packet to the client (which is the source of the
mp3 stream). When this happens the client stops sending packets for 15
minutes 15 minutes (the TCP idle session timeout of LVS?)
well possibly. the idle timeout is only for idle
connections. Not having any other ideas, you could double it
and see what happens.
2. Where is this ICMP packet generated in linux/net/ipv4/ipvs/* source files?
Answer: nowhere!, at least not with type 3 code 10
3. Could it be that this ICMP packet is generated by some sort of
denial-of-service defense code that I'm unaware of?
nope. nothing hidden in LVS.
Answer: net/ipv4/netfilter/ipt_REJECT.c: send_unreach(*pskb,
ICMP_HOST_ANO);
So it appears that netfilter (iptables?) is sending it. Why?
do you have any iptables rules? (if so delete them for the
moment).
This could be due to the firewall rule:
OK you do.
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
But why is this sent on an existing, established and active connection? Or is
there some TCP timeout because the director only sees incoming packets on the
connection? Maybe this rings a bell with someone.
unlikely. In LVS-DR the director makes reasonable guesses as
to the state of the realserver's connection, based on
timeouts etc. Hopefully it's behaviour looks the same as a
normal 2-ended connection, at least on the outside.
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
|
