Re: [lvs-users] lvs-tun MTU and fragmentation

To: " users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] lvs-tun MTU and fragmentation
From: Graeme Fowler <graeme@xxxxxxxxxxx>
Date: Fri, 31 Aug 2007 14:19:49 +0100
On Fri, 2007-08-31 at 18:03 +0530, Sameer Garg wrote:
>    In my quest for setting up LVS-Tun we encountered another problem.
> MTU and fragmentation is a known problem. First some back ground
> information.
> 1. We can't use LVS-DR because our machines are all over the place.
> (Thank the ISP)
> 2. The setup comprises of 2 machines. 1 director and 1 Real Server.
> 3. We are using RHEL 4.

What you have to remember is as follows:

1. The initial packet from the client to the realserver - the SYN packet
- sets the parameters for the connection.

2. With TUN, the realserver is responding directly to the client.

3. That means if the tun0 interface(s) have an MTU of (for example)
1400, then you need to make the *realserver's VIP interface* have an MTU
of 1400. How you do that varies with OS, but for a Linux server you'd do
the following on the realserver:

iptables -A OUTPUT -s VIRTUAL-IP -p tcp -m tcp --tcp-flags SYN,RST,ACK
SYN,ACK -j TCPMSS --set-mss 1440

...which is in the HOWTO :)

That then means the realserver will respond to the initial ACK with the
MSS set for that connection; the client will see that MSS and *should*
then adjust its' following packet sizes.

You should leave the director and tun0 interfaces to do what they want,
as I recall.


<Prev in Thread] Current Thread [Next in Thread>