Re: [lvs-users] lvs-tun MTU and fragmentation

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: [lvs-users] lvs-tun MTU and fragmentation
From:	"Sameer Garg" <sameer.garg@xxxxxxxxx>
Date:	Fri, 31 Aug 2007 19:04:13 +0530

Yeah I tried that iptables rule on the director and that didn;t work.
I still get

Tcpdump output:
18:59:30.870598 IP 198.64.15.26 >
ABTS-NCR-Dynamic-169.81.162.122.airtelbroadband.in: icmp 556:
198.64.15.26 unreachable - need to frag (mtu 1380)

Iptable rule:
Chain OUTPUT (policy ACCEPT)
target       prot opt source               destination
TCPMSS tcp  --  198.64.15.26       anywhere            tcp
flags:SYN,RST,ACK/SYN,ACK TCPMSS set 1440


-Sameer



On 8/31/07, Graeme Fowler <graeme@xxxxxxxxxxx> wrote:
> On Fri, 2007-08-31 at 18:03 +0530, Sameer Garg wrote:
> >    In my quest for setting up LVS-Tun we encountered another problem.
> > MTU and fragmentation is a known problem. First some back ground
> > information.
> >
> > 1. We can't use LVS-DR because our machines are all over the place.
> > (Thank the ISP)
> > 2. The setup comprises of 2 machines. 1 director and 1 Real Server.
> > 3. We are using RHEL 4.
>
> What you have to remember is as follows:
>
> 1. The initial packet from the client to the realserver - the SYN packet
> - sets the parameters for the connection.
>
> 2. With TUN, the realserver is responding directly to the client.
>
> 3. That means if the tun0 interface(s) have an MTU of (for example)
> 1400, then you need to make the *realserver's VIP interface* have an MTU
> of 1400. How you do that varies with OS, but for a Linux server you'd do
> the following on the realserver:
>
> iptables -A OUTPUT -s VIRTUAL-IP -p tcp -m tcp --tcp-flags SYN,RST,ACK
> SYN,ACK -j TCPMSS --set-mss 1440
>
> ...which is in the HOWTO :)
>
> That then means the realserver will respond to the initial ACK with the
> MSS set for that connection; the client will see that MSS and *should*
> then adjust its' following packet sizes.
>
> You should leave the director and tun0 interfaces to do what they want,
> as I recall.
>
> Graeme
>
>
>
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>

<Prev in Thread]	Current Thread	[Next in Thread>
[lvs-users] lvs-tun MTU and fragmentation, Sameer Garg Re: [lvs-users] lvs-tun MTU and fragmentation, Graeme Fowler Re: [lvs-users] lvs-tun MTU and fragmentation, Sameer Garg <= Re: [lvs-users] lvs-tun MTU and fragmentation, Graeme Fowler

Previous by Date:	Re: [lvs-users] lvs-tun MTU and fragmentation, Graeme Fowler
Next by Date:	Re: [lvs-users] lvs-tun MTU and fragmentation, Graeme Fowler
Previous by Thread:	Re: [lvs-users] lvs-tun MTU and fragmentation, Graeme Fowler
Next by Thread:	Re: [lvs-users] lvs-tun MTU and fragmentation, Graeme Fowler
Indexes:	[Date] [Thread] [Top] [All Lists]