Re: [lvs-users] Some users slow loading..

To:	lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject:	Re: [lvs-users] Some users slow loading..
From:	Joerg Delker <jd_lvs@xxxxxxx>
Date:	Sun, 16 Sep 2007 16:58:09 +0200

Hi Joseph,

thanks for your reply.

Although I didn't expect much from your hint, I was really surprised to
find out, that the firewall *was* cause for this!
I was unaware of the fact, that LVS traffic obviously is not subject to
iptables connection tracking and thus doesn't match any ESTABLISHED or
RELATED states.
That in consequence caused some DoS related limit rules to trigger and
drop packages.

In case this is not expected behavior, I'm happy to discuss that further.

Thanks for your support,
Joerg


Quoting Joseph Mack NA3T <jmack@xxxxxxxx>:

On Fri, 14 Sep 2007, Joerg Delker wrote:

Hi Folks,

I just found this thread in the archives describing my problem.
So let me tune in so we hopefully can find that bummer.

Symptoms:
I'm also suffering from very slow connections via the VIPs in contrast to

accessing the real servers directly. A wget fetch from a particularweb takes

~40sec via the VIP and ~4sec directly.

Analysis:
Looking at the related tcpdumps for the VIP traffic I see:
in dump (Client<->Director):
* TCP Retransmissions VIP->Client
* Duplicate ACKs Client->VIP
in dump (Director<->Realserver)
* TCP Retransmissions Realserver->Client
* Duplicate ACKs Client->Realserver
* TCP previous segment lost Client->Realserver (appears after each Dup ACK)

Note: Routing client traffic directly to the real server shows perfect TCP
traffic!

Environment:
The director is acting as firewall, router, loadbalancer using
ipvsadm v1.24 2003/06/07 (compiled with popt and IPVS v1.2.0)
and configured as LVS-NAT to access the real servers.
Kernel tested: 2.6.16, 2.6.18, 2.6.22 - no difference noticable
Hardware issues can be ruled out as the directly routed traffic uses exact
the same path.


there's a section on slow loading webpages in (I think) the
mini-HOWTO.

Also try your setup without the firewall rules

Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!

_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [lvs-users] Some users slow loading.., Joerg Delker Re: [lvs-users] Some users slow loading.., Joseph Mack NA3T Re: [lvs-users] Some users slow loading.., Joerg Delker <= Re: [lvs-users] Some users slow loading.., Joseph Mack NA3T

Previous by Date:	Re: [lvs-users] feedbackd without compile kernel, kosol student . psu . ac . th
Next by Date:	Re: [lvs-users] Some users slow loading.., Joseph Mack NA3T
Previous by Thread:	Re: [lvs-users] Some users slow loading.., Joseph Mack NA3T
Next by Thread:	Re: [lvs-users] Some users slow loading.., Joseph Mack NA3T
Indexes:	[Date] [Thread] [Top] [All Lists]