LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: [lvs-users] firewall marks + tunneling + persistence = ERR! state

from [Con Tassios] [Permanent Link]
To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] firewall marks + tunneling + persistence = ERR! state
Cc: =?x-unknown?q?Jaroslav_Lib=E1k?= <jarol1@xxxxxxxxx>
From: Con Tassios <ct@xxxxxxxxxxx>
Date: Thu, 29 Nov 2007 22:42:22 +1100 (EST) 
On Wed, 29 Nov 2006, Horms wrote:

> On Tue, Nov 28, 2006 at 09:32:09PM +0100, Jaroslav Libák wrote:
> > When i run that I get some connections with ERR! state. Persistence is
> > 600 = 10 minutes, after that these connections dissappear. Without
> > persistence there are no such connections. If I don't use firewall
> > marks then they aren't there either. If I don't use firewall marks,
> > then there are "NONE" connections which from what I have read LVS uses
> > to handle persistence. These "connections" resemble my ERR!
> > connections in this sence. After they dissappear client can be routed
> > to a different real server.
> >
> > Could anyone confirm that in this case this ERR! state is harmless?
> > I'm thinking that it might be happening because usage of firewall
> > marks was added to LVS later and ipvsadm wasn't updated to handle this
> > properly. Or when using firewall marks and persistence, somebody
> > forgot to change the state of the connection to "NONE" in the C code.
>
> That does sound a little odd.
>
> I don't think that is is to do with ipvsadm, as I think that the
> strings come from the kernel. Can you see if the same problem shows
> up when you cat /proc/net/ip_vs_conn ?
>
> Once these connections get into that state, do they stay in that state
> until they timeout, or do they progress to a different state?
>
> Could you send some examples of this behaviour?
> I suspect that it is harmless, but I also think it is
> a bug in the the reporting functionality.

I'm seeing similar behaviour as reported in this thread a year ago.  Although
this is using the RHELv5 kernel (2.6.18-53.el5), the only patches being applied
by Red Hat to ipvs code is a very minor one to ip_vs_sync.c.  Persistency
appears to be working correctly as far as I can tell.


# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
FWM  1 rr persistent 600
  -> 136.186.1.185:0              Route   5      1          0
  -> 136.186.1.184:0              Route   5      0          0

(Packets with destination address 136.186.1.29 port 8000 marked with fwm 1)

# ipvsadm -Lcn
IPVS connection entries
pro expire state       source             virtual            destination
IP  09:56  ERR!        136.186.1.50:0     0.0.0.1:0          136.186.1.185:0
TCP 14:56  ESTABLISHED 136.186.1.50:35765 136.186.1.29:8000  136.186.1.185:8000

# cat /proc/net/ip_vs_conn
Pro FromIP   FPrt ToIP     TPrt DestIP   DPrt State       Expires
IP  88BA0132 0000 00000001 0000 88BA01B9 0000 ERR!            595
TCP 88BA0132 8BB5 88BA011D 1F40 88BA01B9 1F40 ESTABLISHED     895


















[More with this subject...]










<Prev in Thread]
Current Thread
[Next in Thread>




    

  • Re: [lvs-users] firewall marks + tunneling + persistence = ERR!	state,
Con Tassios <=

















Previous by Date: 
Re: [lvs-users] Strange behavior of ipvsadm, Grasmo, Johan




Next by Date: 
Re: [lvs-users] Strange behavior of ipvsadm, Graeme Fowler




Previous by Thread: 
[lvs-users] Strange behavior of ipvsadm, Grasmo, Johan




Next by Thread: 
[lvs-users] ldirectord SimpleTCP service check [PATCH], Aaron Linnen




Indexes: 
[Date]
[Thread]
[Top]
[All Lists]