Joseph Mack NA3T wrote:
> On Tue, 22 Apr 2008, Thomas Pedoussaut wrote:
>
>
>> For one of my dozen of services ( a straight TCP connection), the
>> TCP-FIN packets that are arriving on the load balancer are never passed
>> to the real server.
>>
>
> looking in
>
> http://marc.info/?l=linux-virtual-server&w=2
>
> for "LVS DR FIN"
>
> I find some postings by Siim_Poder with the same problem
> (he's using LVS-NAT). He didn't really have a good idea what
> was going on, but assumed that it was a flaky connection to
> the client (I know the FIN packet has got as far as the
> director, and you'd wonder why it couldn't get the next
> step to the realserver). He increased his timeouts. He
> hasn't come back saying that he still has the problem. Maybe
> he's living with it, or maybe it's solved. I can't tell.
>
> Another post from Andreas Lundqvist
>
> http://marc.info/?l=linux-virtual-server&m=116254182228697&w=2
>
> showed that the problem only occured with encrypted
> services. He fixed the problem by changing the packet size
>
> Let us know what you find.
>
It even happen when I close the client connection within seconds of
creation, so I don't think timeouts are involved.
My issue is that the application in backend doesn't deal with timeouts,
so never initiate the closing of the connection.
My best guess at the moment, as stated earlier is a problem with DR and
the state machine of netfilter.
I mailed Patrik Karén who had the same problem on the netfilter mailing
list but never came back.
--
Thomas
|