|
On Sun, 3 Aug 2008, Marco Lorig wrote:
From: Joseph Mack NA3T
we may have talked about this before but have you tried
setting the mtu on the realserver's NIC? You only need
set it for the route RIP:22->0/0, but setting it (or mss)
for the nic will at least see if this method handles the
problem.
This works. Setting up a fixed mtu to the realservers
default route (e.g. 1400) fixes the problem. In other
words: If the realservers send packets, which are small
enough to fit into the gre tunnell, everything works fine.
will this work as a solution?
I can demonstrate this by loggin in from the client to the
server via ssh. Itīs possible to login and work with the
shell (small tcp packets) but if you do a "ls -la" in /etc
for example (causes a tcp packet which is too big for the
GRE) the connection freezes.
much simpler test than ssh'ing. Thanks
ip_vs() does its own nat'ing, so using commands from
iptables will not help.
I thought this is only for ip_vs:
/proc/sys/net/ipv4/vs/nat_icmp_send ?
my mistake
sorry
IMHO the question is, why doesnt the RS receives any ICMP
need to frag from director2. In case of an iptables-only
connection (SNAT/DNAT) without ipvsadm everything works
fine.
either because to be fast, lvs messes with just about
everything and breaks all sorts of routing rules and the
defrag couldn't be written, or noone bothered to write it in
the first place. You're the first person to have this
problem, so it hasn't been a pressing coding priority. That
doesn't mean it shouldn't have been fixed.
Speed was needed in the old days with 33MHz computers and
10MBps networking. Now with 3GHz computers and internet
connections still not much more than 10Mbps, lvs could
probably be rewritten to be nice and cooperative and easy to
work with, without anyone noticing the decrease in speed.
However there is a *BSD equivalent of LVS which plays nicely
with the routing rules, but comments here have said that
it's too slow to use. So maybe it isn't possible to rewrite
lvs and have it behave nicely and be fast enough at the same
time.
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
|
