LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: [lvs-users] Recursive SYN packets sent from Director toRealServer

from [Calcote, Lee] [Permanent Link]
To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] Recursive SYN packets sent from Director toRealServer
From: "Calcote, Lee" <lcalcote@xxxxxxxxx>
Date: Mon, 11 Aug 2008 14:19:52 -0700 
Hey Malcolm,

Both the Director (10.80.214.72) and RealServer (10.80.214.70) have one
physical interface (eth0). The Director is configured with the VIP
(10.80.214.69) on eth0:0 and the RealServer with the VIP on tunl0. Neither
box has any firewall rules. Both are running kernel 2.6.20.21.

I stumbled upon a number of issues in the mail archives that depict the
issue we¹re experiencing:

1. ³SYN_RECV state symptoms in LVS-DR²
http://lists.graemef.net/pipermail/lvs-users/2004-May/011770.html
2. ³LVS hangs in SYN_RECV state²
http://www.in-addr.de/pipermail/lvs-users/2004-February/011033.html
3. http://archives.free.net.ph/message/20010517.104313.cd1a1128.en.html
4. ³hold at SYN_RECV / LVS-Tun over Internet / one InActConn
³ http://lists.graemef.net/pipermail/lvs-users/2005-September/014786.html

Both the LVS/TUN and LVS/DR setups have worked  - - just intermittently. A
ton of SYN_RECV state connections show up in the connection tracking table
when this issue occurs.

Output from ipvsadm on Director:

# ipvsadm          
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.80.214.69:ssh rr
  -> 10.80.214.70:ssh             Tunnel  1      0          0
TCP  10.80.214.69:10000 rr
  -> 10.80.214.70:10000           Tunnel  1      0          3
TCP  10.80.214.69:60001 rr
  -> 10.80.214.70:60001           Tunnel  1      0          391
TCP  10.80.214.69:60000 rr
  -> 10.80.214.70:60000           Tunnel  1      0          3

Output from ipvsadm ­lnc on Director:

# ipvsadm -lnc
IPVS connection entries
pro expire state       source             virtual            destination
TCP 01:00  SYN_RECV    10.80.214.123:3173 10.80.214.69:60001
10.80.214.70:60001
TCP 01:00  SYN_RECV    10.80.214.123:3135 10.80.214.69:60001
10.80.214.70:60001
TCP 01:00  SYN_RECV    10.80.214.120:3206 10.80.214.69:60001
10.80.214.70:60001
.... goes on for many more entries...
TCP 01:00  SYN_RECV    10.80.214.120:3035 10.80.214.69:60001
10.80.214.70:60001
TCP 01:00  SYN_RECV    10.80.214.122:3053 10.80.214.69:60001
10.80.214.70:60001
TCP 01:00  SYN_RECV    10.80.214.123:2916 10.80.214.69:60001
10.80.214.70:60001

Output from route ­n on Director and RS are identical:

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
10.80.214.64    0.0.0.0         255.255.255.192 U     0      0        0 eth0
0.0.0.0         10.80.214.65    0.0.0.0         UG    0      0        0 eth0

Thoughts? Thanks for your help, Malcolm.

Lee


From: Malcolm Turnbull <malcolm@xxxxxxxxxxxxxxxx>
Reply-To: "LinuxVirtualServer.org users mailing list."
<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 11 Aug 2008 13:38:50 -0700
To: "LinuxVirtualServer.org users mailing list."
<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] Recursive SYN packets sent from Director
toRealServer

Lee,

Its unlikely to be a bug.
Sounds like its related to the real server configuration.

Just a thought do you have more than one network card on the LVS box?
You're only blocking ARPs on eth0 at the moment.
Get DR working first and then move on to TUN (have you seen the recent
posts on MTU size?



2008/8/11 Calcote, Lee <lcalcote@xxxxxxxxx>
>
> Hi,
>
> We¹re having intermittent luck using LVS/TUN and LS/DR while trying to
> load-balance web services running on high port numbers: 10000, 60000, and
> 60001. To handle the ARP issue, we¹re using the hidden interface approach
> with the following sysctl settings on the real servers:
>
> > net.ipv4.conf.eth0.arp_ignore = 1
> > net.ipv4.conf.eth0.arp_announce = 2
> > net.ipv4.conf.all.arp_ignore = 1
> > net.ipv4.conf.all.arp_announce = 2
> > net.ipv4.conf.tunl0.arp_ignore = 1
> > net.ipv4.conf.tunl0.arp_announce = 2
>
> We find that client making HTTP requests at <VIP>:10000 (Webmin),
> <VIP>:60000 and <VIP>:60001 (both in-house web services) are able to
> successfully connect to real servers only intermittently. During failed
> requests, we find the Director is generating SYN after SYN request to the
> real server. The real server receives these (many thousand) SYN requests but
> sends no reply (SYN, ACK). One of the mysteries here is that at other times
> the same client will make a request and successfully connect to the web
> service. We¹ve test the load-balancing of SSH and had a 100% success rate.
>
> Does anyone know if this is a bug with LVS or have suggestions on what
> further troubleshooting may be done to identify the issue? Any help would be
> appreciated.
>
> Thanks,
> Lee
>
> - 
------------------------------------------------------------------------------
> Confidentiality Notice: The information contained in this transmission is
legally privileged and confidential, intended only for the use of the
individual(s) or entities named above. This email and any files transmitted with
it are the property of Pelco. If the reader of this message is not the intended
recipient, or an employee or agent responsible for delivering this message to
the intended recipient, you are hereby notified that any review, disclosure,
copying, distribution, retention, or any action taken or omitted to be taken in
reliance on it is prohibited and may be unlawful. If you receive this
communication in error, please notify us immediately by telephone call to
+1-559-292-1981 or forward the e-mail to administrator@xxxxxxxxx and then
permanently delete the e-mail and destroy all soft and hard copies of the
message and any attachments. Thank you for your cooperation.
> - 
------------------------------------------------------------------------------
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users



--
Regards,

Malcolm Turnbull.

Loadbalancer.org Ltd.
Phone: +44 (0)870 443 8779
http://www.loadbalancer.org/




- ------------------------------------------------------------------------------
Confidentiality Notice: The information contained in this transmission is 
legally privileged and confidential, intended only for the use of the 
individual(s) or entities named above. This email and any files transmitted 
with it are the property of Pelco. If the reader of this message is not the 
intended recipient, or an employee or agent responsible for delivering this 
message to the intended recipient, you are hereby notified that any review, 
disclosure, copying, distribution, retention, or any action taken or omitted to 
be taken in reliance on it is prohibited and may be unlawful. If you receive 
this communication in error, please notify us immediately by telephone call to 
+1-559-292-1981 or forward the e-mail to administrator@xxxxxxxxx and then 
permanently delete the e-mail and destroy all soft and hard copies of the 
message and any attachments. Thank you for your cooperation. 
- ------------------------------------------------------------------------------
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [lvs-users] Recursive SYN packets sent from Director to RealServer, Malcolm Turnbull
Next by Date:  Re: [lvs-users] Recursive SYN packets sent from Director toRealServer, Joseph Mack NA3T
Previous by Thread:  Re: [lvs-users] Recursive SYN packets sent from Director to RealServer, Malcolm Turnbull
Next by Thread:  Re: [lvs-users] Recursive SYN packets sent from Director toRealServer, Joseph Mack NA3T
Indexes:  [Date] [Thread] [Top] [All Lists]