|
barrywong wrote:
> yes
>
> my firewall VIP display tcp connect is 9454
>
> but ipvsadm -Ln VIP Total is 7078+7125 more than firewall connect
>
> TCP xxx.xxx.xxx.xxx:80 wlc persistent 120
> -> xxx.xxx.xxx.xx1:80 Route 1 7078 4140
> -> xxx.xxx.xxx.xx2:80 Route 1 7125 5822
>
> how can i do ?
>
I guess your issue is that the persistance is low compared to your usage.
I've had similar numbers with a mysql setup. Basically, there was
hundreds of very-long-lasting connections, but that weren't doing much
of traffic, with sometimes pausing for hours. They would disappear from
the LVS status but still be visible on the client and the server as
CONNECTED.
It's not really a big issue. Usually server affinity make the resuming
packets being directed to the same server so the connection can still be
used. If it wasn't the case, there is enough code on the client side to
re-establish a new connection if that one was to fail. You'll still have
to face a problem with the server side connections that will be
lingering in a limbo state. I would consider setting some sort of
timeout on that side. I'm not 100% sure, but you're real server are
running squid on port 80 correct.
If so, please have a look there
http://www.squid-cache.org/Versions/v3/3.0/cfgman/read_timeout.html and
probably shorten it (or extend your LVS persistance to that value with
ipvsadm --set )
Cheers
--
Thomas
|
