lvs-users
|
|
lvs-users
|
| To: | "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx> |
|---|---|
| Subject: | [lvs-users] IPsec and LVS-NAT: fragmentation issue |
| From: | "Laurentiu C. Badea (L.C.)" <lc@xxxxxxxx> |
| Date: | Fri, 19 Sep 2008 13:35:25 -0700 |
I think this may be a bug in LVS. I have an LVS-NAT on a machine that also does IPsec with the clients (not with the real servers). Client----ClientIPsec========ServerIPsec/LVS-----RealServer When the real server sends back a packet that is too big for IPsec to encode, I see an "ICMP Fragmentation Needed" sent by VIP to itself (VIP->VIP on the "lo" interface). That does not make it outside so the connection hangs while the real server blindly retransmits its packet. Took me a while to figure out what is happening since listening on the physical interface did not show the ICMP. I'm going to read LVS-Tun for some ideas but I don't think it's normal for that ICMP to be sent to itself. -- Laurentiu |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [lvs-users] Connections through VIP are slow (with 5 seconds delay for each connection), Nookala Satish Kumar |
|---|---|
| Next by Date: | Re: [lvs-users] IPsec and LVS-NAT: fragmentation issue, Laurentiu C. Badea (L.C.) |
| Previous by Thread: | [lvs-users] Can LVS do persistence by srcip & srcport combined?, Malcolm Turnbull |
| Next by Thread: | Re: [lvs-users] IPsec and LVS-NAT: fragmentation issue, Laurentiu C. Badea (L.C.) |
| Indexes: | [Date] [Thread] [Top] [All Lists] |