Re: [lvs-users] Ldirectord not working with heartbeat, works standalone

To: " users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] Ldirectord not working with heartbeat, works standalone
From: Simon Horman <horms@xxxxxxxxxxxx>
Date: Thu, 12 Feb 2009 14:01:57 +1100
On Tue, Feb 10, 2009 at 12:48:02PM +0000, Bruce Richardson wrote:
> On Tue, Feb 10, 2009 at 01:28:36PM +0100, Sebastian Vieira wrote:
> > 
> > But yes, i agree, if you want to eliminate this 'lost' period the best way
> > would be to have ldirectord running on both nodes at all times. An argument
> > that i thought of "heartbeat makes sure ldirectord is running" is moot if
> > you have puppet handle the service state.
> Thinking further on this subject, I can see a good reason for NOT having
> the sync daemon fully replicate server state; it's entirely possible
> that different directors will not have the same view of the network if
> there is disruption (that is, one may be able to reach one set of real
> servers while another may see a slightly - or radically - different
> set).  Synchonizing connection information is harmless in that scenario
> but forcing all the service tables to be in lockstep would be bad.

You can avoid this scenario by setting
/proc/sys/net/ipv4/vs/expire_nodest_conn to 1.

Although that would have the effect of dropping connections for
connections that receive connections before ldirectord has configured
the servce - which is probably not desirable in the case where
ldirectord is managed by linux-ha.

Thinking about this, I wonder if it would make sense to allow
ldirectord to change the value of expire_nodest_conn from 0 to 1
once it has checked each real-server once.

>From Documentation/networking/ipvs-sysctl.txt in the linux kernel tree:

expire_nodest_conn - BOOLEAN
        0 - disabled (default)
        not 0 - enabled

        The default value is 0, the load balancer will silently drop
        packets when its destination server is not available. It may
        be useful, when user-space monitoring program deletes the
        destination server (because of server overload or wrong
        detection) and add back the server later, and the connections
        to the server can continue.

        If this feature is enabled, the load balancer will expire the
        connection immediately when a packet arrives and its
        destination server is not available, then the client program
        will be notified that the connection is closed. This is
        equivalent to the feature some people requires to flush
        connections when its destination is not available.

Simon Horman
  VA Linux Systems Japan K.K., Sydney, Australia Satellite Office
  H:             W:

Please read the documentation before posting - it's available at: mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to

<Prev in Thread] Current Thread [Next in Thread>