Re: [lvs-users] https slow using LVS-NAT

To: Dirk Bonenkamp - Bean IT <dirk@xxxxxxxxxx>
Subject: Re: [lvs-users] https slow using LVS-NAT
Cc: " users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>, Julian Anastasov <ja@xxxxxx>
From: Simon Horman <horms@xxxxxxxxxxxx>
Date: Tue, 19 Oct 2010 17:11:08 +0200
On Tue, Oct 19, 2010 at 03:30:15PM +0200, Dirk Bonenkamp - Bean IT wrote:
>  Op 19-10-2010 15:19, Graeme Fowler schreef:
> > On Tue, 2010-10-19 at 14:56 +0200, Dirk Bonenkamp - Bean IT wrote:
> >> I still don't know what exactly the problem was with LVS-NAT...
> > Very likely that iptables/netfilter conntrack module was also processing
> > the VIP traffic, adding to the latency. Obviously that's only true if
> > you're using a conntrack module, but this is often the default on NAT
> > directors.
> >
> This wasn't the issue AFAIK. The conntrack modules where not loaded.
> They do get loaded when adding extra NAT rules trough iptables, but when
> only using LVS-NAT, they don't get loaded. The tests where done without
> the modules loaded.

As a heads-up, they will be loaded in 2.6.36, and I expect there
will be some performance penalty as a result. This was an oversight
when the Double-NAT changes were merged. And it will be resolved
in 2.6.37 - the fix has already been merged.

Please read the documentation before posting - it's available at: mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to

<Prev in Thread] Current Thread [Next in Thread>