|
On Fri, 2012-08-24 at 16:58 +0400, Dmitry Akindinov wrote:
> It looks like the problem is not in the ipvs rules, but in the ipvs
> "connection table" that it gets from the "active" balancer via the
> syncing daemon: as soon as we stop the syncing daemon, the problem
> disappears.
I wonder... is this symptomatic of a connection tracking issue?
Could it be that the incoming packets are not being seen as
ESTABLISHED,RELATED by netfilter and therefore being dropped? Although
that begs the question as to why with an empty sync table the problem
goes away.
Unless... netfilter *is* detecting them as ESTABLISHED,RELATED and
therefore trying to pass them into an ipvs table which is currently
empty?
If you have connection tracking setup in iptables, could you remove it
for a little while to see what happens? I smell an interaction.
Graeme
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
