|
Hello,
On 2012-08-24 18:05, Graeme Fowler wrote:
> On Fri, 2012-08-24 at 16:58 +0400, Dmitry Akindinov wrote:
>> It looks like the problem is not in the ipvs rules, but in the ipvs
>> "connection table" that it gets from the "active" balancer via the
>> syncing daemon: as soon as we stop the syncing daemon, the problem
>> disappears.
>
> I wonder... is this symptomatic of a connection tracking issue?
>
> Could it be that the incoming packets are not being seen as
> ESTABLISHED,RELATED by netfilter and therefore being dropped? Although
> that begs the question as to why with an empty sync table the problem
> goes away.
>
> Unless... netfilter *is* detecting them as ESTABLISHED,RELATED and
> therefore trying to pass them into an ipvs table which is currently
> empty?
>
> If you have connection tracking setup in iptables, could you remove it
> for a little while to see what happens? I smell an interaction.
It is unlikely. The iptables on all those servers has connection
tracking switched off:
*raw
:PREROUTING ACCEPT []
:OUTPUT ACCEPT []
-A PREROUTING -d VIP/32 -j NOTRACK
COMMIT
> Graeme
--
Best regards,
Dmitry Akindinov
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
