|
I have a number of LVS directors running a mixture of CentOS 5 and CentOS
6 (running kernels 2.6.18-238.5.1 and 2.6.32-71.29.1). I have applied the
ipvs-nfct patch to the kernel(s).
When I set /proc/sys/net/ipv4/vs/conntrack to 1 I have PMTU issues. When
it is set to 0 the issues go away. The issue is when a client on a network
with a <1500 byte MTU connects. One of my real servers replies to the
clients request with a 1500 byte packet and a device upstream of the
client will send an ICMP must fragment. When conntrack=0 the director
passed the (modified) ICMP packet on to the client. When conntrack=1 the
director doesn't send an ICMP to the real server. I can toggle conntrack
and watch the PMTU work and not work.
I would happily leave conntrack off, but it has a huge performance impact.
With my traffic profile the softirq load doubles when I turn off
conntrack. My busiest director is doing 2.1Gb of traffic and with
conntrack off it can probably only handle 2.5Gb.
I am hoping that this issue has been observed and fixed and someone will
be able to point me to the patch so I can back port it to my kernels (or
finally get rid of CentOS 5!).
Thanks
Tim
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
