|
Thank you for the suggestion.
We didn't have the netfilter module loaded at all so I don't think it
would have having any impact. However I loaded it and set this setting
and it didn't change the behavior.
The ip_conntrack_tcp_be_liberal setting wasn't available on our kernel
version looks like I can't find a module to load to enable that.
We did find something interesting. If we add additional headers to the
working http request we can make it fail.
WORKS: curl -H "X:1" http://10.64.96.10/healthcheck
FAILS: curl -H "X:12" http://10.64.96.10/healthcheck
190 bytes works, 191 bytes fails with the failure to tunnel problem.
Phillip Moore
On Fri, Aug 28, 2015 at 2:42 PM, Julian Anastasov <ja@xxxxxx> wrote:
>
> Can you test with enabled nf_conntrack_tcp_be_liberal
> or ip_conntrack_tcp_be_liberal sysctl value in director?
> May be packets are dropped by conntrack because packets
> from reply direction are not seen.
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
