LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

[lvs-users] Reroute SYN packet when it could not be delivered to the bac

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: [lvs-users] Reroute SYN packet when it could not be delivered to the backend
From: kay <kay.diam@xxxxxxxxx>
Date: Fri, 13 Apr 2018 11:45:05 +0200
Hi,

I have a special use case for the Direct Routing (DR) mode.
Is there a possibility to reroute SYN packets, when they can not be
delivered to the backend? It could be easily detected by several SYN
packets being sent.

Here is how you can reproduce this situation:
1) configure ipvs with direct routing for two backends
2) run "while true; do curl vip; sleep 0.1; done" on some remote client
3) run tcpdump on the ipvs host
4) create a DROP iptables rule for the 80th port on the second backend
5) monitor multiple identical SYN requests on the ipvs host
6) monitor multiple identical SYN requests on the ipvs host, even when
you remove failed backend

My assumption was, that ipvs should redirect SYN packets, since there
is no established connection yet. Did I miss something?

I'd appreciate any help.

Regards

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread] Current Thread [Next in Thread>