Re: [lvs-users] Understanding granularity, timeouts and unexpected balan

To: Abhijeet Rastogi <abhijeet.1989@xxxxxxxxx>
Subject: Re: [lvs-users] Understanding granularity, timeouts and unexpected balance of traffic on reals
Cc: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
From: Julian Anastasov <ja@xxxxxx>
Date: Sun, 25 Aug 2019 13:28:37 +0300 (EEST)

On Thu, 15 Aug 2019, Abhijeet Rastogi wrote:

> Hi everyone,
> I'm investigating a typical configuration for an L4 TCP load balancer using
> ipvs+keepalived. Settings:-
> persistence_timeout: 120 seconds.  (# LVS persistence timeout, sec)
> /sbin/ipvsadm --set 1800 120 300 (30 min timeout for TCP)
> persistence_granularity: "48" for ipv6.
> lb_algo: rr (round-robin)
> My expectation is, all the IPs from the same /48 v6 subnet should always
> reach the same real_server because of setting granularity. (at least the
> connections created in last 120 seconds)

        Yes, if they are for same virtual service. Otherwise,
it would be a bug if connections from same subnet go to different
real servers.

> However, I can see that established connections from the same /48 v6 subnet
> are spread across multiple reals, even for recently established
> connections.
> # Same /48 going to different reals, (very recent connections)
> 1. Grepping with only first 3 quibble to see how a /48 is being
> distributed.
> 2. " | grep ESTAB | grep 29: | head -n 100" to only see first 100
> established connections created in last 60 seconds as my timeout is set to
> 30:00 (1800 seconds)
> 4. 6th column is the real IP.
> I see that the same /48 is getting distributed across multiple different
> reals. (should be same real because of persistence_granularity set to 48).
> $ sudo ipvsadm -lnc | grep "xxxx:xxxx:xxxx" | grep ESTAB | grep 29: | head
> -n 100 | awk '{print $6}' | sort | uniq -c
>       2 [V6IP_REDACTED:9222]:443
>       9 [V6IP_REDACTED:9223]:443
>       7 [V6IP_REDACTED:9224]:443
>      13 [V6IP_REDACTED:9225]:443
>       1 [V6IP_REDACTED:9226]:443
>       ............
>       ............ output redacted

        I'm not sure how many virtual servers you are using.
Please, list your configuration, even with scrambled IPs:

        ipvsadm -Ln

>    - Why are recent connections going to different reals?
>    - For recent connections, shouldn't they always end up on same real?
>    - For older connections, I guess, persistence_timeout causes the traffic
>    to balance to other reals via round robin.

        The persistence timeout (-p N) is used as minimum time.
For this period other connections can come and expire.

        When the timer expires it can be extended each time with new 60
seconds if there are existing connections (even if not ESTAB anymore) that 
refer to the persistence template (connection with zeros after the 48-th bit) 
created to remember which real server is used. So, the persistence
template can live very long time if the subnet is very active. You should
see one such template for every subnet.


Julian Anastasov <ja@xxxxxx>

Please read the documentation before posting - it's available at: mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to

<Prev in Thread] Current Thread [Next in Thread>