Re: [lvs-users] TCP timeout and established connections in DR mode

To: Abhijeet Rastogi <abhijeet.1989@xxxxxxxxx>
Subject: Re: [lvs-users] TCP timeout and established connections in DR mode
Cc: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
From: Julian Anastasov <ja@xxxxxx>
Date: Wed, 6 May 2020 09:50:50 +0300 (EEST)

On Tue, 5 May 2020, Abhijeet Rastogi wrote:

> >IPVS also has sysctl vars that can release IPVS structures on memory
> pressure
> Are you referring to drop_entry? Doc says that it is only for SYN-RECV/SYNACK
> state. What about the TCP connections that have completed the "fin
> handshake"?  The reason I ask is, a default timeout like 15min seems a
> little too high for HTTP and I suspect that there'll be a lot of stale
> entries in the connection table.

        May be docs are incorrect but drop_entry also works for
established state to drop connections with low traffic.

        15mins should be used for applications that can go in
inactive state while applications that transfer packets constantly
can safely use lower value. If max retransmission period in TCP
is 2 minutes you can select some value that covers desired number
of retransmissions, eg. 3 maximal retransmissions => 6min. Note
that in this period there will be more retransmissions with lower
period. If only NAT mode is used, timeout such as 121 should
work as we monitor the traffic from real server and its


Julian Anastasov <ja@xxxxxx>

Please read the documentation before posting - it's available at: mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to

<Prev in Thread] Current Thread [Next in Thread>