|
Hi Julian
Am 17.03.2020 um 14:23 schrieb Julian Anastasov:
>
> Yes, when nf_conntrack is used it would be better to
> set /proc/sys/net/ipv4/vs/conntrack to 1, as reported by different
> users, for example:
>
> https://marc.info/?t=134728825000003&r=1&w=2
>
> In this case, you have to increase nf_conntrack_max sysctl var
> to allow the desired number of conntracks to be created.
>
Ok, i will give it a try. nf_conntrack_max is set to 262144 (default?).
I would set it to 1024000. Do you have any recommondation for this
value? ip_vs_conn shows 18753 entries.
> Another option is to use NOTRACK to disable nf conntracks just for
> the IPVS traffic:
>
> iptables -t raw -A PREROUTING -p tcp -d VIP --dport VPORT -j CT --notrack
>
> For local clients use -A OUTPUT -o lo
As we do not use any iptables rule or connection tracking (except for
ipvs) on the loadbalancer, could it be an option for performance
optimization to disable nf_conntrack (like ip_conntrack in the past) or
is it essentially needed for proper ipvs functionality?
Just an additional info: we use Intel X710 10Gbit NICs.
Thanks.
regards Marco
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
