Stefan König schrieb: > thanks for the link! > > before bringing up lo:87 with VIP i execute > > echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore > echo "1" >/proc/sys/net/ipv4/conf/eth0/arp_ignore > > echo "2" > /proc/sys/net/ipv4/conf/eth0/arp_announce > echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce > > (i have only an eth0 in the machines) > but it is still the same result.... > ipvsadm still shows me InActConns a -c -n lists them as FIN_WAIT. > > bye > SK > > I reply to myself because i re-checked the documentation at http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.ipvsadm.html which says:
---- With LVS-NAT, the director sees all the packets between the client and the realserver, so always knows the state of tcp connections and the listing from ipvsadm is accurate. However for LVS-DR, LVS-Tun, the director does not see the packets from the realserver to the client. Termination of the tcp connection occurs by one of the ends sending a FIN (see W. Richard Stevens, TCP/IP Illustrated Vol 1, ch 18, 1994, pub Addison Wesley) followed by reply ACK from the other end. Then the other end sends its FIN, followed by an ACK from the first machine. If the realserver initiates termination of the connection, the director will only be able to infer that this has happened from seeing the ACK from the client. In either case the director has to infer that the connection has closed from partial information and uses its own table of timeouts to declare that the connection has terminated. Thus the count in the InActConn column for LVS-DR, LVS-Tun is inferred rather than real. --- so the InActConn should be "normal" for LVS/DR with Spamassassin. anyway, thanks for the hint with the ARP problem! bye SK _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
