On Wed, Oct 27, 2010 at 06:33:54AM +0900, Simon Horman wrote: > On Tue, Oct 26, 2010 at 09:52:00AM -0700, Chris Chen wrote: > > Quoting Jean-Sébastien Frerot <[email protected]>: > > > > >> Hello, > > >> > > >> On Mon, 30 Nov 2009, Simon Horman wrote: > > >> > > >> >/ > The problem exists because IPVS does not/ > > >> >/ > disable LRO, it must be done under RTNL and IPVS never runs/ > > >> >/ > in this context. And LRO is not supported for forwarding:/ > > >> >/ > / > > >> >/ > http://marc.info/?l=linux-netdev&m=121389887114416&w=2 > > >> <http://marc.info/?l=linux-netdev&m=121389887114416&w=2>/ > > >> >/ > / > > >> >/ > IPVS does not call ip_forward for DR method, that/ > > >> >/ > is why you do not need forwarding and the LRO warning/ > > >> >/ > does not occur before hitting the GSO code. ip_forward/ > > >> >/ > just drops LRO packets:/ > > >> >/ > / > > >> >/ > if (skb_warn_if_lro(skb))/ > > >> >/ > goto drop;/ > > >> >/ / > > >> >/ Hi Julian,/ > > >> >/ / > > >> >/ do you have any thoughts on how the code might be improved/ > > >> >/ to handle this case a bit better?/ > > >> >/ / > > >> >/ Perhaps something along the lines of the/ > > >> >/ code for LRO in ip_forward?/ > > >> > > >> If you want to disable LRO in IPVS > > >> net/ipv4/devinet.c:inet_forward_change() is an example what > > >> should be done in process context if you want to disable > > >> LRO for all existing devices. Then call skb_warn_if_lro > > >> near or in IP_VS_XMIT and also before calling ip_local_out(). > > >> May be LRO can be disabled when the first virtual or > > >> may be real service is added to allow LRO to work if IPVS > > >> is just compiled. > > >> > > >> Regards > > >> > > >> -- > > >> Julian Anastasov <j...@xxxxxx> > > >> > > > Hi, > > > Do you guys know if there is any plan to fix this in ipvs soon ? We > > > have this exact problem when using ipvs and 2 different network cards > > > (intel and broadcom). > > Sorry, no I don't believe that there is a fix available. > I will try and rectify that situation. In the mean time > I believe that a work-around is to disable LRO on any > interface that receives packets for fowarding (or LVS) > using ethtool.
Correction, the work-around for the problem that I have seen is to disable GRO. > > Could this be breaking SSL over LVS-DR? I've been seeing a problem > > where SSL handshakes fail intermittently with certain clients (Windows > > 7, particularly), and using LVS-NAT seems to fix it. > > The most recent manifestation of this problem that I have observed is that > the linux-director will request fragmentation of packets that are greater > than MTU size which LRO has actually assembled from packets which are MTU > length or less. > > That manifestation can be observed as ICMP need to frag messages on the wire. > The kernel in question is 2.5.35. I believe the behaviour should > be the same in newer kernels. I am less sure about older kernels. > > I'm not sure if there are other manifestations of this problem. > _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
