Hello, On 2012-08-24 18:05, Graeme Fowler wrote: > On Fri, 2012-08-24 at 16:58 +0400, Dmitry Akindinov wrote: >> It looks like the problem is not in the ipvs rules, but in the ipvs >> "connection table" that it gets from the "active" balancer via the >> syncing daemon: as soon as we stop the syncing daemon, the problem >> disappears. > > I wonder... is this symptomatic of a connection tracking issue? > > Could it be that the incoming packets are not being seen as > ESTABLISHED,RELATED by netfilter and therefore being dropped? Although > that begs the question as to why with an empty sync table the problem > goes away. > > Unless... netfilter *is* detecting them as ESTABLISHED,RELATED and > therefore trying to pass them into an ipvs table which is currently > empty? > > If you have connection tracking setup in iptables, could you remove it > for a little while to see what happens? I smell an interaction.
It is unlikely. The iptables on all those servers has connection tracking switched off: *raw :PREROUTING ACCEPT [] :OUTPUT ACCEPT [] -A PREROUTING -d VIP/32 -j NOTRACK COMMIT > Graeme -- Best regards, Dmitry Akindinov _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
