I have IPVS setup with 2 VIPs talking to the same real server configured for direct server return (ie TUN type). One vip is port 80 http and one vip is 443 for https/SSL. The SSL vip doesn't work properly. There is initial communication that happens but then it appears as though IPVS stops tunneling the incoming packets to the real server and the connection stalls and times out. If I switch ports to just verify there is nothing crazy going on with filtering and I put SSL on port 80 (or any port) it still fails.
I've put the relevant info in a gist in hope it might be helpful and not clutter up the email. https://gist.github.com/realpdm/2118bbaa298ff3debe52 In various test scenarios we found that the client is having to retransmit packets after some initial successful back and forth. On the IPVS node a tcpdump shows that for some reason IPVS stops forwarding the packets onto the real server over the tunnel. You can see in the tcpdump IPVS is forwarding things over ipip just fine until it stops around line 15 in the dump http traffic doesn't do this at all only SSL. I'm really puzzled and hope i am missing something obvious. I appreciate any insights or suggestions. OS Info: Linux adc-ipvs-lb2001 2.6.32-504.30.3.el6.x86_64 #1 SMP Tue Jul 14 11:18:03 CDT 2015 x86_64 x86_64 x86_64 GNU/Linux /sbin/modinfo ip_vs filename: /lib/modules/2.6.32-504.30.3.el6.x86_64/kernel/net/netfilter/ipvs/ip_vs.ko srcversion: 6C3CC9C055045FA0ECA1774 depends: ipv6,libcrc32c vermagic: 2.6.32-504.30.3.el6.x86_64 SMP mod_unload modversions parm: conn_tab_bits:Set connections' hash size (int) /sbin/modinfo ip_vs_sh filename: /lib/modules/2.6.32-504.30.3.el6.x86_64/kernel/net/netfilter/ipvs/ip_vs_sh.ko srcversion: 2EAF6C9DD83264246DBA82C depends: ip_vs vermagic: 2.6.32-504.30.3.el6.x86_64 SMP mod_unload modversions ipvsadm-1.26-4.el6.x86_64 Thank you, Phillip Moore _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users