On Fri, Feb 12, 2010 at 04:17:21PM +0100, Peter Griffin wrote: > Hi guys, > Just an update... had the same problem and was ordered to remove haproxy and > install LVS with CentOs. When I went on the console I saw lots of Conntrack > messages and Dropped packet messages so I'm not sure whether some tuning > wold have in fact solved the problem.
yes indeed it would have solved it. I bet you haven't tuned it at all, so it's tuned as a workstation with very little session counts. You should definitely either remove any conntrack module or tune it appropriately (meaning that you should set the conntrack_max value very high, several hundred thousands, and the hash size to approxy 1/16 to 1/4 of the conntrack_max). It's useful to reduce the conntrack timeouts too, as most of the time they are extremely high (eg: 5 days for established sessions, 120 seconds for TIME_WAIT, both of which are too large for moderate to high traffic sites). Regards, Willy
