Just an update: This might be a hardware/driver issue. I'm having basically the exact same problem when attempting to use IPTABLES on the director just as a simple NAT router to one webserver (trying to isolate the problem), and I still get the exact same behavior (connection closes randomly). So the problem doesn't appear to be limited to IPVS anyway.
The machine I'm using for the director/router is a Dell 860 with a Broadcom NetXtreme BCM5721 with the "Tigon3" (tg3.ko) driver. I don't mean to dissuade anybody with any thoughts or ideas they might have though :) -Jesse Joseph Mack NA3T wrote: > On Fri, 20 Jul 2007, Jesse Cantara wrote: > > Hi Jesse, > Thanks for the complete problem report. I'm leaving > your whole post here so Julian sees it. > >> Hello, > > Hi Julian, > Is this a problem with the masquerading code below > ip_vs()? If so it seems hard to imagine no-one else has seen > it. > >> I'm trying to figure out a problem I'm having with my LVS-NAT setup. >> It's a very simple setup, one director, two networks (director has two >> nics, one on lan one on internet), three webservers on LAN only on port >> 80. The issue I'm having is occasionally and randomly the director will >> apparently just sever the connection when trying to download a file from >> the webserver. I have performed these tests just fine without issue: >> 1) Downloading a file directly from the director to a client >> 2) Downloading a file from the webserver to the director >> >> So it would appear that the physical connection is OK, I can make >> connections to the individual machines without problem, just when >> connecting through the director to the webserver. >> >> What happens is I will be downloading a file, and it will hang (at >> random points during the download, sometimes not at all), and not continue. >> >> ipvsadm will show "ESTABLISHED" on that connection for quite a long >> time, then "ERR!" after it times out I believe. >> >> Watching the traffic on a packet-sniffer client-side shows that directly >> before the failure, my client keeps sending the same "ack" message back >> to the server over and over, and the server appears to not recognize it. > > we had a problem a little like that a while ago and I can't > remember if it was fixed or not (most likley we didn't fix > it). > >> It must be related, but it makes me question where the problem is: the >> exact same sort of problem happens when I set up IPTABLES to forward a >> port on the director to one of the webservers directly. I'm not sure if >> I'm barking up the wrong tree asking on this mailing list, but hopefully >> somebody has run into something similar before, or can at least point me >> in the right direction :) > > no this is the place to ask. > > Joe > >> Here is the config of my machines: >> CentOS 5 >> latest kernel 2.6.18-8.1.8.el5 >> ipvsadm v1.24 >> IPVS v1.2.0 >> >> I'm not doing anything "fancy" with the webserver, just downloading a >> large file for test, from apache. Like I said, the webservers work fine >> when accessing not through the director. >> >> If there's anything I have missed, I apologize. Please let me know >> anything else that I should provide for information. >> >> Thanks in advance, >> -Jesse >> >> >> _______________________________________________ >> LinuxVirtualServer.org mailing list - [email protected] >> Send requests to [EMAIL PROTECTED] >> or go to http://lists.graemef.net/mailman/listinfo/lvs-users >> > _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
