A colleague of mine discovered the problem, and I'm posting here so anyone with the same problem can see the workaround.
On Mon, Apr 25, 2011 at 5:21 PM, Israel Hsu <[email protected]> wrote: > I'm having a problem with TCP connections not being properly closed. > > I'm setting up a simple LVS director using keepalived. > Director and server are running Linux 2.6.18.8. > Director is running keepalived 1.2.2. > Firewall is stopped on all three computers. > > There are three computers: one client, one director, and one HTTP > server. I am using LVS-NAT. > ... > So, you can see that the client never acknowledges data3,F with a > FINACK. Now you may say this is a problem with the client, but the > client is just "telnet server 80". The output at the client is the > HTTP page requested up to and not including the data3 packet. One detail I neglected to mention because I thought it had no impact was that my directors and real servers were all running as PV virtual machines under the Xen hypervisor. Apparently, there is a bug in Xen's virtual devices that affects TCP checksum offloading, causing the symptom I was seeing. The workaround is to disable TCP checksum offloading on the servers: ethtool -K eth0 tx off Connections close properly now! -- Israel Now my connections are closing properly. _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
