I have a number of LVS directors running a mixture of CentOS 5 and CentOS 6 (running kernels 2.6.18-238.5.1 and 2.6.32-71.29.1). I have applied the ipvs-nfct patch to the kernel(s).
When I set /proc/sys/net/ipv4/vs/conntrack to 1 I have PMTU issues. When it is set to 0 the issues go away. The issue is when a client on a network with a <1500 byte MTU connects. One of my real servers replies to the clients request with a 1500 byte packet and a device upstream of the client will send an ICMP must fragment. When conntrack=0 the director passed the (modified) ICMP packet on to the client. When conntrack=1 the director doesn't send an ICMP to the real server. I can toggle conntrack and watch the PMTU work and not work. I would happily leave conntrack off, but it has a huge performance impact. With my traffic profile the softirq load doubles when I turn off conntrack. My busiest director is doing 2.1Gb of traffic and with conntrack off it can probably only handle 2.5Gb. I am hoping that this issue has been observed and fixed and someone will be able to point me to the patch so I can back port it to my kernels (or finally get rid of CentOS 5!). Thanks Tim _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users
