Hi Graeme, Actually this issue occurred within Keepalived with `per second` loop delay_loop and 1 second TCP verification check, but since it uses IPVS under the hood, I sent the question into this mail list.
What I found so far, is `secure_tcp` sysctl option: http://www.linuxvirtualserver.org/docs/sysctl.html I was hoping that it will help to reroute the SYN packet to the different backend, but it doesn't happen. Regards, On Fri, Apr 13, 2018 at 1:34 PM, Graeme Fowler <gra...@graemef.net> wrote: > On 13 Apr 2018, at 10:45, kay <kay.d...@gmail.com> wrote: >> I have a special use case for the Direct Routing (DR) mode. >> Is there a possibility to reroute SYN packets, when they can not be >> delivered to the backend? It could be easily detected by several SYN >> packets being sent. > > Repeating the earlier answer: > > You need an extra application to do this. There are several, but I’d suggest > you look at keepalived as a first option. > > There was much discussion many years ago (20 or so) about putting > realserver/backend monitoring into IPVS, but it was felt at the time that > this wasn’t a kernel function and should be handled by a userspace > application. That still applies today. > > Graeme > _______________________________________________ > Please read the documentation before posting - it's available at: > http://www.linuxvirtualserver.org/ > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org > Send requests to lvs-users-requ...@linuxvirtualserver.org > or go to http://lists.graemef.net/mailman/listinfo/lvs-users _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users