Sorry, the last message went accidentally out while being written. Many thanks Julian.
Really good options you provide me :-) > There was recent discussion about this 1-second delay. > May be you will find the needed answers here: > > https://marc.info/?t=151683118100004&r=1&w=2 So bascially the proposed solutions are the same as below. > Basicly, you have 3 options: > > - echo 0 > conn_reuse_mode: do not attempt to reschedule on > port reuse (new SYN hits unexpired conn), just use the same real > server. This can be bad, we do not select alive server if the > server used by old connection is not available anymore (weight=0 > or removed). Already tried this, but has the ugly effect of IPVS not to balancing to newly added servers to the balanced set under high throughput (and connections being effectively reused). > - echo 0 > conntrack: if you do not use rules to match > conntrack state for the IPVS packets. This is slowest, > conntracks are created and destroyed for every packet. Also tried this one, but I think docker (the main IPVS user) is using ipfilter rules that require conntrack, and TCP connections were not being established at all. > - use NOTRACK for IPVS packets: fastest, conntracks are >not created, less memory is used So I think this is the only good remaining option. Rewriting iptables rules (created by docker swarm) so that they don't use tracking. So many many thanks again for your help. I will try 3rd option and come back here with the result. Regards, Toni _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users
