HI Julian,
Thanks for the information. I was using keepalived-1.3.5-8.el7_6.x86_64 to
manage ipvsadm settings and that seems to be not doing the right thing and
respecting configs.
>From keepalived.conf manpage:-
# LVS granularity mask (-M in ipvsadm)
persistence_granularity <NETMASK>
For now, I have a good understanding of the problem and you were really
helpful.
Thanks,
Abhijeet
On Tue, Aug 27, 2019 at 12:11 AM Julian Anastasov <j...@ssi.bg> wrote:
>
> Hello,
>
> On Mon, 26 Aug 2019, Abhijeet Rastogi wrote:
>
> > Hi Julian,
> >
> > I still wanted to understand this behavior more. You mentioned:-
> >
> > ```
> > When the timer expires it can be extended each time with new 60
> > seconds if there are existing connections (even if not ESTAB anymore)
> that
> > refer to the persistence template (connection with zeros after the 48-th
> > bit)
> > created to remember which real server is used. So, the persistence
> > template can live very long time if the subnet is very active. You should
> > see one such template for every subnet.
> > ```
> >
> > Where is this documented? Is this 60 second configurable? Can it be
> > disabled? Is this related to this code?
> >
> https://sourcegraph.com/github.com/torvalds/linux@master/-/blob/net/netfilter/ipvs/ip_vs_conn.c#L892
>
> Yes, it is hardcoded in ip_vs_conn_expire() and can not
> be disabled because we know only the count of connections that
> have pointer to the template (n_control), the template has no
> list of the connections from its subnet. So, the template just
> waits all traffic to stop.
>
> > On Mon, Aug 26, 2019 at 2:05 PM Abhijeet Rastogi <
> abhijeet.1...@gmail.com>
> > wrote:
>
> > > Now that you said, if it's not happening it should be a bug, looks
> like I
> > > missed seeing a key section in the ipvsadm output.
> > >
> > > FWM 97284778 IPv6 rr persistent 120
> > > -> [v6_reals:9222]:0 Route 1 0 0
> > > -> [v6_reals:9223]:0 Route 1 0 0
> > > -> [v6_reals:9224]:0 Route 1 0 0
> > >
> > > There is no mask mentioned in the service table info (line1). That
> should
> > > mean that the mask is 128 as per ipvsadm code.
> > >
> > > if (se->af == AF_INET6)
> > > if (se->netmask != 128)
> > > printf(" mask %i", se->netmask);
>
> Make sure -6 is specified exactly after -f FWMARK.
>
> For example:
>
> ipvsadm -A -f FWMARK -6 -s rr -p 120 -M 48
>
> Is it working this way?
>
> http://kb.linuxvirtualserver.org/wiki/IPv6_load_balancing
>
> May be the ipvsadm man page should have example for -6.
>
> Regards
>
> --
> Julian Anastasov <j...@ssi.bg>
>
--
Cheers,
Abhijeet (https://abhi.host)
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-requ...@linuxvirtualserver.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
