[CentOS] IPVS connections not removed

Fri Dec 22 11:42:26 UTC 2006
Will McDonald <wmcdonald at gmail.com>

On 22/12/06, Will McDonald <wmcdonald at gmail.com> wrote:
> On 22/12/06, Sébastien AVELINE <saveline at alinto.net> wrote:
> > Will McDonald a écrit :
> > > On 22/12/06, Sébastien AVELINE <saveline at alinto.net> wrote:
> > >> Hi centos users,
> > >>
> > >> I've installed a load balancer using lvs (with direct routing). I use
> > >> LVS
> > >> with a heartbeat configuration and ldirectord and I don't use
> > >> persistent connections.My problem is when i am running "ipvsadm
> > >> -lcn", I can
> > >> see a lot of connections with the CLOSE (or others states)
> > >> state going from 00:59 to 00:01, and then going back to 00:59. In other
> > >> words these connections should be dropped after they timed out but the
> > >> counter is
> > >> reseted to 60. I wanted to compare these entries on my real servers with
> > >> netstat and I can say that these connections are not on my real
> > >> servers and
> > >> they should
> > >> be dropped from ip_vs_conn entries. My connection table is growing
> > >> and I'm
> > >> wondering if this connections table will not be too huge after a long
> > >> time.
> > >>
> I'm afraid not, all our systems are setup using masquerading NAT. That
> was going to be my next question if it turned out (as it did) that
> you're using kosher RPMs. :)
>
> I've only ever had LVSes configured with NAT so have no experience and
> only a vague memory of how DR works from the docs. If no one here can
> point you in the right direction there's a dedicated LVS list too
> which might be worth searching the archives of and then questioning if
> you can't find an answer.
>
> http://archive.linuxvirtualserver.org/html/lvs-users/

And, to follow up my own post, I've just had a quick look through my
LVS list mails and spotted:

http://archive.linuxvirtualserver.org/html/lvs-users/2006-11/msg00200.html

There's no follow up from the OP which may or may not be a good thing. :)

It appears a kernel upgrade to 2.6.18 (!) may help. You might want to
fire off a mail to the OP and ask if he had any success. I have the
un-obfuscated address in my mailstore, I'll send it offlist.

Will.