On Fri, Oct 21, 2016 at 10:19 PM, Nick Fisk <nick@xxxxxxxxxx> wrote:
Hi,
I'm just testing out using a Ceph client in a DMZ behind a FW from the main Ceph cluster. One thing I have noticed is that if the
state table on the FW is emptied maybe by restarting it or just clearing the state table...etc. Then the Ceph client will hang for a
long time as the TCP session can no longer pass through the FW and just gets blocked instead.
This "FW" is linux firewall or hardware FW?
I believe this behaviour can be adjusted by the "ms tcp read timeout" setting to limit its impact, but wondering if anybody has any
other ideas. I'm also thinking of experimenting with either stateless FW rules for Ceph or getting the FW to send back RST packets
instead of silently dropping packets.
hmm, I think it depends on FW
Thanks,
Nick
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph. com
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
