Re: Split access and strange things...

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello Marco,
The problem you have is that after each route cache flush, traffic from existing connections is routed through the wrong interface. 

As a workaround, you can set the following sysctl values:

net.ipv4.route.secret_interval=21600
net.ipv4.route.gc_elasticity=80
It will make the problem happen every 8h (the default value for secret_interval is 10 minutes), at the cost of using more server memory. 

If anyone knows a better solution, please let me know :-)

Best Regards,

	Pau Oliva

----
twitter: @pof
http://pof.eslack.org


On 07/04/2012 06:29 PM, Marco Gaiarin wrote:


With two uplink, i've setup split access with load balancing:

	http://lartc.org/howto/lartc.rpdb.multiple-links.html

but on big download, trouble arise.

I need to download some DVD image, and i've tried 3 time, the first two
the download stalls after 50-100MB.

I've fired up tcpdump on both public interfaces, and the download start
from one interface (eth1), and this is expected because it is a direct
http downlaod and split access with load balancing are route based.
But after some times, this strange thing happen:

in eth1 come the ''reply'' from the server, eg the data:

  18:21:51.475148 IP 93.186.135.105.80 > MY.IP.41928: Flags [.], seq 485272930:485274378, ack 1, win 5792, options [nop,nop,TS val 1840500332 ecr 3260276], length 1448
  18:21:51.481077 IP 93.186.135.105.80 > MY.IP.41928: Flags [.], seq 485274378:485275826, ack 1, win 5792, options [nop,nop,TS val 1840500332 ecr 3260276], length 1448
  18:21:51.486703 IP 93.186.135.105.80 > MY.IP.41928: Flags [.], seq 485275826:485277274, ack 1, win 5792, options [nop,nop,TS val 1840500332 ecr 3260276], length 1448
  18:21:51.492600 IP 93.186.135.105.80 > MY.IP.41928: Flags [.], seq 485277274:485278722, ack 1, win 5792, options [nop,nop,TS val 1840500332 ecr 3260276], length 1448
  18:21:51.498579 IP 93.186.135.105.80 > MY.IP.41928: Flags [.], seq 485278722:485280170, ack 1, win 5792, options [nop,nop,TS val 1840500332 ecr 3260276], length 1448
  18:21:51.504719 IP 93.186.135.105.80 > MY.IP.41928: Flags [.], seq 485280170:485281618, ack 1, win 5792, options [nop,nop,TS val 1840500347 ecr 3260284], length 1448
  18:21:51.510656 IP 93.186.135.105.80 > MY.IP.41928: Flags [.], seq 485281618:485283066, ack 1, win 5792, options [nop,nop,TS val 1840500347 ecr 3260284], length 1448
  18:21:51.516013 IP 93.186.135.105.80 > MY.IP.41928: Flags [.], seq 485283066:485284514, ack 1, win 5792, options [nop,nop,TS val 1840500347 ecr 3260284], length 1448
  18:21:51.522166 IP 93.186.135.105.80 > MY.IP.41928: Flags [.], seq 485284514:485285962, ack 1, win 5792, options [nop,nop,TS val 1840500347 ecr 3260284], length 1448
  18:21:51.528137 IP 93.186.135.105.80 > MY.IP.41928: Flags [.], seq 485285962:485287410, ack 1, win 5792, options [nop,nop,TS val 1840500376 ecr 3260290], length 1448
  18:21:51.534032 IP 93.186.135.105.80 > MY.IP.41928: Flags [.], seq 485287410:485288858, ack 1, win 5792, options [nop,nop,TS val 1840500376 ecr 3260290], length 1448
  18:21:51.539713 IP 93.186.135.105.80 > MY.IP.41928: Flags [.], seq 485288858:485290306, ack 1, win 5792, options [nop,nop,TS val 1840500376 ecr 3260290], length 1448

and from eth2.11, the other interface, go the request/ack:

  18:21:52.474825 IP MY.IP.41928 > 93.186.135.105.80: Flags [.], ack 356586275, win 11765, options [nop,nop,TS val 3260545 ecr 1840501220], length 0
  18:21:52.491656 IP MY.IP.41928 > 93.186.135.105.80: Flags [.], ack 356589171, win 11765, options [nop,nop,TS val 3260550 ecr 1840501220], length 0
  18:21:52.504299 IP MY.IP.41928 > 93.186.135.105.80: Flags [.], ack 356592067, win 11765, options [nop,nop,TS val 3260553 ecr 1840501231], length 0
  18:21:52.517080 IP MY.IP.41928 > 93.186.135.105.80: Flags [.], ack 356594963, win 11765, options [nop,nop,TS val 3260556 ecr 1840501231], length 0
  18:21:52.529671 IP MY.IP.41928 > 93.186.135.105.80: Flags [.], ack 356597859, win 11765, options [nop,nop,TS val 3260559 ecr 1840501262], length 0
  18:21:52.538145 IP MY.IP.41928 > 93.186.135.105.80: Flags [.], ack 356600755, win 11765, options [nop,nop,TS val 3260561 ecr 1840501262], length 0
  18:21:52.555053 IP MY.IP.41928 > 93.186.135.105.80: Flags [.], ack 356603651, win 11765, options [nop,nop,TS val 3260565 ecr 1840501358], length 0
  18:21:52.567638 IP MY.IP.41928 > 93.186.135.105.80: Flags [.], ack 356606547, win 11765, options [nop,nop,TS val 3260569 ecr 1840501358], length 0
  18:21:52.580377 IP MY.IP.41928 > 93.186.135.105.80: Flags [.], ack 356609443, win 11765, options [nop,nop,TS val 3260572 ecr 1840501358], length 0
  18:21:52.592992 IP MY.IP.41928 > 93.186.135.105.80: Flags [.], ack 356612339, win 11765, options [nop,nop,TS val 3260575 ecr 1840501358], length 0
  18:21:52.601490 IP MY.IP.41928 > 93.186.135.105.80: Flags [.], ack 356615235, win 11765, options [nop,nop,TS val 3260577 ecr 1840501358], length 0
  18:21:52.618340 IP MY.IP.41928 > 93.186.135.105.80: Flags [.], ack 356618131, win 11765, options [nop,nop,TS val 3260581 ecr 1840501358], length 0
  18:21:52.631022 IP MY.IP.41928 > 93.186.135.105.80: Flags [.], ack 356621027, win 11765, options [nop,nop,TS val 3260584 ecr 1840501358], length 0

This explain also the stalls: the second interface (eth2.11) have
''double nat'', eg the ip are 192.168.11.254 and there's a router that
to a second nat to the Net, and probably the double nat mess all the
things.


Indeed, this is not normal. What i'm missing? Thanks.



--
To unsubscribe from this list: send the line "unsubscribe lartc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux