From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Michele Codutti <michele.codutti@uniud.it>
Cc: netfilter@vger.kernel.org
Subject: Re: ClusterIP network slowdown
Date: Thu, 02 Dec 2010 13:10:02 +0100 [thread overview]
Message-ID: <4CF78C9A.80302@netfilter.org> (raw)
In-Reply-To: <1291107610.2488.46.camel@nerino>
On 30/11/10 10:00, Michele Codutti wrote:
> Hello, in these days i had fun with the ClusterIP target associated to a
> web server. All is good and bright with the exception of two issues:
> - the message "CLUSTERIP: no conntrack!"
> - a general slowdown of the other network services (like ssh) of the two
> nodes of the cluster.
> To solve all my problems i've inserted this iptables rule:
> iptables -I INPUT 1 -m state --state INVALID -j DROP
> This is a solution that isn't good enough because i manage the apache2
> and the clustered ip with heartbeat2.
> Example: if i standby a node (for maintenance) and resume it after a
> while this can be a problem because heartbeat put the clusterip rule on
> top of the others so the dropping rule above became the second one and
> then the workaround had no effect.
> Why the clusterip had such an heavy impact on the networking? Before the
> clusterip my cluster was active-standby and i've got no problems at all.
> Now that the load per node is halved i noticed more load than before.
> The strangest thing is that (with the top tool) this load seem not exist
> and the nodes are not loaded at all:
> load average: 0.50, 0.36, 0.37
> How can i fix this without the dropping rule above?
> There is a way to see how the networking is loaded?
A suggestion, better use the 'cluster' match.
next prev parent reply other threads:[~2010-12-02 12:10 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-30 9:00 ClusterIP network slowdown Michele Codutti
2010-11-30 12:59 ` Edison Figueira
2010-11-30 16:00 ` Michele Codutti
2010-12-01 9:11 ` Michele Codutti
2010-12-02 12:10 ` Pablo Neira Ayuso [this message]
2010-12-02 14:01 ` Michele Codutti
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4CF78C9A.80302@netfilter.org \
--to=pablo@netfilter.org \
--cc=michele.codutti@uniud.it \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.