From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Michele Codutti <michele.codutti@uniud.it>
Cc: netfilter@vger.kernel.org
Subject: Re: ClusterIP network slowdown
Date: Thu, 02 Dec 2010 13:10:02 +0100 [thread overview]
Message-ID: <4CF78C9A.80302@netfilter.org> (raw)
In-Reply-To: <1291107610.2488.46.camel@nerino>
On 30/11/10 10:00, Michele Codutti wrote:
> Hello, in these days i had fun with the ClusterIP target associated to a
> web server. All is good and bright with the exception of two issues:
> - the message "CLUSTERIP: no conntrack!"
> - a general slowdown of the other network services (like ssh) of the two
> nodes of the cluster.
> To solve all my problems i've inserted this iptables rule:
> iptables -I INPUT 1 -m state --state INVALID -j DROP
> This is a solution that isn't good enough because i manage the apache2
> and the clustered ip with heartbeat2.
> Example: if i standby a node (for maintenance) and resume it after a
> while this can be a problem because heartbeat put the clusterip rule on
> top of the others so the dropping rule above became the second one and
> then the workaround had no effect.
> Why the clusterip had such an heavy impact on the networking? Before the
> clusterip my cluster was active-standby and i've got no problems at all.
> Now that the load per node is halved i noticed more load than before.
> The strangest thing is that (with the top tool) this load seem not exist
> and the nodes are not loaded at all:
> load average: 0.50, 0.36, 0.37
> How can i fix this without the dropping rule above?
> There is a way to see how the networking is loaded?
A suggestion, better use the 'cluster' match.
next prev parent reply other threads:[~2010-12-02 12:10 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-30 9:00 ClusterIP network slowdown Michele Codutti
2010-11-30 12:59 ` Edison Figueira
2010-11-30 16:00 ` Michele Codutti
2010-12-01 9:11 ` Michele Codutti
2010-12-02 12:10 ` Pablo Neira Ayuso [this message]
2010-12-02 14:01 ` Michele Codutti
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4CF78C9A.80302@netfilter.org \
--to=pablo@netfilter.org \
--cc=michele.codutti@uniud.it \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox