3

Could you please advise what's this 'expire' time in the connections table:

# ipvsadm -lnc | head
IPVS connection entries
pro expire state       source             virtual            destination
TCP 07:17  ESTABLISHED CLIENT_IP:54799 VIP:443   REAL_SERVER_IP:443

I'm using Red Hat load balancer (DR with firewall marks, no persistence connections) and according to docs the default value for TCP, TCP FIN and UDP time-out is 0 however it looks like this expiry time is 15 minutes and there is many active connections - is it related to --set parameters?

# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
FWM  80 wlc
  -> REAL_SERVER_1:80               Route   1      402        0         
  -> REAL_SERVER_2:80              Route   1      404        1         
  -> REAL_SERVER_3:80              Route   1      406        0         
FWM  443 wlc
  -> REAL_SERVER_1:443              Route   1      2214       0         
  -> REAL_SERVER_2:443             Route   1      2215       3         
  -> REAL_SERVER_3:443             Route   1      2214       1
HTF
  • 3,278

1 Answers1

5

The timeouts from the command you listed can be adjusted with the --set command. You can retrieve the current values that are set with ipvsadm -l --timeout:

root@lb1:~# ipvsadm -l --timeout
Timeout (tcp tcpfin udp): 900 120 300

I don't have Red Hat Load Balancer running to test this myself but I suspect that the TCP timeout value will be perhaps 900 as well.

From reading the docs I don't think a timeout value of 0 actually means instant timeout. It seems like when --set is used and a value of 0 given it means no change 1. If the timeout value is exceptionally low you will run into issues with connections.

Tombart
  • 2,523
gbe0
  • 375