[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PF and Foundry ServerIron load balancer - potential TIME_WAIT pro blem.

To: Adrian Buxton <Adrian.Buxton@team.ozemail.com.au>
Subject: Re: PF and Foundry ServerIron load balancer - potential TIME_WAIT pro blem.
From: Mike Frantzen <frantzen@w4g.org>
Date: Thu, 28 Mar 2002 10:25:50 -0500
Cc: misc@openbsd.org
Content-Disposition: inline
References: <74AB07E55B7BD411B33200508B605FCF060B665F@mail-is.internal.ozemail.com.au>

> thanks for the info on this. From what is being said, with tcp.closed at 30s
> and interval at 10s I should see the TIME_WAIT state being removed after
> 30-40 seconds. This is not happening. I've left it all night and it's not
> going anywhere. This is while the ServerIron is still performing it's
> healthcheck - this entales 3 SYN packets transmitted, wait about 3 seconds
> for a response then send a RST when one is not received. Wait 4 seconds and
> resend the 3 SYN's.. this goes on and on and on

The timeout is updated every time a new packet is received.  If you
decrease that expiration timeout low enough to compensate for the
ServerIron's brokeness, you'll end up cutting off valid connections
too early.  I suppose that doesn't matter too much in the TIME_WAIT
state but you'll end up with more bogus log entries.

Why don't you just use a non-stateful rule for the ServerIron?
 
.mike

References:
- Re: PF and Foundry ServerIron load balancer - potential TIME_WAIT pro blem.
  - From: Adrian Buxton <Adrian.Buxton@team.ozemail.com.au>

Prev by Date: Re: Ultra160 SCSI host adapter
Next by Date: Re: Osama'S code? 영어, 일본어 실패란없습니다!! . 동반자가
Prev by thread: Re: PF and Foundry ServerIron load balancer - potential TIME_WAIT pro blem.
Next by thread: a few questions for a newbie
Index(es):
- Date
- Thread