From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Arturo Borrero Gonzalez <arturo@debian.org>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [conntrack-tools PATCH 4/4] conntrackd: introduce RequestResync option
Date: Tue, 25 Apr 2017 13:37:32 +0200 [thread overview]
Message-ID: <20170425113732.GB5355@salvia> (raw)
In-Reply-To: <149270929676.1751.18425946182083865800.stgit@nfdev2.cica.es>
On Thu, Apr 20, 2017 at 07:28:16PM +0200, Arturo Borrero Gonzalez wrote:
> In some environments where both nodes of a cluster share all the conntracks,
> after an initial or manual resync, the conntrack information diverges from
> node to node.
>
> I have observed that this is not due to syncronization problems, given the
> link between the nodes is very stable and stats show no issues.
> So, this could be due to every node of the cluster seing slighly different
> traffic and flow updates, perhaps different tiemouts being applied to
> the conntracks in every node.
> A manual resync (using conntrackd -n) resolves these issues inmediately.
>
> This new configuration option tells conntrackd to request a resync
> with the other node, similar to what could happen manually using
> the 'conntrackd -n' command.
>
> By now this option is only valid in NOTRACK sync mode.
>
> Example configuration:
>
> [...]
> Sync {
> Mode NOTRACK {
> DisableInternalCache on
> DisableExternalCache on
> RequestResync 30
This looks very similar to the timer based approach that it is already
there. Did you give it a try?
This approach doesn't solve nicely the case where you have an entry
with a large timeout that got out of sync.
next prev parent reply other threads:[~2017-04-25 11:37 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-20 17:28 [conntrack-tools PATCH 1/4] conntrackd: factorice tx_queue functions Arturo Borrero Gonzalez
2017-04-20 17:28 ` [conntrack-tools PATCH 2/4] conntrackd: warn users about queue allocation errors Arturo Borrero Gonzalez
2017-04-25 11:34 ` Pablo Neira Ayuso
2017-04-25 12:40 ` Arturo Borrero Gonzalez
2017-04-25 13:16 ` Pablo Neira Ayuso
2017-05-02 8:34 ` Arturo Borrero Gonzalez
2017-05-02 10:03 ` Pablo Neira Ayuso
2017-05-02 10:09 ` Pablo Neira Ayuso
2017-04-20 17:28 ` [conntrack-tools PATCH 3/4] conntrackd: factorize resync operations Arturo Borrero Gonzalez
2017-05-08 17:52 ` Pablo Neira Ayuso
2017-04-20 17:28 ` [conntrack-tools PATCH 4/4] conntrackd: introduce RequestResync option Arturo Borrero Gonzalez
2017-04-25 11:37 ` Pablo Neira Ayuso [this message]
2017-04-25 12:46 ` Arturo Borrero Gonzalez
2017-04-25 13:18 ` Pablo Neira Ayuso
2017-04-26 11:32 ` Arturo Borrero Gonzalez
2017-05-01 9:13 ` Pablo Neira Ayuso
2017-05-02 8:18 ` Arturo Borrero Gonzalez
2017-05-08 17:47 ` Pablo Neira Ayuso
2017-05-08 17:52 ` [conntrack-tools PATCH 1/4] conntrackd: factorice tx_queue functions Pablo Neira Ayuso
-- strict thread matches above, loose matches on Subject: below --
2017-04-20 16:40 Arturo Borrero Gonzalez
2017-04-20 16:40 ` [conntrack-tools PATCH 4/4] conntrackd: introduce RequestResync option Arturo Borrero Gonzalez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170425113732.GB5355@salvia \
--to=pablo@netfilter.org \
--cc=arturo@debian.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.