^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) .. SPDX-License-Identifier: GPL-2.0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) ===========
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) IPvs-sysctl
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) ===========
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) /proc/sys/net/ipv4/vs/* Variables:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) ==================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) am_droprate - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) default 10
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) It sets the always mode drop rate, which is used in the mode 3
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) of the drop_rate defense.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) amemthresh - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) default 1024
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) It sets the available memory threshold (in pages), which is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) used in the automatic modes of defense. When there is no
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) enough available memory, the respective strategy will be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) enabled and the variable is automatically set to 2, otherwise
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) the strategy is disabled and the variable is set to 1.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) backup_only - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) - 0 - disabled (default)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) - not 0 - enabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) If set, disable the director function while the server is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) in backup mode to avoid packet loops for DR/TUN methods.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) conn_reuse_mode - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) 1 - default
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) Controls how ipvs will deal with connections that are detected
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) port reuse. It is a bitmap, with the values being:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) 0: disable any special handling on port reuse. The new
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) connection will be delivered to the same real server that was
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) servicing the previous connection.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) bit 1: enable rescheduling of new connections when it is safe.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) That is, whenever expire_nodest_conn and for TCP sockets, when
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) the connection is in TIME_WAIT state (which is only possible if
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) you use NAT mode).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) bit 2: it is bit 1 plus, for TCP connections, when connections
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) are in FIN_WAIT state, as this is the last state seen by load
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) balancer in Direct Routing mode. This bit helps on adding new
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) real servers to a very busy cluster.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) conntrack - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) - 0 - disabled (default)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) - not 0 - enabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) If set, maintain connection tracking entries for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) connections handled by IPVS.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) This should be enabled if connections handled by IPVS are to be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) also handled by stateful firewall rules. That is, iptables rules
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) that make use of connection tracking. It is a performance
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) optimisation to disable this setting otherwise.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) Connections handled by the IPVS FTP application module
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) will have connection tracking entries regardless of this setting.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) Only available when IPVS is compiled with CONFIG_IP_VS_NFCT enabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) cache_bypass - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) - 0 - disabled (default)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) - not 0 - enabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) If it is enabled, forward packets to the original destination
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) directly when no cache server is available and destination
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) address is not local (iph->daddr is RTN_UNICAST). It is mostly
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) used in transparent web cache cluster.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) debug_level - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) - 0 - transmission error messages (default)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) - 1 - non-fatal error messages
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) - 2 - configuration
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) - 3 - destination trash
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) - 4 - drop entry
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) - 5 - service lookup
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) - 6 - scheduling
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) - 7 - connection new/expire, lookup and synchronization
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) - 8 - state transition
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) - 9 - binding destination, template checks and applications
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) - 10 - IPVS packet transmission
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) - 11 - IPVS packet handling (ip_vs_in/ip_vs_out)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) - 12 or more - packet traversal
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) Only available when IPVS is compiled with CONFIG_IP_VS_DEBUG enabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) Higher debugging levels include the messages for lower debugging
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) levels, so setting debug level 2, includes level 0, 1 and 2
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) messages. Thus, logging becomes more and more verbose the higher
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) the level.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) drop_entry - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) - 0 - disabled (default)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) The drop_entry defense is to randomly drop entries in the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) connection hash table, just in order to collect back some
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) memory for new connections. In the current code, the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) drop_entry procedure can be activated every second, then it
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) randomly scans 1/32 of the whole and drops entries that are in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) the SYN-RECV/SYNACK state, which should be effective against
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) syn-flooding attack.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) The valid values of drop_entry are from 0 to 3, where 0 means
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) that this strategy is always disabled, 1 and 2 mean automatic
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) modes (when there is no enough available memory, the strategy
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) is enabled and the variable is automatically set to 2,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) otherwise the strategy is disabled and the variable is set to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) 1), and 3 means that the strategy is always enabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) drop_packet - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) - 0 - disabled (default)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) The drop_packet defense is designed to drop 1/rate packets
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) before forwarding them to real servers. If the rate is 1, then
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) drop all the incoming packets.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) The value definition is the same as that of the drop_entry. In
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) the automatic mode, the rate is determined by the follow
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) formula: rate = amemthresh / (amemthresh - available_memory)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) when available memory is less than the available memory
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) threshold. When the mode 3 is set, the always mode drop rate
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) is controlled by the /proc/sys/net/ipv4/vs/am_droprate.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) expire_nodest_conn - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) - 0 - disabled (default)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) - not 0 - enabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) The default value is 0, the load balancer will silently drop
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) packets when its destination server is not available. It may
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) be useful, when user-space monitoring program deletes the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) destination server (because of server overload or wrong
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) detection) and add back the server later, and the connections
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) to the server can continue.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) If this feature is enabled, the load balancer will expire the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) connection immediately when a packet arrives and its
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) destination server is not available, then the client program
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) will be notified that the connection is closed. This is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) equivalent to the feature some people requires to flush
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) connections when its destination is not available.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) expire_quiescent_template - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) - 0 - disabled (default)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) - not 0 - enabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) When set to a non-zero value, the load balancer will expire
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) persistent templates when the destination server is quiescent.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) This may be useful, when a user makes a destination server
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) quiescent by setting its weight to 0 and it is desired that
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) subsequent otherwise persistent connections are sent to a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) different destination server. By default new persistent
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) connections are allowed to quiescent destination servers.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) If this feature is enabled, the load balancer will expire the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) persistence template if it is to be used to schedule a new
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) connection and the destination server is quiescent.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) ignore_tunneled - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) - 0 - disabled (default)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) - not 0 - enabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) If set, ipvs will set the ipvs_property on all packets which are of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) unrecognized protocols. This prevents us from routing tunneled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) protocols like ipip, which is useful to prevent rescheduling
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) packets that have been tunneled to the ipvs host (i.e. to prevent
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) ipvs routing loops when ipvs is also acting as a real server).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) nat_icmp_send - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) - 0 - disabled (default)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) - not 0 - enabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) It controls sending icmp error messages (ICMP_DEST_UNREACH)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) for VS/NAT when the load balancer receives packets from real
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) servers but the connection entries don't exist.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) pmtu_disc - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) - 0 - disabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) - not 0 - enabled (default)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) By default, reject with FRAG_NEEDED all DF packets that exceed
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) the PMTU, irrespective of the forwarding method. For TUN method
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) the flag can be disabled to fragment such packets.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) secure_tcp - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) - 0 - disabled (default)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) The secure_tcp defense is to use a more complicated TCP state
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) transition table. For VS/NAT, it also delays entering the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) TCP ESTABLISHED state until the three way handshake is completed.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) The value definition is the same as that of drop_entry and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) drop_packet.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) sync_threshold - vector of 2 INTEGERs: sync_threshold, sync_period
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) default 3 50
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) It sets synchronization threshold, which is the minimum number
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) of incoming packets that a connection needs to receive before
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) the connection will be synchronized. A connection will be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) synchronized, every time the number of its incoming packets
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) modulus sync_period equals the threshold. The range of the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) threshold is from 0 to sync_period.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) When sync_period and sync_refresh_period are 0, send sync only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) for state changes or only once when pkts matches sync_threshold
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) sync_refresh_period - UNSIGNED INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) default 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) In seconds, difference in reported connection timer that triggers
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) new sync message. It can be used to avoid sync messages for the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) specified period (or half of the connection timeout if it is lower)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) if connection state is not changed since last sync.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) This is useful for normal connections with high traffic to reduce
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) sync rate. Additionally, retry sync_retries times with period of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) sync_refresh_period/8.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) sync_retries - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) default 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) Defines sync retries with period of sync_refresh_period/8. Useful
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) to protect against loss of sync messages. The range of the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) sync_retries is from 0 to 3.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) sync_qlen_max - UNSIGNED LONG
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) Hard limit for queued sync messages that are not sent yet. It
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) defaults to 1/32 of the memory pages but actually represents
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) number of messages. It will protect us from allocating large
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) parts of memory when the sending rate is lower than the queuing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) rate.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) sync_sock_size - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) default 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) Configuration of SNDBUF (master) or RCVBUF (slave) socket limit.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) Default value is 0 (preserve system defaults).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) sync_ports - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) default 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) The number of threads that master and backup servers can use for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) sync traffic. Every thread will use single UDP port, thread 0 will
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) use the default port 8848 while last thread will use port
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) 8848+sync_ports-1.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) snat_reroute - BOOLEAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) - 0 - disabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) - not 0 - enabled (default)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) If enabled, recalculate the route of SNATed packets from
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) realservers so that they are routed as if they originate from the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) director. Otherwise they are routed as if they are forwarded by the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) director.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) If policy routing is in effect then it is possible that the route
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) of a packet originating from a director is routed differently to a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) packet being forwarded by the director.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) If policy routing is not in effect then the recalculated route will
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) always be the same as the original route so it is an optimisation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) to disable snat_reroute and avoid the recalculation.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) sync_persist_mode - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) default 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) Controls the synchronisation of connections when using persistence
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) 0: All types of connections are synchronised
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) 1: Attempt to reduce the synchronisation traffic depending on
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) the connection type. For persistent services avoid synchronisation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) for normal connections, do it only for persistence templates.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) In such case, for TCP and SCTP it may need enabling sloppy_tcp and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) sloppy_sctp flags on backup servers. For non-persistent services
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) such optimization is not applied, mode 0 is assumed.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) sync_version - INTEGER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) default 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) The version of the synchronisation protocol used when sending
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) synchronisation messages.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) 0 selects the original synchronisation protocol (version 0). This
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) should be used when sending synchronisation messages to a legacy
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) system that only understands the original synchronisation protocol.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) 1 selects the current synchronisation protocol (version 1). This
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) should be used where possible.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) Kernels with this sync_version entry are able to receive messages
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) of both version 1 and version 2 of the synchronisation protocol.
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags