lvs ftp有没有什么地方设置20s超时？

Submitted by justree on 周四, 2013-06-13 03:56

为了方便以后ftp透明迁移，我是用lvs给现在的ftp服务器加了个VIP。
可能是因为自带ftp helper之类的模块吧，我倒是没碰到动态端口这个问题，直接在keepalived中配置了21端口就可用了。
但是我发现另外一个问题，如果超过20s没有对ftp执行命令（比如传输文件时间超过20s后再想执行ls命令），那么就会报这个错误：
421 Service not available, remote server has closed connection
Passive mode refused. Turning off passive mode.
No control connection for command: Transport endpoint is not connected
在client上最后一次执行ls（此次执行失败）抓包如下：
Source Destination Protocol Length Info
172.16.18.201 172.16.60.191 FTP 72 Request: PASV
172.16.60.191 172.16.18.201 TCP 60 ftp > 58952 [RST] Seq=583 Win=0 Len=0
如果是正常执行ls，抓包类似：
172.16.18.201 172.16.60.191 FTP 72 Request: PASV
172.16.60.191 172.16.18.201 FTP 118 Response: 227 Entering Passive Mode (172,16,60,191,152,121).
172.16.18.201 172.16.60.191 TCP 74 59800 > 39033 [SYN] Seq=0 Win=5840 Len=0 MSS=1460
172.16.60.191 172.16.18.201 TCP 74 39033 > 59800 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460
172.16.18.201 172.16.60.191 TCP 66 59800 > 39033 [ACK] Seq=1 Ack=1 Win=5888 Len=0

如果不通过lvs的VIP访问ftp，是没有这种现象的。不知道lvs是不是什么的地方设置了20s就帮客户端断开ftp连接了。
lvs上的会话保持时间设置为300s。ftp当然是没有设定超时时间的。

补充一下：
在lvs master上抓包：（一个正常ls加一个20s后异常的ls）
12:02:56.557992 IP 172.16.18.201.55848 > 172.16.60.191.ftp: S 2189300932:2189300932(0) win 5840
12:02:56.566423 IP 172.16.18.201.55848 > 172.16.60.191.ftp: S 2189300932:2189300932(0) win 5840
12:02:56.563266 IP 172.16.18.201.55848 > 172.16.60.191.ftp: . ack 1522065948 win 46
12:02:56.563272 IP 172.16.18.201.55848 > 172.16.60.191.ftp: . ack 1 win 46
12:02:56.583892 IP 172.16.18.201.55848 > 172.16.60.191.ftp: . ack 75 win 46
12:02:56.583900 IP 172.16.18.201.55848 > 172.16.60.191.ftp: . ack 75 win 46
12:02:56.583966 IP 172.16.18.201.55848 > 172.16.60.191.ftp: P 0:13(13) ack 75 win 46
12:02:56.583976 IP 172.16.18.201.55848 > 172.16.60.191.ftp: P 0:13(13) ack 75 win 46
12:02:56.589659 IP 172.16.18.201.55848 > 172.16.60.191.ftp: P 13:31(18) ack 100 win 46
12:02:56.589665 IP 172.16.18.201.55848 > 172.16.60.191.ftp: P 13:31(18) ack 100 win 46
12:02:56.633737 IP 172.16.18.201.55848 > 172.16.60.191.ftp: . ack 125 win 46
12:02:56.633744 IP 172.16.18.201.55848 > 172.16.60.191.ftp: . ack 125 win 46
12:02:58.029883 IP 172.16.18.201.55848 > 172.16.60.191.ftp: P 31:40(9) ack 125 win 46
12:02:58.029888 IP 172.16.18.201.55848 > 172.16.60.191.ftp: P 31:40(9) ack 125 win 46
12:02:58.035789 IP 172.16.18.201.55848 > 172.16.60.191.ftp: . ack 155 win 46
12:02:58.035795 IP 172.16.18.201.55848 > 172.16.60.191.ftp: . ack 155 win 46
12:02:59.596432 IP 172.16.18.201.55848 > 172.16.60.191.ftp: P 40:59(19) ack 155 win 46
12:02:59.596437 IP 172.16.18.201.55848 > 172.16.60.191.ftp: P 40:59(19) ack 155 win 46
12:02:59.660495 IP 172.16.18.201.55848 > 172.16.60.191.ftp: . ack 178 win 46
12:02:59.660500 IP 172.16.18.201.55848 > 172.16.60.191.ftp: . ack 178 win 46
12:02:59.660567 IP 172.16.18.201.55848 > 172.16.60.191.ftp: P 59:65(6) ack 178 win 46
12:02:59.660577 IP 172.16.18.201.55848 > 172.16.60.191.ftp: P 59:65(6) ack 178 win 46
12:02:59.710646 IP 172.16.18.201.55848 > 172.16.60.191.ftp: . ack 197 win 46
12:02:59.710654 IP 172.16.18.201.55848 > 172.16.60.191.ftp: . ack 197 win 46
12:03:00.522421 IP 172.16.18.201.55848 > 172.16.60.191.ftp: P 65:71(6) ack 197 win 46
12:03:00.522426 IP 172.16.18.201.55848 > 172.16.60.191.ftp: P 65:71(6) ack 197 win 46
12:03:00.526312 IP 172.16.18.201.55848 > 172.16.60.191.ftp: . ack 249 win 46
12:03:00.526319 IP 172.16.18.201.55848 > 172.16.60.191.ftp: . ack 249 win 46
12:03:00.526385 IP 172.16.18.201.48920 > 172.16.60.191.59000: S 2180473581:2180473581(0) win 5840
12:03:00.526396 IP 172.16.18.201.48920 > 172.16.60.191.59000: S 2180473581:2180473581(0) win 5840
12:03:00.530830 IP 172.16.18.201.48920 > 172.16.60.191.59000: . ack 1527386450 win 46
12:03:00.530837 IP 172.16.18.201.48920 > 172.16.60.191.59000: . ack 1 win 46
12:03:00.530899 IP 172.16.18.201.55848 > 172.16.60.191.ftp: P 71:77(6) ack 249 win 46
12:03:00.530909 IP 172.16.18.201.55848 > 172.16.60.191.ftp: P 71:77(6) ack 249 win 46
12:03:00.550351 IP 172.16.18.201.48920 > 172.16.60.191.59000: . ack 198 win 54
12:03:00.550358 IP 172.16.18.201.48920 > 172.16.60.191.59000: . ack 198 win 54
12:03:00.550421 IP 172.16.18.201.48920 > 172.16.60.191.59000: F 0:0(0) ack 199 win 54
12:03:00.550428 IP 172.16.18.201.48920 > 172.16.60.191.59000: F 0:0(0) ack 199 win 54
12:03:00.555848 IP 172.16.18.201.55848 > 172.16.60.191.ftp: . ack 326 win 46
12:03:00.555854 IP 172.16.18.201.55848 > 172.16.60.191.ftp: . ack 326 win 46

12:03:29.642457 IP 172.16.18.201.55848 > 172.16.60.191.ftp: P 77:83(6) ack 326 win 46
12:03:29.642473 IP 172.16.60.191.ftp > 172.16.18.201.55848: R 1522066273:1522066273(0) win 0

可以看出最后一个记录有点奇怪。之前lvs只接受并转发，返回的包不经过这的（DR模式），但是最后一个包lvs直接就帮ftp服务器返回了。而且在ftp服务器上抓包，是抓不到后一个ls执行的请求的。是lvs的什么东西越俎代庖了么？

貌似找到原因了，ipvsadm --list --timeout显示我的tcp超时时间设置为20s。

Forums:

LVS集群

Log in or register to post comments
6017 reads

新的论坛主题

在线用户

There are currently 0 users online.

新进会员

jeanninemartin4054
feng900628
silviagrassi8639302
buddytiegs7720244448
twylaesmond47523

Secondary menu

lvs ftp有没有什么地方设置20s超时？

Forums:

导航

新的论坛主题

在线用户

新进会员

聚合

搜索表单

Secondary menu

You are here

lvs ftp有没有什么地方设置20s超时？

Forums:

用户登录

导航

新的论坛主题

在线用户

新进会员

聚合