1IPVSADM(8) Linux Administrator's Guide IPVSADM(8)
2
6 ipvsadm - Linux Virtual Server administration
7
9 ipvsadm -A|E virtual-service [-s scheduler]
10 [-p [timeout]] [-M netmask] [-b sched-flags]
11 ipvsadm -D virtual-service
12 ipvsadm -C
13 ipvsadm -R
14 ipvsadm -S [-n]
15 ipvsadm -a|e virtual-service -r server-address
16 [-g|i|m] [-w weight] [-x upper] [-y lower]
17 ipvsadm -d virtual-service -r server-address
18 ipvsadm -L|l [virtual-service] [options]
19 ipvsadm -Z [virtual-service]
20 ipvsadm --set tcp tcpfin udp
21 ipvsadm --start-daemon state [daemon-options]
22 [--syncid syncid]
23 ipvsadm --stop-daemon state
24 ipvsadm -h
25
27 Ipvsadm(8) is used to set up, maintain or inspect the virtual server
28 table in the Linux kernel. The Linux Virtual Server can be used to
29 build scalable network services based on a cluster of two or more
30 nodes. The active node of the cluster redirects service requests to a
31 collection of server hosts that will actually perform the services.
32 Supported features include three protocols (TCP, UDP and SCTP), three
33 packet-forwarding methods (NAT, tunneling, and direct routing), and
34 eight load balancing algorithms (round robin, weighted round robin,
35 least-connection, weighted least-connection, locality-based least-con‐
36 nection, locality-based least-connection with replication, destination-
37 hashing, and source-hashing).
38 The command has two basic formats for execution:
40 ipvsadm COMMAND virtual-service
42 [scheduling-method] [persistence options]
43 ipvsadm command virtual-service
45 server-address [packet-forwarding-method]
46 [weight options]
47 The first format manipulates a virtual service and the algorithm for
49 assigning service requests to real servers. Optionally, a persistent
50 timeout and network mask for the granularity of a persistent service
51 and a persistence engine may be specified. The second format manipu‐
52 lates a real server that is associated with an existing virtual ser‐
53 vice. When specifying a real server, the packet-forwarding method and
54 the weight of the real server, relative to other real servers for the
55 virtual service, may be specified, otherwise defaults will be used.
56 COMMANDS
58 ipvsadm(8) recognises the commands described below. Upper-case commands
59 maintain virtual services. Lower-case commands maintain real servers
60 that are associated with a virtual service.
61 -A, --add-service
63 Add a virtual service. A service address is uniquely defined by
64 a triplet: IP address, port number, and protocol. Alternatively,
65 a virtual service may be defined by a firewall-mark.
66 -E, --edit-service
68 Edit a virtual service.
69 -D, --delete-service
71 Delete a virtual service, along with any associated real
72 servers.
73 -C, --clear
75 Clear the virtual server table.
76 -R, --restore
78 Restore Linux Virtual Server rules from stdin. Each line read
79 from stdin will be treated as the command line options to a sep‐
80 arate invocation of ipvsadm. Lines read from stdin can option‐
81 ally begin with "ipvsadm". This option is useful to avoid exe‐
82 cuting a large number or ipvsadm commands when constructing an
83 extensive routing table.
84 -S, --save
86 Dump the Linux Virtual Server rules to stdout in a format that
87 can be read by -R|--restore.
88 -a, --add-server
90 Add a real server to a virtual service.
91 -e, --edit-server
93 Edit a real server in a virtual service.
94 -d, --delete-server
96 Remove a real server from a virtual service.
97 -L, -l, --list
99 List the virtual server table if no argument is specified. If a
100 service-address is selected, list this service only. If the -c
101 option is selected, then display the connection table. The exact
102 output is affected by the other arguments given.
103 -Z, --zero
105 Zero the packet, byte and rate counters in a service or all ser‐
106 vices.
107 --set tcp tcpfin udp
109 Change the timeout values used for IPVS connections. This com‐
110 mand always takes 3 parameters, representing the timeout
111 values (in seconds) for TCP sessions, TCP sessions after receiv‐
112 ing a FIN packet, and UDP packets, respectively. A timeout
113 value 0 means that the current timeout value of the correspond‐
114 ing entry is preserved.
115 --start-daemon state
117 Start the connection synchronization daemon. The state is to
118 indicate that the daemon is started as master or backup. The
119 connection synchronization daemon is implemented inside the
120 Linux kernel. The master daemon running at the primary load bal‐
121 ancer multicasts changes of connections periodically, and the
122 backup daemon running at the backup load balancers receives mul‐
123 ticast message and creates corresponding connections. Then, in
124 case the primary load balancer fails, a backup load balancer
125 will takeover, and it has state of almost all connections, so
126 that almost all established connections can continue to access
127 the service.
128 The sync daemon supports IPv4 and IPv6 connections.
130 --stop-daemon
132 Stop the connection synchronization daemon.
133 -h, --help
135 Display a description of the command syntax.
136 virtual-service
138 Specifies the virtual service based on protocol/addr/port or firewall
139 mark.
140 -t, --tcp-service service-address
142 Use TCP service. The service-address is of the form host[:port].
143 Host may be one of a plain IP address or a hostname. Port may be
144 either a plain port number or the service name of port. The Port
145 may be omitted, in which case zero will be used. A Port of zero
146 is only valid if the service is persistent as the -p|--persis‐
147 tent option, in which case it is a wild-card port, that is con‐
148 nections will be accepted to any port.
149 -u, --udp-service service-address
151 Use UDP service. See the -t|--tcp-service for the description of
152 the service-address.
153 --sctp-service service-address
155 Use SCTP service. See the -t|--tcp-service for the description
156 of the service-address.
157 -f, --fwmark-service integer
159 Use a firewall-mark, an integer value greater than zero, to
160 denote a virtual service instead of an address, port and proto‐
161 col (UDP, TCP or SCTP). The marking of packets with a firewall-
162 mark is configured using the -m|--mark option to iptables(8),
163 the meta mark set value option to nft(8) or via an eBPF program.
164 It can be used to build a virtual service associated with the
165 same real servers, covering multiple IP address, port and proto‐
166 col triplets. If IPv6 addresses are used, the -6 option must be
167 used.
168 Using firewall-mark virtual services provides a convenient
170 method of grouping together different IP addresses, ports and
171 protocols into a single virtual service. This is useful for both
172 simplifying configuration if a large number of virtual services
173 are required and grouping persistence across what would other‐
174 wise be multiple virtual services.
175 PARAMETERS
177 The commands above accept or require zero or more of the following
178 parameters.
179 -s, --scheduler scheduling-method
181 scheduling-method Algorithm for allocating TCP connections and
182 UDP datagrams to real servers. Scheduling algorithms are imple‐
183 mented as kernel modules. Ten are shipped with the Linux Virtual
184 Server:
185 rr - Round Robin: distributes jobs equally amongst the available
187 real servers.
188 wrr - Weighted Round Robin: assigns jobs to real servers propor‐
190 tionally to there real servers' weight. Servers with higher
191 weights receive new jobs first and get more jobs than servers
192 with lower weights. Servers with equal weights get an equal dis‐
193 tribution of new jobs.
194 lc - Least-Connection: assigns more jobs to real servers with
196 fewer active jobs.
197 wlc - Weighted Least-Connection: assigns more jobs to servers
199 with fewer jobs and relative to the real servers' weight
200 (Ci/Wi). This is the default.
201 lblc - Locality-Based Least-Connection: assigns jobs destined
203 for the same IP address to the same server if the server is not
204 overloaded and available; otherwise assign jobs to servers with
205 fewer jobs, and keep it for future assignment.
206 lblcr - Locality-Based Least-Connection with Replication:
208 assigns jobs destined for the same IP address to the least-con‐
209 nection node in the server set for the IP address. If all the
210 node in the server set are over loaded, it picks up a node with
211 fewer jobs in the cluster and adds it in the sever set for the
212 target. If the server set has not been modified for the speci‐
213 fied time, the most loaded node is removed from the server set,
214 in order to avoid high degree of replication.
215 dh - Destination Hashing: assigns jobs to servers through look‐
217 ing up a statically assigned hash table by their destination IP
218 addresses.
219 sh - Source Hashing: assigns jobs to servers through looking up
221 a statically assigned hash table by their source IP addresses.
222 This scheduler has two flags: sh-fallback, which enables fall‐
223 back to a different server if the selected server was unavail‐
224 able, and sh-port, which adds the source port number to the hash
225 computation.
226 sed - Shortest Expected Delay: assigns an incoming job to the
228 server with the shortest expected delay. The expected delay that
229 the job will experience is (Ci + 1) / Ui if sent to the ith
230 server, in which Ci is the number of jobs on the the ith server
231 and Ui is the fixed service rate (weight) of the ith server.
232 nq - Never Queue: assigns an incoming job to an idle server if
234 there is, instead of waiting for a fast one; if all the servers
235 are busy, it adopts the Shortest Expected Delay policy to assign
236 the job.
237 fo - Weighted Failover: assigns an incoming job to the server
239 with the highest weight that is currently available.
240 ovf - Weighted Overflow: assigns an incoming job to the server
242 with the highest weight that is currently available and over‐
243 flows to the next when active connections exceed the node's
244 weight. Note that this scheduler might not be suitable for UDP
245 because it only uses active connections.
246 mh - Maglev Hashing: assigns incoming jobs based on Google's
248 Maglev hashing algorithm, providing an almost equal share of
249 jobs to each real server and provides minimal disruption. When
250 the set of real servers changes, a connection will likely be
251 sent to the same real server as it was before. This scheduler
252 has two flags: mh-fallback, which enables fallback to a differ‐
253 ent server if the selected server was unavailable, and mh-port,
254 which adds the source port number to the hash computation.
255 -p, --persistent [timeout]
257 Specify that a virtual service is persistent. If this option is
258 specified, multiple requests from a client are redirected to the
259 same real server selected for the first request. Optionally,
260 the timeout of persistent sessions may be specified given in
261 seconds, otherwise the default of 300 seconds will be used. This
262 option may be used in conjunction with protocols such as SSL or
263 FTP where it is important that clients consistently connect with
264 the same real server.
265 Note: If a virtual service is to handle FTP connections then
267 persistence must be set for the virtual service if Direct Rout‐
268 ing or Tunnelling is used as the forwarding mechanism. If Mas‐
269 querading is used in conjunction with an FTP service than per‐
270 sistence is not necessary, but the ip_vs_ftp kernel module must
271 be used. This module may be manually inserted into the kernel
272 using insmod(8).
273 -M, --netmask netmask
275 Specify the granularity with which clients are grouped for per‐
276 sistent virtual services. The source address of the request is
277 masked with this netmask to direct all clients from a network to
278 the same real server. The default is 255.255.255.255, that is,
279 the persistence granularity is per client host. Less specific
280 netmasks may be used to resolve problems with non-persistent
281 cache clusters on the client side. IPv6 netmasks should be
282 specified as a prefix length between 1 and 128. The default
283 prefix length is 128.
284 --pe persistence-engine
286 Specify an alternative persistence engine to be used. Currently
287 the only alternative persistence engine available is sip.
288 -b, --sched-flags sched-flags
290 Set scheduler flags for this virtual server. sched-flags is a
291 comma-separated list of flags. See the scheduler descriptions
292 for valid scheduler flags.
293 -r, --real-server server-address
295 Real server that an associated request for service may be
296 assigned to. The server-address is the host address of a real
297 server, and may plus port. Host can be either a plain IP address
298 or a hostname. Port can be either a plain port number or the
299 service name of port. In the case of the masquerading method,
300 the host address is usually an RFC 1918 private IP address, and
301 the port can be different from that of the associated service.
302 With the tunneling and direct routing methods, port must be
303 equal to that of the service address. For normal services, the
304 port specified in the service address will be used if port is
305 not specified. For fwmark services, port may be omitted, in
306 which case the destination port on the real server will be the
307 destination port of the request sent to the virtual service.
308 [packet-forwarding-method]
310 -g, --gatewaying Use gatewaying (direct routing). This is the
312 default.
313 -i, --ipip Use ipip encapsulation (tunneling).
315 --tun-type tun-type
317 tun-type is one of ipip|gue|gre. The default
318 value of tun-type is ipip.
319 --tun-port tun-port
321 tun-port is an integer specifying the destina‐
322 tion port. Only valid for tun-type gue.
323 --tun-nocsum
325 Specify that tunnel checksums are disabled. This
326 is the default. Only valid for tun-type gue and gre.
327 --tun-csum
329 Specify that tunnel checksums are enabled. Only
330 valid for tun-type gue and gre.
331 --tun-remcsum
333 Specify that Remote Checksum Offload is enabled.
334 Only valid for tun-type gue.
335 -m, --masquerading Use masquerading (network access transla‐
337 tion, or NAT).
338 Note: Regardless of the packet-forwarding mechanism specified,
340 real servers for addresses for which there are interfaces on the
341 local node will be use the local forwarding method, then packets
342 for the servers will be passed to upper layer on the local node.
343 This cannot be specified by ipvsadm, rather it set by the kernel
344 as real servers are added or modified.
345 -w, --weight weight
347 Weight is an integer specifying the capacity of a server rela‐
348 tive to the others in the pool. The valid values of weight are 0
349 through to 65535. The default is 1. Quiescent servers are speci‐
350 fied with a weight of zero. A quiescent server will receive no
351 new jobs but still serve the existing jobs, for all scheduling
352 algorithms distributed with the Linux Virtual Server. Setting a
353 quiescent server may be useful if the server is overloaded or
354 needs to be taken out of service for maintenance.
355 -x, --u-threshold uthreshold
357 uthreshold is an integer specifying the upper connection thresh‐
358 old of a server. The valid values of uthreshold are 0 through to
359 65535. The default is 0, which means the upper connection
360 threshold is not set. If uthreshold is set with other values, no
361 new connections will be sent to the server when the number of
362 its connections exceeds its upper connection threshold.
363 -y, --l-threshold lthreshold
365 lthreshold is an integer specifying the lower connection thresh‐
366 old of a server. The valid values of lthreshold are 0 through to
367 65535. The default is 0, which means the lower connection
368 threshold is not set. If lthreshold is set with other values,
369 the server will receive new connections when the number of its
370 connections drops below its lower connection threshold. If
371 lthreshold is not set but uthreshold is set, the server will
372 receive new connections when the number of its connections drops
373 below three forth of its upper connection threshold.
374 -c, --connection
376 Connection output. The list command with this option will list
377 current IPVS connections.
378 --timeout
380 Timeout output. The list command with this option will display
381 the timeout values (in seconds) for TCP sessions, TCP sessions
382 after receiving a FIN packet, and UDP packets.
383 --daemon
385 Daemon information output. The list command with this option
386 will display the daemon status and its multicast interface.
387 --stats
389 Output of statistics information. The list command with this
390 option will display the statistics information of services and
391 their servers.
392 --rate Output of rate information. The list command with this option
394 will display the rate information (such as connections/second,
395 bytes/second and packets/second) of services and their servers.
396 --thresholds
398 Output of thresholds information. The list command with this
399 option will display the upper/lower connection threshold infor‐
400 mation of each server in service listing.
401 --persistent-conn
403 Output of persistent connection information. The list command
404 with this option will display the persistent connection counter
405 information of each server in service listing. The persistent
406 connection is used to forward the actual connections from the
407 same client/network to the same server.
408 The list command with the -c, --connection option and this
410 option will include persistence engine data, if any is present,
411 when listing connections.
412 --tun-info
414 Output of tunneling information. The list command with this
415 option will display the tunneling information of services and
416 their servers.
417 --sort Sort the list of virtual services and real servers. The virtual
419 service entries are sorted in ascending order by <protocol,
420 address, port>. The real server entries are sorted in ascending
421 order by <address, port>. (default)
422 --nosort
424 Do not sort the list of virtual services and real servers.
425 -n, --numeric
427 Numeric output. IP addresses and port numbers will be printed
428 in numeric format rather than as as host names and services
429 respectively, which is the default.
430 --exact
432 Expand numbers. Display the exact value of the packet and byte
433 counters, instead of only the rounded number in K's (multiples
434 of 1000) M's (multiples of 1000K) or G's (multiples of 1000M).
435 This option is only relevant for the -L command.
436 -6, --ipv6
438 Use with -f to signify fwmark rule uses IPv6 addresses.
439 -o, --ops
441 One-packet scheduling. Used in conjunction with a UDP virtual
442 service or a fwmark virtual service that handles only UDP pack‐
443 ets. All connections are created such that they only schedule
444 one packet.
445 PARAMETERS FOR SYNCHRONIZATION DAEMON
447 The --start-daemon requires zero or more of the following parameters.
448 --syncid syncid
450 Specify the syncid that the sync master daemon fills in the Syn‐
451 cID header while sending multicast messages, or the sync backup
452 daemon uses to filter out multicast messages not matched with
453 the SyncID value. The valid values of syncid are 0 through to
454 255. The default is 0, which means no filtering at all.
455 --sync-maxlen length
457 Specify the desired length of sync messages (UDP payload size).
458 It is expected that backup server will use value not less than
459 the used value in master server. The valid values of length are
460 in the 1 .. (65535 - 20 - 8) range but the kernel ensures a
461 space for at least one sync message. If value is lower than MTU
462 the sync messages will be fragmented by IP layer. The default
463 value is derived from the MTU value when daemon is started but
464 master daemon will not default to value above 1500 for compati‐
465 bility reasons.
466 --mcast-interface interface
468 Specify the multicast interface that the sync master daemon
469 sends outgoing multicasts through, or the sync backup daemon
470 listens to for multicasts.
471 --mcast-group address
473 Specify IPv4 or IPv6 multicast address for the sync messages.
474 The default value is 224.0.0.81.
475 --mcast-port port
477 Specify the UDP port for sync messages. The default value is
478 8848.
479 --mcast-ttl ttl
481 Specify the TTL value for sync messages (1 .. 255). The default
482 value is 1.
483
485 The following commands configure a Linux Director to distribute incom‐
486 ing requests addressed to port 80 on 207.175.44.110 equally to port 80
487 on five real servers. The forwarding method used in this example is
488 NAT, with each of the real servers being masqueraded by the Linux
489 Director.
490 ipvsadm -A -t 207.175.44.110:80 -s rr
492 ipvsadm -a -t 207.175.44.110:80 -r 192.168.10.1:80 -m
493 ipvsadm -a -t 207.175.44.110:80 -r 192.168.10.2:80 -m
494 ipvsadm -a -t 207.175.44.110:80 -r 192.168.10.3:80 -m
495 ipvsadm -a -t 207.175.44.110:80 -r 192.168.10.4:80 -m
496 ipvsadm -a -t 207.175.44.110:80 -r 192.168.10.5:80 -m
497 Alternatively, this could be achieved in a single ipvsadm command.
499 echo "
501 -A -t 207.175.44.110:80 -s rr
502 -a -t 207.175.44.110:80 -r 192.168.10.1:80 -m
503 -a -t 207.175.44.110:80 -r 192.168.10.2:80 -m
504 -a -t 207.175.44.110:80 -r 192.168.10.3:80 -m
505 -a -t 207.175.44.110:80 -r 192.168.10.4:80 -m
506 -a -t 207.175.44.110:80 -r 192.168.10.5:80 -m
507 " | ipvsadm -R
508 As masquerading is used as the forwarding mechanism in this example,
510 the default route of the real servers must be set to the linux direc‐
511 tor, which will need to be configured to forward and masquerade pack‐
512 ets. This can be achieved using the following commands:
513 echo "1" > /proc/sys/net/ipv4/ip_forward
515
517 The following commands configure a Linux Director to distribute incom‐
518 ing requests addressed to any port on 207.175.44.110 or 207.175.44.111
519 equally to the corresponding port on five real servers. As per the pre‐
520 vious example, the forwarding method used in this example is NAT, with
521 each of the real servers being masqueraded by the Linux Director.
522 ipvsadm -A -f 1 -s rr
524 ipvsadm -a -f 1 -r 192.168.10.1:0 -m
525 ipvsadm -a -f 1 -r 192.168.10.2:0 -m
526 ipvsadm -a -f 1 -r 192.168.10.3:0 -m
527 ipvsadm -a -f 1 -r 192.168.10.4:0 -m
528 ipvsadm -a -f 1 -r 192.168.10.5:0 -m
529 As masquerading is used as the forwarding mechanism in this example,
531 the default route of the real servers must be set to the linux direc‐
532 tor, which will need to be configured to forward and masquerade pack‐
533 ets. The real server should also be configured to mark incoming packets
534 addressed to any port on 207.175.44.110 and 207.175.44.111 with fire‐
535 wall-mark 1. If FTP traffic is to be handled by this virtual service,
536 then the ip_vs_ftp kernel module needs to be inserted into the kernel.
537 These operations can be achieved using the following commands:
538 echo "1" > /proc/sys/net/ipv4/ip_forward
540 modprobe ip_tables
541 iptables -A PREROUTING -t mangle -d 207.175.44.110/31 -j MARK --set-mark 1
542 modprobe ip_vs_ftp
543
545 The following commands configure a Linux Director to distribute incom‐
546 ing requests addressed to port 80 on 207.175.44.110 equally to port 80
547 on five real servers. The forwarding method used in this example is
548 tunneling with gue encapsulation.
549 ipvsadm -A -t 207.175.44.110:80 -s rr
551 ipvsadm -a -t 207.175.44.110:80 -r 192.168.10.1:80 -i --tun-type gue --tun-port 6080 --tun-nocsum
552 ipvsadm -a -t 207.175.44.110:80 -r 192.168.10.2:80 -i --tun-type gue --tun-port 6080 --tun-csum
553 ipvsadm -a -t 207.175.44.110:80 -r 192.168.10.3:80 -i --tun-type gue --tun-port 6080 --tun-remcsum
554 ipvsadm -a -t 207.175.44.110:80 -r 192.168.10.4:80 -i --tun-type gue --tun-port 6078
555 ipvsadm -a -t 207.175.44.110:80 -r 192.168.10.5:80 -i --tun-type gue --tun-port 6079
556 Alternatively, this could be achieved in a single ipvsadm command.
558 echo "
560 -A -t 207.175.44.110:80 -s rr
561 -a -t 207.175.44.110:80 -r 192.168.10.1:80 -i --tun-type gue --tun-port 6080 --tun-nocsum
562 -a -t 207.175.44.110:80 -r 192.168.10.2:80 -i --tun-type gue --tun-port 6080 --tun-csum
563 -a -t 207.175.44.110:80 -r 192.168.10.3:80 -i --tun-type gue --tun-port 6080 --tun-remcsum
564 -a -t 207.175.44.110:80 -r 192.168.10.4:80 -i --tun-type gue --tun-port 6078
565 -a -t 207.175.44.110:80 -r 192.168.10.5:80 -i --tun-type gue --tun-port 6079
566 " | ipvsadm -R
567
569 The following commands configure a Linux Director to use GRE encapsula‐
570 tion.
571 ipvsadm -A -t 10.0.0.1:80 -s rr
573 ipvsadm -a -t 10.0.0.1:80 -r 192.168.11.1:80 -i --tun-type gre --tun-csum
574
576 IPv6 addresses should be surrounded by square brackets ([ and ]).
577 ipvsadm -A -t [2001:db8::80]:80 -s rr
579 ipvsadm -a -t [2001:db8::80]:80 -r [2001:db8::a0a0]:80 -m
580 fwmark IPv6 services require the -6 option.
582
584 The Linux Virtual Server implements three defense strategies against
585 some types of denial of service (DoS) attacks. The Linux Director cre‐
586 ates an entry for each connection in order to keep its state, and each
587 entry occupies 128 bytes effective memory. LVS's vulnerability to a DoS
588 attack lies in the potential to increase the number entries as much as
589 possible until the linux director runs out of memory. The three defense
590 strategies against the attack are: Randomly drop some entries in the
591 table. Drop 1/rate packets before forwarding them. And use secure tcp
592 state transition table and short timeouts. The strategies are con‐
593 trolled by sysctl variables and corresponding entries in the /proc
594 filesystem:
595 /proc/sys/net/ipv4/vs/drop_entry /proc/sys/net/ipv4/vs/drop_packet
597 /proc/sys/net/ipv4/vs/secure_tcp
598 Valid values for each variable are 0 through to 3. The default value is
600 0, which disables the respective defense strategy. 1 and 2 are auto‐
601 matic modes - when there is no enough available memory, the respective
602 strategy will be enabled and the variable is automatically set to 2,
603 otherwise the strategy is disabled and the variable is set to 1. A
604 value of 3 denotes that the respective strategy is always enabled. The
605 available memory threshold and secure TCP timeouts can be tuned using
606 the sysctl variables and corresponding entries in the /proc filesystem:
607 /proc/sys/net/ipv4/vs/amemthresh /proc/sys/net/ipv4/vs/timeout_*
609
611 /proc/net/ip_vs
612 /proc/net/ip_vs_app
613 /proc/net/ip_vs_conn
614 /proc/net/ip_vs_stats
615 /proc/sys/net/ipv4/vs/am_droprate
616 /proc/sys/net/ipv4/vs/amemthresh
617 /proc/sys/net/ipv4/vs/drop_entry
618 /proc/sys/net/ipv4/vs/drop_packet
619 /proc/sys/net/ipv4/vs/secure_tcp
620 /proc/sys/net/ipv4/vs/timeout_close
621 /proc/sys/net/ipv4/vs/timeout_closewait
622 /proc/sys/net/ipv4/vs/timeout_established
623 /proc/sys/net/ipv4/vs/timeout_finwait
624 /proc/sys/net/ipv4/vs/timeout_icmp
625 /proc/sys/net/ipv4/vs/timeout_lastack
626 /proc/sys/net/ipv4/vs/timeout_listen
627 /proc/sys/net/ipv4/vs/timeout_synack
628 /proc/sys/net/ipv4/vs/timeout_synrecv
629 /proc/sys/net/ipv4/vs/timeout_synsent
630 /proc/sys/net/ipv4/vs/timeout_timewait
631 /proc/sys/net/ipv4/vs/timeout_udp
632
634 The LVS web site (http://www.linuxvirtualserver.org/) for more documen‐
635 tation about LVS.
636 ipvsadm-save(8), ipvsadm-restore(8), iptables(8),
638 insmod(8), modprobe(8)
639
641 ipvsadm - Wensong Zhang <wensong@linuxvirtualserver.org>
642 Peter Kese <peter.kese@ijs.si>
643 man page - Mike Wangsmo <wanger@redhat.com>
644 Wensong Zhang <wensong@linuxvirtualserver.org>
645 Horms <horms@verge.net.au>
6464th Berkeley Distribution 5th July 2003 IPVSADM(8)