Keepalived direct routing (DSR) with nftables fails to pass client's FIN to real backend

Solution Verified - Updated -

Issue

  • Connections are left in FIN_WAIT1 or ESTABLISHED on real backend when nftables is used in keepalived with direct routing configuration

Environment

  • Red Hat Enterprise Linux 8 (RHEL8)
  • nftables
  • keepalived using direct routing (a.k.a direct server response, DSR)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content