On Tue, 15 Apr 2008, Jason Stubbs wrote:
I'm a newbie at all of this so forgive me if I'm doing anything wrong. ;)
you're doing great.
incoming => de-lvs packets => netfilter => lvs packets => outgoing
The goal is for netfilter to only have to deal with CIP/VIP packets and
for any translations netfilter might do of CIP to be transparent to LVS.
can you give me an example of a translation of the CIP (I
can't think of anything, presumably the F5-SNAT will be done
There are three main downfalls with this patch at present:
1) Having a VIP on a local interface
I thought with the hooks in the new place that there'd be no
VIP on the director anymore. The director would be acting as
a router for dst_addr=VIP. Presumbly routing would handle
sending packets for the VIP to the director (eg the director
would proxy arp for the VIP).
Are you talking about a case where the director is
causes the traffic to be delivered
locally as VIP checks have been moved to the end of POST_ROUTING.
2) Localnode with address of 127.0.0.1 does not work as packets with a
destination of 127.0.0.1 and a non-local source address are
3) Firewall rules on existing installations will most likely break.
no problem. This is a new setup and will have new rules.
The first issue can probably be dealt with by The
localnode issue could probably be dealt with by using a
hook at the end of PREROUTING and the second issue could
be handled like ipt_REDIRECT.
I thought with netfilter, that REDIRECT delivers a packet
that now has the wrong address for LVS.
I can't see a way to handle firewall rules though
you haven't figured it out yet, or you've looked and there
is no way of having firewall rules?
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html