LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: ipvs-0.2.0-2.4.0 available

To: Florin Andrei <elf_too@xxxxxxxxx>
Subject: Re: ipvs-0.2.0-2.4.0 available
Cc: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
From: Julian Anastasov <ja@xxxxxx>
Date: Thu, 11 Jan 2001 00:59:50 +0000 (GMT)
        Hello,

On Wed, 10 Jan 2001, Florin Andrei wrote:

> > between LVS for 2.2 and 2.4: the NAT setup is tricky to build if you
> > rely on netfilter's new connection tracking using iptables.
>
>       Why? Can you detail a little bit?
>       I used netfilter since 2.3.*, with plain masquerading (no LVS, just 
> usual masq
> stuff), port forwarding and other goodies. It worked without any problem.

        Yes, netfilter is working very good ... without LVS :)
If you browse my last postings related to the 2.4 kernel you can find
more info. Just search for "netfilter" in the mailing list:

http://marc.theaimsgroup.com/?l=linux-virtual-server&r=1&w=2

Some references:

http://marc.theaimsgroup.com/?l=linux-virtual-server&m=97415815026910&w=2
http://marc.theaimsgroup.com/?l=linux-virtual-server&m=97245361623266&w=2
http://marc.theaimsgroup.com/?l=linux-virtual-server&m=97463283012922&w=2

        In short, there is a requirement in LVS to stay in LOCAL_IN
chain but ip_conntrack is working before LVS in the pre_routing.
Currently, the 2.4 routing is based on the data in the IP header.
LVS requires (for DR method) other kind of control. LVS can't benefit
from "mangling packets in the pre_routing". We build our decision
based on the input route function, the fwmarking, etc. Now netfilter
creates always connection structure, even when LVS will create its
own. There is no way to support multiple connection tracking modules.
And so it is difficult for LVS to stick with the netfilter requirements.
Some of the functionalities simply can't be ported to the current model.
Solutions? We still are trying to find them. But it is difficult in
code-freeze. There are some fundamental concepts that prevent to
intergrate LVS clearly but may be there are some workarounds we can
implement. This is in our TODO list.

> > The LVS/DR
> > and LVS/TUN methods and the other functionalities are working in the same
> > way. The other difference is that in 2.4 LVS can serve FTP without any
> > help from other modules, even for LVS/NAT. In 2.2 you need ip_masq_ftp.
>
>       But isn't there an ftp module in netfilter?

        Oh, yes. There is. But read above.

>
> >     The users with more CPUs and NICs can build now more powerful
> > boxes, thanks to the new 2.4 networking.
>
>       That's the idea. My future LVS will have a dual-CPU motherboard, and at 
> least
> 3 interfaces. I saw that 2.4 can use a multiCPU machine much better, so this 
> is
> why i tried to push 2.4 into production.

        My recommendation: go with LVS/DR. Linux 2.4 will be ready for
production soon but this is my opinion.

> >     But don't ignore your tests. It is always risky to jump to
> > something new. Someone can be happy but may be the new LVS can't work
> > for your setup. It is up to you to make your transition plan safe :)
> > For me, the 2.2 kernel is good enough for LVS box and I don't need to
> > change it to 2.4. I prefer to burn some real servers than to kill
> > my lovely LVS box :)
>
>       Another thing is that netfilter is soooo powerful. By using 2.4, i'll 
> have
> another strong reason to prevent Cisco to take over the LVS functionality, and
> keep Linux on the director node. ;-)

        Yes, iptables is powerful enough for many different things.
If you talk about the advanced routing you can find most of the code
in 2.2 too.

>       (you know, with 2.4 you can do many clever Cisco-like tricks with the
> packets...)


Regards

--
Julian Anastasov <ja@xxxxxx>



<Prev in Thread] Current Thread [Next in Thread>