|
> Correct me if I'm wrong, but by the time you see the content in the
> request fly by, the connection is already established. By
> that time, it's
> too late, since you've _already_ done the load balancing yes?
Not if you're doing this on your firewall. In that case, you could make
the decision to accept the connection and mark it to be passed on to the
director. Even if you weren't able to do this on your firewall (stuck
with a Pix or Nokia xxx), you could still do this on your director, i.e.
the director/firewall combo... I am assuming though that packets will be
first inspected by any iptables rules you have setup before being pass
into the LVS layer. With fwmarks this would be a cheap and easy way to
make a L7 lvs system.
I am reading up as much as I can on using iproute2's u32 mechanism to
do this, but the documentation isn't great (at least what I am
finding)... Anyone have a good link for more information on how to use
it?
>
> AFAIK, the only way to approach layer 7 switching is to accept the
> connection and request on the switch itself, then replay it over a
> connection between the switch and selected backend server --
> sort of like
> a proxy server, and how I believe ktcpvs works.
>
> Thanks,
>
> Kyle Sparger - Vice President, Technology
> ksparger@xxxxxxxxxxxx - http://www.dialtone.com
> Voice - (954) 581-0097 x 122
> "Forget college, I'm going pro."
>
----------------
Zack Mully
SmartBrief, Inc.
p:202.737.5500.226
f:202.737.7577
|
