On Mon, 17 Dec 2001, Rodger Erickson wrote:
> Does anyone have any comments they can make on the effect of
> conntrack on LVS performance?
Hm, may be I have to try what is the performance drop for
such combination (in the next days).
> The LVS device I'm using also has to do some DNAT and SNAT, which
> require conntrack to be enabled. LVS-NAT looks like it should work for DNAT
> and would only take minor tweaking to do SNAT (since the SNAT I'm doing is
This minor tweaking means porting the 2.2 masquerade to
2.4 :) LVS reused some code from 2.2 but much of it is removed and
I'm not sure it can be added back so easy. We better to redesign
some parts of Netfilter for 2.5 or 2.7 :) You can use the ipchains
compat module. But may be it does not work for FTP and is broken
at some places.
> 1-to-1 -- no port modifications to keep track of), but I don't want to hack
> on LVS unless the wisdom is that my performance with conntrack is really
> going to deteriorate.
You better to test what is the slowdown when using both LVS
and conntracking and may be to buy faster hardware. It will take
less time :) You can see the slowdown with some app or even with
> Thanks in advance for your comments,
> Rodger Erickson
Julian Anastasov <ja@xxxxxx>