Re: [PATCH] Runtime interception method switch

To: Joseph Mack NA3T <jmack@xxxxxxxx>
Subject: Re: [PATCH] Runtime interception method switch
Cc: LVS Devel <lvs-devel@xxxxxxxxxxxxxxx>, Janusz Krzysztofik <jkrzyszt@xxxxxxxxxxxx>
From: Simon Horman <horms@xxxxxxxxxxxx>
Date: Fri, 18 Jan 2008 17:58:54 +0900
On Wed, Jan 16, 2008 at 07:09:26AM -0800, Joseph Mack NA3T wrote:
> On Wed, 16 Jan 2008, Simon Horman wrote:
>> For starters could we clarify that the patch in question is the 
>> following one by Janusz Krzysztofik?
> I see Janusz has replied to this.

Yes I see. I'll take a look over the code a bit more.
But if he says its working then that is certainly a plus.

For the record, I am in favour of this change.

> I had assumed that if Raphael could output the packets to the right spot 
> (before POSTROUTING on the inbound direction?) that iptables could handle 
> the NAT'ing and no extra ipvs code would be neccessary.
> What I didn't know was the original reason the packets were output to a 
> place where iptables couldn't manipulate them. Was this for speed? to get 
> ipvs to work at all? If for speed, the director has always been limited 
> by wirespeed, not by anything in ipvs, so any increase in latency through 
> ipvs may not be seen.

I don't know the answer to that. But I guess speed. And you are right,
speed has never been much of a problem. Flexibilty on the other hand
and in particular interaction with contrack has always been problematic.

>> Also can I clarify that the aim is to be able to SNAT LVS-DR
>> connections
> I didn't realise Janusz was SNAT'ing LVS-DR.
>> (and if possible LVS-NAT and LVS-TUN)?
>> Or is the aim to add a new method, LVS-FULL-NAT?
> What the users want is to be able to put unmodified servers behind a 
> director - they can't even change the default gw. The only thing they can 
> change is the RIP. So the servers would have to be realservers behind an 
> LVS-NAT director which is outputting packets with src_addr=DIP, ie the  
> realservers see connect requests only from the DIP. I'd assumed the 
> director would be running a new version of standard LVS-NAT, with 
> iptables doing the SNAT in POSTROUTING.

Sorry to be picky. It seems to me that Janusz does achive the goal in
mind, in a fairly simple way. I will review ASAP.


To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at

<Prev in Thread] Current Thread [Next in Thread>