Re: a question about fullnat mode for ipvs

To:	"longguang.yue" <bigclouds@xxxxxxx>
Subject:	Re: a question about fullnat mode for ipvs
Cc:	Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>, Simon Horman <horms@xxxxxxxxxxxx>, lvs-devel@xxxxxxxxxxxxxxx, yuelongguang@xxxxxxxxx
From:	Julian Anastasov <ja@xxxxxx>
Date:	Mon, 26 Oct 2020 22:23:42 +0200 (EET)

        Hello,

On Tue, 20 Oct 2020, longguang.yue wrote:

> Hi,all:
>     fullnat mode refers to  incoming packet's src:port and dst:port pairs are 
> both changed at the same
> time, vice  versa for outgoing packets.
>     fullnat has existed for many years since 2009, why which is not in kernel.

        Not sure. What I see now is that it adds some complexity
to the code. Open questions are about integration with netfilter
conntracks (when conntrack=1), in the sync protocol, etc.

>     introduction for fullnat    
> http://kb.linuxvirtualserver.org/wiki/IPVS_FULLNAT_and_SYNPROXY
> 
> could we port or re-implement it in upstream?

        May be I don't fully understand the goals but
is it worth it?

Regards

--
Julian Anastasov <ja@xxxxxx>

<Prev in Thread]	Current Thread	[Next in Thread>
[PATCH v8 net-next] ipvs: inspect reply packets from DR/TUN real servers, Julian Anastasov Re: [PATCH v8 net-next] ipvs: inspect reply packets from DR/TUN real servers, Pablo Neira Ayuso Message not available Re: a question about fullnat mode for ipvs, Julian Anastasov <=

Previous by Date:	Re: Possibility of adding a new netlink command to dump everything, Cezar Sá Espinola
Next by Date:	[PATCH RFC] ipvs: add genetlink cmd to dump all services and destinations, Cezar Sa Espinola
Previous by Thread:	Re: [PATCH v8 net-next] ipvs: inspect reply packets from DR/TUN real servers, Pablo Neira Ayuso
Next by Thread:	Re: Fw: [Bug 209427] New: Incorrect timestamp cause packet to be dropped, Evgeny B
Indexes:	[Date] [Thread] [Top] [All Lists]