|
Good morning,
during my presentation about LVS at SANE2000, an attendee brought up the
following suggestion:
Apparently, TCP/IP allows for the server to reply with a _different_ source
address then the one the SYN packet was send to, and establish the connection
to that adress instead.
What this implies is the following:
If DR is used to resend the first SYN packet to the real server A, and A
establishes the connection to the client with one of its own addresses, the
LVS is _not_ involved in any further communication between the client and the
real server.
Advantages:
- Infinetely scalable. The LVS only sees the first packet of every connection,
instead of every incoming packet.
- Desireable in a failover setting. Since the LVS is only involved for
establishing the connection, no established connections die on failover of
the LVS box.
- Implicitly solves the problem that the LVS box may not be in the return path
with a DR setup, since it no longer sees a packet comeing from one of its
locally bound addresses.
This appears to be supported by most all TCP/IP implementations. Does anyone
know if this is true or not?
It appears to me, that if this IS true, and if it is supported by a wide
enough range of networking equipment, this would totally rule ;-) I don't have
my Stevens handy on the road though, so I can't check myself right now.
This would not even involve changing the DR code, but instead adding a special
kernel patch on the real servers, which had to reply with a different address
than the one the packet was send to.
Sincerely,
Lars Marowsky-Brée <lmb@xxxxxxx>
Development HA
--
Perfection is our goal, excellence will be tolerated. -- J. Yahl
|
