|
Hello,
On Tue, 23 May 2000, Lars Marowsky-Bree wrote:
> Good morning,
>
> during my presentation about LVS at SANE2000, an attendee brought up the
> following suggestion:
>
> Apparently, TCP/IP allows for the server to reply with a _different_ source
> address then the one the SYN packet was send to, and establish the connection
> to that adress instead.
>
How is that possible. Is it explained in some rfc?
> What this implies is the following:
>
> If DR is used to resend the first SYN packet to the real server A, and A
> establishes the connection to the client with one of its own addresses, the
> LVS is _not_ involved in any further communication between the client and the
> real server.
>
> Advantages:
> - Infinetely scalable. The LVS only sees the first packet of every connection,
> instead of every incoming packet.
> - Desireable in a failover setting. Since the LVS is only involved for
> establishing the connection, no established connections die on failover of
> the LVS box.
> - Implicitly solves the problem that the LVS box may not be in the return path
> with a DR setup, since it no longer sees a packet comeing from one of its
> locally bound addresses.
>
> This appears to be supported by most all TCP/IP implementations. Does anyone
> know if this is true or not?
Looking in the kernel source I don't see such possibility.
>
> It appears to me, that if this IS true, and if it is supported by a wide
> enough range of networking equipment, this would totally rule ;-) I don't have
> my Stevens handy on the road though, so I can't check myself right now.
>
> This would not even involve changing the DR code, but instead adding a special
> kernel patch on the real servers, which had to reply with a different address
> than the one the packet was send to.
I see the benefits. But I can't believe :) More info?
Regards
--
Julian Anastasov <uli@xxxxxxxxxxxxxxxxxxxxxx>
|
