Hello Joe,
On Wed, 4 Apr 2001, Joseph Mack wrote:
> I thought this patch was already in the code.
> let me try it. I'll be back as soon as I can
> ;-)
No, it is not in LVS :)
> Since you ask on your page "who needs this" - I do (I think).
>
> I thought grouping by fwmark was the whole point of fwmarks
> that you and Ted Pavlic had in a discussion last August
> on the mailing list.
Yes, in fact the patch tries to group different VIPs in one
fwmark-based service but may be it solves problems when two persistent
fwmark services share same VIPs and RIPs. May be I'll test it soon
too. There is no difference in the delivery but the connections are
accounted in the wrong place (real and virtual service). But I have
to debug this setup too.
> this allows you to have
> group 1 =(ftp,ftp-data)
> group 2 =(http,https)
>
> you can failout these groups independantly.
> If you group by VIP then you have to fail both
> groups together.
>
> You can arbitarily group packets together, with
> no regard to the VIP or even have a VIP at all
> (eg with an LVS in front of a firewall or
> infront of a transparent web cache)
>
> At least that's what I thought the point of
> fwmarks was.
Agreed. Currently the templates created from two fwmark services
collide when they share same VIP and there are same RIPs.
> Joe
> --
> Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
> contractor to the National Environmental Supercomputer Center,
> mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
Regards
--
Julian Anastasov <ja@xxxxxx>
|