|
Julian Anastasov wrote:
>
> Hello,
>
> On Fri, 6 Apr 2001, Joseph Mack wrote:
>
> > So do we support two behaviours for fwmarks (CIP->VIP-RIP)
> > and (CIP->fwmark->RIP) or do we just support one of them?
>
> With this patch applyed the template is changed only to the
^^^^
> fwmark-based services.
you say "only" here, like the template is only going to use fwmarks
Then we have both kinds of templates in the
> connection table. And they don't collide.
here you say there are both kinds of templates in the connection table.
Can you clarify this for me?
But this feature uses the
> fact the 0.0.0.0/8 network is not used and the fwmarks are in the
> range of 1 - 2^24-1.
I don't understand what this is about. You are using some coding trick
here that I don't need to know about? Can I use -d 0.0.0.0/0 for a target
in the iptables rules (eg if a real-server is a transparent web cache,
where I would be using an iptables rule of --dport 80 in the director,
so that the director would forward any http packets)?
If the fwmark is not in this range these templates
> can collide with the normal VIP templates.
you are saying that the templates don't collide now.
What if I deliberately setup a VIP rule and an
ipchains/fwmarks rule that both accept the same connection?
(presumably someone will do this, without realising
what they have done)
> > Are people expecting the original behaviour now
> > or are they not aware of the choices?
>
> I assume nobody tried such setups. May be only Ted Pavlic?
>
> http://marc.theaimsgroup.com/?l=linux-virtual-server&m=96542157330362&w=2
yes I know this posting. This is why I thought that Ted's use of
fwmarks was the standard use. How did he get it to work if the standard
ip_vs code has the VIP-fwmark collision problem?
> > I don't want to break anyone's setup, but it seems to
> > me that we have to support the CIP-fwmark-RIP setup
> > or most of the advantages of fwmarks are gone
>
> Yes, the persistence for fwmark-based services covers all ports
> to one VIP and this is a problem. This is the reason the above feature
> to help for such setups. But for now we don't see more problems with
> the feature enabled except the load imbalance.
I haven't seen this problem. What does it look like?
But that depends on
> the used scheduling and the cluster software too. And this feature
> clearly isolates the traffic when some of the fwmark-based services
> share same Virtual Addresses (with different ports) but with different
> real servers where the problem can be visible (traffic sent to the
> wrong virtual service hits innocent real server).
These problems aren't obvious to me. Can you explain this some more?
> So, may be it is a time we to discuss it again. Cons/Pros?
sure. After Ted's posting, I thought the specs were set for fwmarks.
Joe
--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
|
