Hello Joe,
On Tue, 10 Apr 2001, Joseph Mack wrote:
> when you are using the VIP as the target with ipvsadm,
> you can do things like -p -M 255.255.255.0
> to make all clients from a network equivalent as far as
> persistence is concerned.
The same is with -f
> I would expect this not to be relevant when using fwmark,
> ie there is no such thing as a netmask for a fwmark.
> I expect if you were using persistence with fwmark, then any
> connection requests arriving with the same fwmark will
> be treated as belonging to that persistence group.
> Presumably any combination of client IPs and/or
> networks could have been used to make the rules
> which marks the packets.
Yes, it is for the same group but in one fwmark group there
are many templates created. These templates are different for the
client groups. The template looks like this:
CIPNET:0 -> SERVICE(FWMARK/VIP):0 -> RIP:0
All ports 0 for the fwmark-based services
So, for client 10.1.2.3/24 (24=persistent granularity) the template
looks like this:
10.1.2.0:0 -> VIP:0 -> RIP:0
The patched LVS:
10.1.2.0:0 -> FWMARK:0 -> RIP:0
So, the templates are created with CIP/GRAN in mind and the lookup
uses CIPNET too. We use CIPNET = CIP & CNETMASK before creation and
lookup.
> Is this true?
>
> I notice that I can run the command
>
> director:# ipvsadm -A -f 1 -s rr -p 600 -M 255.255.255.0
>
> and ipvsadm doesn't complain.
Yes, it is correct to use -p and -f together.
> Does the ipvsadm code allow persistence granularity with
> fwmark?
Yes
> Joe
Regards
--
Julian Anastasov <ja@xxxxxx>
|