Re: 2.2.19 kernel and masquerading question

To:	Joseph Mack <mack.joseph@xxxxxxx>
Subject:	Re: 2.2.19 kernel and masquerading question
Cc:	<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>, Peter Mueller <pmueller@xxxxxxxxxxxx>, Wayne <wayne@xxxxxxxxxxxxxxx>
From:	Julian Anastasov <ja@xxxxxx>
Date:	Fri, 2 Nov 2001 14:56:17 +0200 (EET)

        Hello,

On Fri, 2 Nov 2001, Joseph Mack wrote:

> A couple of points I don't understand. Can someone straighten
> me out please?
>
> o you sometime need to increase the port range on LVS-NAT directors?
> realservers? why do you need more ports? There aren't any clients
> running on the realservers that need to be masqueraded out. Is
> it for the director connecting to realservers in LVS-NAT?

        No, the port range has nothing to do with LVS. It helps the
masquerading to create more connections because there is fixed
limit for each protocol. But sometimes LVS for 2.2 uses ip_masq_ftp,
so may be only then this mport range is used.

> o when you increase the port range, you need more memory. Is this
> only because you can have more connections and hence will need
> a bigger ipvsadm table?

        Yes, the first need is for more masqueraded connections
and of course, they allocate memory. LVS uses separate table and it
is not limited. We distinguish LVS-NAT from Masquerade. LVS-NAT (and
any other method) does not allocate extra ports, even for other
ranges. It shadows only the defined port. Until masquerade is
used.

> o ipvs doesn't check something about port ranges and collisions
> can occur with regular services (ftp was mentioned). I would have
> thought that a process needing to open a IP connnection would
> ask the tcp code in the kernel for a connection and let that code
> handle the assignment of the port. What am I missing here?

        Yes, LVS does not allocate local ports. When the masquerade
is used to help with some protocol, the masquerade performs the
check (ftp for example).

> X-window connections are at 6000.. Will you be able to start
> an X-session if these ports are in use?

        If we put LVS (ipvsadm -A ) in front of this port 6000
then X sessions will be stopped. OTOH, masquerade does not select
ports in this range, the default is above 61000. So, any FTP
sessions will not disturb local ports, of course, if you don't
increase the mport range to cover the well defined server ports
such as X.

> thanks Joe

Regards

--
Julian Anastasov <ja@xxxxxx>

<Prev in Thread]	Current Thread	[Next in Thread>
Re: 2.2.19 kernel and masquerading question, (continued) Re: 2.2.19 kernel and masquerading question, Wayne Re: 2.2.19 kernel and masquerading question, Julian Anastasov Re: 2.2.19 kernel and masquerading question, Wayne Re: 2.2.19 kernel and masquerading question, Julian Anastasov Re: 2.2.19 kernel and masquerading question, Wayne Re: 2.2.19 kernel and masquerading question, Julian Anastasov RE: 2.2.19 kernel and masquerading question, Peter Mueller RE: 2.2.19 kernel and masquerading question, Peter Mueller RE: 2.2.19 kernel and masquerading question, Julian Anastasov Re: 2.2.19 kernel and masquerading question, Joseph Mack Re: 2.2.19 kernel and masquerading question, Julian Anastasov <= TCP Connections to LVS behind a CheckPoint FW, Rob Leasure Re: TCP Connections to LVS behind a CheckPoint FW, Julian Anastasov RE: TCP Connections to LVS behind a CheckPoint FW, Rob Leasure

Previous by Date:	Re: 2.2.19 kernel and masquerading question, Joseph Mack
Next by Date:	TCP Connections to LVS behind a CheckPoint FW, Rob Leasure
Previous by Thread:	Re: 2.2.19 kernel and masquerading question, Joseph Mack
Next by Thread:	TCP Connections to LVS behind a CheckPoint FW, Rob Leasure
Indexes:	[Date] [Thread] [Top] [All Lists]