Hello,
On Thu, 24 Jan 2002, Ben North wrote:
> Hi,
>
> We've been working with the LVS code for the past while, and we
> wanted to allow the use of Netfilter's connection-tracking
> ability with LVS-NAT connections. There was a post on the
> mailing list a couple of weeks ago asking about this, and my
> colleague Padraig Brady mentioned that we had developed a
> solution.
>
> I've now had time to clean up the patches, and I attach a
> README, and two patch files. One is for the Linux kernel, and
> one is to the LVS code itself. Any comments, get in touch. We
> have done a fair amount of testing (overnight runs with many
> tens of thousands of connections), with no problems.
>
> Many thanks for the great piece of work. Hope the patches are
> useful and will be considered for inclusion in future releases
It seems we just start to redesign some parts of LVS,
here is one document I'm maintaining from some time, I just
uploaded it:
http://www.linuxvirtualserver.org/~julian/LVS.txt
> of LVS. I notice that 1.0.0 is going to arrive soon; the
Yes, 1.0.0 should be a stable version for 2.4. The
next versions can be tested in 2.4 and then moved for the
next kernels (if anything is changed there).
> attached patches might be better applied to a Linux-kernel-style
> 1.1 "development" branch.
Yes, we should consider many things. As for your work on these
patches I find it very interesting. But there is one problem: we
are stuck with the current design of netfilter, we need some
requirements for the routing, we can't say we like the way the
players in the hooks are ordered, we even don't like the hooks.
And we don't hope something will change in the kernels just to
make LVS happy.
About the netfilter: yes, there is stateful conntracking,
the routing is used almost correctly, with some problems when
using multipath routes (which you and netfilter are trying to
address with route_me_harder). But there are more issues: LVS
has connection synchronization, different connection timeout
support due to the higher requirements, its own slow timer
support to offload the kernel timer lists. We have forwarding
methods that require different usage of the routing. And with
each new version the differences become more and more. The
code is more complex just to stick with the current model.
There is no easy way to support everything. As result, I think,
we need a wide discussion on the details for the interaction
with many kernel components:
- routing (correct routing for multipath routes)
- netfilter
- arp (help to build universal user+kernel space solution for
ARP filtering, used in the real servers when they share the virtual IPs)
- etc
So, I'm open for comments for the new LVS design: what we need,
how can be integrated, etc
> Regards,
>
> Ben.
Regards
--
Julian Anastasov <ja@xxxxxx>
|