|
Julian Anastasov wrote:
> > After connection from the client on port=N to VIP:21 we have
> >
> > realserver client
> > VIP:20 SYN -> client:N+1
>
> RS port can be != 20, there is no rule that client port should
> be N+1, it can be any value.
I was thinking of active ftp (although I didn't say so).
Are you talking about active ftp?
> > client director
> > client:N+1 ACK -> VIP:20
> >
> > I would have expected that the packet from client:N+1
> > would not be accepted by the director as it does not follow
> > a SYN packet from client:N+1->VIP:20, which would set up an
> > entry for a new connection in the hash tables.
>
> It is true, the handling is different: we accept
> new connection for SYN+ACK packet (it is not only ACK):
>
> SYN RS->CLIENT: VIP:20 -> CIP:CPORT not detected
>
> SYN+ACK CLIENT->LVS: CIP:CPORT -> VIP:20
>
> This happens because we check for SYN first then
> for ACK in the state handling code, the ACK is ignored.
> ip_vs_in() still does not check for h.th->ack==0 when creating
> connection, it seems it is for good.
>
> So, for FTP to work, we create special persistence template
> for these FTP data connections:
>
> TCP, CIPNET:*, VIP:*, RIP:*
is this for both active and passive?
Does ip_vs look for a connection to port 21
and then create the special persistence template?
What information does ip_vs_ftp supply? The server port and the
client IP:port?
Joe
--
Joseph Mack PhD, Senior Systems Engineer, SAIC contractor
to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
|
