|
Ben North wrote:
Hi Jim,
It was suggested to me that I forward my question about Antefacto
directly to the two of you.
Hi everyone,
I apologize for not being very active or present on the LVS list. I've been
pretty busy between work and other irons in the fire lately.
I wish I could be more help with bringing the patch forward into newer
kernel versions but unfortunately I am VERY inexperienced with C
programming. Completely inexperienced would be a more accurate statement,
actually. All I've really done much of up to this point is hand-fitting
other people's patches into existing source code, when the patch won't apply
cleanly by itself for some reason. I looked at trying to make the Antefacto
patch have a couple more features, such as adding a kernel sysctl to
indicate its presence, but even that is way over my head.
I just thought, since I was successful in getting the Antefacto patch to
apply to a 2.4.19 kernel and apparently function properly, (with Ben's
helpful advice) that others might like to know about it also. I'm sure I'm
not the only one in the linux world who sees it a better use of two
computers, given the ability to do so with this patch, to make EACH of them
a stateful firewall AND an LVS-NAT Director - and function as a
highly-available pair - than it is to make one be the firewall, and the
other be the LVS director. If either box were to fail, our entire network
goes off the net. So I shared my success with the list, and wrote up the
HOW-TO to document a working setup using Keepalived.
I'm afraid that this is about all I will be able to contribute any time
soon, though. At least until I have some programming skills. At the rate
that is going, however, as I have said before, without some capable
programmers getting involved, or the maintainers of the IPVS main source
code either adopting Antefacto directly into the IPVS source, or otherwise
bringing communication between netfilter connection tracking and IPVS
connection state into IPVS's capablities - so that an external patch no
longer has to be applied to accomplish this very sensible functionality in
IPVS - things don't look good for Antefacto's capabilities to be brought
much farther forward. I never really asked to be a maintainer of this
patch, it's not even my patch. ;)
I don't mean to sound selfish or cynical about this, but my redundant pair
of LVS-NAT Director/Stateful Firewall servers are doing their jobs, and
working fine. If I have to keep them on 2.4.19 for the next five years,
because nobody with skills adequate to actually maintain Antefacto gets
involved, or because the maintainers of the IPVS source code continue to
deem these capabilities to not be worthy of inclusion into the main IPVS
source code, then I'm truly sorry, but so be it. I'm just a user, not a
developer. Maybe after five more years of administering a linux-only server
cluster, I will know enough about C programming to maintain that patch
myself, but if everybody else is waiting for me to keep the Antefacto patch
up to date, please be advised in the kindest possible terms to not hold your
breath.
Thanks to everyone who has produced all of this great software - IPVS,
keepalived, and the original authors of the Antefacto patch. You guys are
the ones doing the real work. Maybe someday I will be in a position to be
more helpful, but I'm just not there now. And for that matter, anybody else
in encouraged to take this ball (Antefacto's functionality) and run with it.
Like I said, I'm just a user, and for me to act as anything else with my
current programming abilities is a disservice to the community.
Vinnie
|
