|
Yes, but you can not run iptables/netfilter and maintain connection tracking
with keepalived(vrrp).. so if you fail over, established/related traffic
will not be known to .
For some folks this isn't an issue. For me is a show-stopper. I'm sure
there are good reasons why the netfilter folks can't come up with conntrack
state-sharing mechanism.
just my $0.02,
->Jim
-----Original Message-----
From: lvs-users-bounces+jimm=simutronics.com@xxxxxxxxxxxxxxxxxxxxxx
[mailto:lvs-users-bounces+jimm=simutronics.com@xxxxxxxxxxxxxxxxxxxxxx]On
Behalf Of mb@xxxxxxxxxxxxxxxx
Sent: Tuesday, September 16, 2003 4:26 PM
To: LinuxVirtualServer.org users mailing list.
Subject: Re: LVS and fault-tolerant Firewall.
Quoting Kjetil Torgrim Homme <kjetilho@xxxxxxxxxx>:
> do you really need LVS? you only need failover, not load balancing,
> right?
Correct.
>
> keepalived does the failover bit nicely.
>
Excellent! - Exactly what I was looking for.
Regards,
MB
> (Julian Anastasov is working on making LVS integrate with Netfilter.
> LVS passes on the packets before firewall rules are applied. if the
> code is completed, Netfilter integration will be an option since the
> performance penalty is quite noticable.)
> --
> Kjetil T. | read and make up your own mind
> | http://www.cactus48.com/truth.html
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>
-------------------------------------------------------------------------
This e-mail was sent via Data FX Online WebMail http://www.datafx.com.au/
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
|
