Stuart Clark wrote:
>
> Hi there..
>
> I have a LVS setup with two directors direct routing to 4 real
> servers.
I'm definitely not the person to reply to this one, but thought I'd
pop up since no-one has replied yet. Hopefully Julian,
Horms or Ratz will pop up and answer you. In the meantime read the HOWTO
about Julian's nfct patch to LVS (and the previous - antefacto - code
that lead to it).
> I have been trying to use the 'connlimit' patch from
> Netfilter patch-o-matic on the director to restrict the number of
> concurrent connections coming into the VIP. I have not been able to
> get it working with the PREROUTING or FORWARD tables,
I would have thought you could get it to work in PREROUTING, but LVS
bypasses FORWARD, so rules in that chain won't work.
> and was wondering if is due to LVS that connlimit can not seem to track
> connections?
LVS doesn't use conntrack, it's too slow. However I don't know why you
can't get rules in PREROUTING to work
Joe
--
Joseph Mack PhD, High Performance Computing & Scientific Visualization
LMIT, Supporting the EPA Research Triangle Park, NC 919-541-0007
Federal Contact - John B. Smith 919-541-1087 - smith.johnb@xxxxxxx
|