|
On Wed, Aug 25, 2004 at 12:51:52PM -0400, Joseph Mack wrote:
> Stuart Clark wrote:
> >
> > Hi there..
> >
> > I have a LVS setup with two directors direct routing to 4 real
> > servers.
>
> I'm definitely not the person to reply to this one, but thought I'd
> pop up since no-one has replied yet. Hopefully Julian,
> Horms or Ratz will pop up and answer you. In the meantime read the HOWTO
> about Julian's nfct patch to LVS (and the previous - antefacto - code
> that lead to it).
>
> > I have been trying to use the 'connlimit' patch from
> > Netfilter patch-o-matic on the director to restrict the number of
> > concurrent connections coming into the VIP. I have not been able to
> > get it working with the PREROUTING or FORWARD tables,
>
> I would have thought you could get it to work in PREROUTING, but LVS
> bypasses FORWARD, so rules in that chain won't work.
I would have thought so too.
> > and was wondering if is due to LVS that connlimit can not seem to track
> > connections?
>
> LVS doesn't use conntrack, it's too slow. However I don't know why you
> can't get rules in PREROUTING to work
Stuart, LVS in 2.6 has its own connection limiting code, have
you taken a look at that?
--
Horms
|
