|
On Mon, 3 Mar 2008, Nicol, David wrote:
>
> Jacek Artymiak's "Building Firewalls with OpenBSD and PF"
> book discusses load balancing setups in terms of how to
> configure pf to deliver pretty much everything LVS offers.
don't use *BSD but had heard that pf can do just about
anything. However I hadn't realised that pf could do
LVS-like loadbalancing. If so that's pretty neat. (am
downloading the pf-faq.)
When netfilter became available, LVS was rewritten with the
idea of being a netfilter module. This wasn't possible at
least because of speed and as a result LVS sort of hangs off
the side of netfilter, not completely obeying the rules. The
LVS that resulted also bypassed pieces of the netfilter
packet routing diagram, and so iptables rules don't always
work. For historical reasons LVS was in the LOCAL_IN chain.
When netfilter arrived, there were better places to put it,
but since everything was working fine, for what LVS was
being used for, no-one thought to move it.
Whether the problems with fitting LVS into netfilter
indicate netfilter limitations or not I don't know. At OLS
you'll hear people discussing other possible schemes to
netfilter but I don't know enough about the alternate
schemes to know if they're reasonable or not. Certainly
no-one has coded any of them up (that I've heard of).
thanks for the pointer
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
|
