|
Hello,
On Thu, 7 Nov 2013, Patrick Schaaf wrote:
> Dear LVS users / gurus,
>
> I came across an idea today, which even appears to work, that could
> potentially reduce the number of ipvs realserver entries in an LVS-NAT
> scenario where multiple ports need to be passed through to the
> realservers.
>
> Right now I have a separate (fwmark) virtualserver for port 80, and
> several SSL ports that need different certificates on the realservers. The
> usual mangle/PREROUTING marking selects which one to use.
>
> Now the idea is to reduce the LVS setup itself to the port 80 server entry,
> always select the same fwmark for that, but use rules in
> mangle/PREROUTING like -j TOS --set-tos 0x04/0xfc, with different TOS
> values.
>
> All SSL connections then arrive at the realservers with dport 80, but
> there I have nat/PREROUTING rules matching the TOS values, using -j
> REDIRECT --to-port 44X to internally let the connection flow to the right
> SSL port.
>
> This appears to work quite nicely in a prototype setup.
>
> My question would be: we run this on kernel 2.6.32 right now. That's a
> little bit ancient, and will eventually be upgraded. Was there anything
> changed in LVS kernel code since then that would make this TOS/DSCP
> marking scheme fail?
It should be safe to change TOS, IPVS does not
use it.
Regards
--
Julian Anastasov <ja@xxxxxx>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
