LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Does conntrack information survive LVS-NAT?

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Does conntrack information survive LVS-NAT?
From: Nelson Castillo <nelsoneci@xxxxxxxxx>
Date: Thu, 23 Jun 2005 13:42:46 -0500
Hi.

I'm using LVS-NAT with 2 uplink providers. I'm marking packages
and using keepalived with fwmark. I configured the LVS cluster
via keepalived.

My question is: Is the conntrack information set again on the packages
that come back from the real servers to be routed by the director?

I'm trying to use the mark set by the iptables conntrack module to
select the correct route for the packet returning to the client. But I don't
know how to check if the mark is set. My experiments suggest that
the mark is not set. (for instance, from a given client I can only reach
a given service from one of the ips the director has, so I guess the route
is being chosen at random and also cached).

I checked the packages are reaching the real servers
(ipvsadm shows the active connections).

I found this howto:

http://www.ssi.bg/~ja/nfct/HOWTO.txt

Do I need this ipvs-nfct patch?

It seems it's not applied in the Debian sarge package I'm using.

What should I read?
How can I further debug this issue?

Thanks,
Nelson.-

-- 
Homepage : http://geocities.com/arhuaco

The first principle is that you must not fool yourself
and you are the easiest person to fool.
     -- Richard Feynman.

<Prev in Thread] Current Thread [Next in Thread>