>>>>> "Jason" == Jason Boxman <jasonb@xxxxxxxxxx> writes:
Jason> Luciano Ruete wrote: <snip>
>> Besides that, you need to solve the problems that multipath
>> will arise, like TOS situation described above or route cache
>> expiration, that could made long term conns to be routed over a
>> new iface. The solutions i know are CONNMARK(kernel>=2.6.12)
>> and julian's patches[1]. Personally i prefer CONNMARK.
Jason> Could you elaborate a little more on the CONNMARK method?
I second that motion -- not too clear on the interaction between SNAT,
multiple interfaces, multiple default routes and CONNMARK </aol
mode="metoo">. If someone could take out the time to make a complete
example with (say) 2 outgoing interfaces, I promise a small GPL script
in exchange which would automate the whole process.
Actually the script's already made, but it doesn't use CONNMARK and
suffers from the problems Jason describes and as documented in:
http://mailman.ds9a.nl/pipermail/lartc/2006q1/018220.html
Regards,
-- Raju
--
Raj Mathur raju@xxxxxxxxxxxxx http://kandalaya.org/
GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F
It is the mind that moves
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
