Sorry, but it doesn't work that way. CONNMARK needs helper modules like the ones for FTP or H.323 to really know if connections belong to the same session. To cover all gaming and IM apps with own helper modules is practically impossible. I remember even MSN have had problems (timeout every 5 mins), but it seems to have been fixed at the server level. Could you please point out if I had missed any open discussion in the list which covers these things? -----Original Message----- From: Luciano Ruete [mailto:luciano@xxxxxxxxxxxxx] Sent: Wednesday, May 30, 2007 11:46 AM To: Salim S I Subject: Re: Multihome load balancing - kernel vs netfilter On Tuesday 29 May 2007 03:16:47 you wrote: > None of the load balancing techniques I have come across seems to cover > 'IP-Persistence'. For example, a session with several connections (for > which no conntrack-helper modules exist), will have problems, as its > connections will be routed through different WAN interfaces. Some > servers are very particular about the source IP of the packets they > receive. I suspect online gaming and instant messengers will have > problems with load balancing. How is the experience of other people in > here? > > A rewrite of 'recent' match to include both source and destination may > turn out to be a solution, albeit with low performance. Any other ideas? In this same thread a CONNMARK solution was exposed, and this same CONNMARK solution was openly discused several times in this list. All the cases that you mention (online gamming, instant messenger) and all other that you do not mention are solved having a connection-aware firewall, which is capable to route over the same link packets that belongs to the same logical connection, this is achived perfectly using netfilter CONNMARK. Regards! -- Luciano _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
