Re: Load Balance and SNAT problem.

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Try this algol:

MANGLE:
1 - restore mark
2 - accept mark 1
    accept mark 2
3 - random mark 1 ou 2
4 - save mark

NAT
5 - SNAT per interface.

Att,
Patrick Brandão
----- Original Message ----- From: "Grant Taylor" <gtaylor@xxxxxxxxxxxxxxxxx> To: "Mail List - Linux Advanced Routing and Traffic Control" <lartc@xxxxxxxxxxxxxxx> 
Sent: Tuesday, June 26, 2007 11:37 AM
Subject: Re:  Load Balance and SNAT problem.



On 06/26/07 01:46, Peter Rabbitson wrote:

This is a bad bad advice in this day and age.
I think that is a bit of a bold statement. You are free to have your opinion on what is better for you, as am I.
If there are not enough users route caching will kill him. Here is a recent discussion of this: 
http://marc.info/?l=lartc&m=117912699505681&w=2


Um, I just read this discussion and I have a few issues with it.
First and foremost: It did not cover the reason "... route caching will kill ..." to my satisfaction like you indicated.
Second: It relies on user space processes to alter and maintain things. Thus if for some reason these processes do not run or do not do so in a timely manner, they may not function correctly.
Third: You are altering the way a running kernel is operating from user space, not letting the kernel maintain its self.
Fourth: Occam's Razor dictates the use of the simpler and equally effective (equality is debatable) method to achieve the same result.
Though the method you site has potential, I think there is just as much room for improvement as there is in the method that I suggested. Each method has its pros and cons.
P.S. I am not insisting that netfilter is superior in this regard, I am simply expressing common requirements and looking into ways of achieving them. If someone can point me to how to do this with kernel routes - I am all ears, since I recognize that the netfilter solution is not very elegant, although it works.
By your own statement, you are indicating that both methods leave something to be desired. 



Grant. . . .
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc



_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux