Bye, Raphael
Attachment:
0001-IPVS-Add-choice-for-connection-interception-method.patch
Description: Binary data
Attachment:
0002-IPVS-Runtime-interception-method-switch.patch
Description: Binary data
Am 16.01.2008 um 12:16 schrieb Janusz Krzysztofik:
Simon Horman wrote:On Tue, Jan 15, 2008 at 05:13:14AM -0800, Joseph Mack NA3T wrote:What side effects might there be? Are they worse than not being able to NAT packets emerging from a director?I'm not sure, and thats what concerns me. For starters could we clarify that the patch in question is the following one by Janusz Krzysztofik? Also can I clarify that the aim is to be able to SNAT LVS-DR connections ...Hi,I can confirm what I have already said before: this patch works for me (now for over two years) without any unexpected side effects. The only side effect I can see is that all LVS-DR incoming packets go through conntrack, even if you do not intend to SNAT them. That could present excessive load on ancient hardware, but one can just unload conntrack modules, or turn connection tracking off for specific traffic with PREROUTING raw hook rules. However, I think this patch should be considered, if at all, as a temporary solution.Thanks, JanuszPS. I am still busy with a different project, but subscribed to lvs- devel.-To unsubscribe from this list: send the line "unsubscribe lvs-devel" inthe body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
-- :: e n d i a n :: open source - open minds :: raphael vallazza :: phone +39 0471 631763 :: fax +39 0471 631764 :: http://www.endian.com :: raphael (AT) endian.com
