Dear LVS developers, (sorry if this seems silly - I prefer asking around over getting bitten some time down the road...) we run ipvs in LVS-NAT mode on two loadbalancers in an active/standby setup, with ipvssync threads (and conntrackd) syncing state between the balancers. This is running kernel 2.6.36 at the moment. Most of the ipvs services we run are fwmark based. Until now, we mark all relevant packets. Now I had the idea, that it would be sufficient to only mark --syn packets - potentially saving a number of iptables rule checks for the more frequent case of non-syn packets. This seems to work for initial tests, but I am a bit worried whether it would still work in a failover case, thus my question: Upon takeover on the standby balancer, will new, UNmarked frames of existing connections, be properly matched up to previously synced state, so that these connections continue to work? In other words, is the IP header information (IP/port four-tuple) sufficient for connection pickup, and independant of the fwmark value on the packets? best regards Patrick -- To unsubscribe from this list: send the line "unsubscribe lvs-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html