Hi Patrick, This is the second version of the clustering support for iptables. The following patches add one target for arptables, one target and one match for iptables. They are useful to setup active/active setups both for gateways with connection tracking support and back-end servers. [PATCH 1/3] netfilter: arptables: add mcmangle target [PATCH 2/3] netfilter: xtables: add PKTTYPE target [PATCH 3/3] netfilter: xtables: add cluster match One node of my testbed in an primary/backup setup performs very simple stateful filtering and NAT of ~21000 TCP connections per second. By using these target/matches appropriately, my two firewall nodes (multi-primary setup) can filter traffic reaching up to ~30000 connection per second, which means a gain of ~40% more. I don't know yet the limit of this solution in terms of scalability as I also have two firewall nodes. BTW, this patchset contains some of the Jan Engelhardt's suggestions. -- "Los honestos son inadaptados sociales" -- Les Luthiers -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
