On Thursday 30 August 2012 18:22:48 you wrote: > Unfortunately, asymmetric active-active is a crazy setup for conntrack > (documentation already discuss this). The state synchronization that > we are doing is asynchronous, so state-updates race with TCP packet. > We don't support this, sorry. The environment does fulfil the assumptions necessary for replication to happen within the handshake so under 3.2 there is no issue with handshakes completing under an asymmetric path. Nonetheless, what doesn't make sense is that this operates under 3.2 and not 3.4 - also is the fact that having a "-j CT --notrack" on specific traffic (i.e. asymmetric should not matter because there is no stateful tracking) Kind Regards, Oliver -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
