Yes, but you can not run iptables/netfilter and maintain connection tracking with keepalived(vrrp).. so if you fail over, established/related traffic will not be known to . For some folks this isn't an issue. For me is a show-stopper. I'm sure there are good reasons why the netfilter folks can't come up with conntrack state-sharing mechanism. just my $0.02, ->Jim -----Original Message----- From: lvs-users-bounces+jimm=simutronics.com@xxxxxxxxxxxxxxxxxxxxxx [mailto:lvs-users-bounces+jimm=simutronics.com@xxxxxxxxxxxxxxxxxxxxxx]On Behalf Of mb@xxxxxxxxxxxxxxxx Sent: Tuesday, September 16, 2003 4:26 PM To: LinuxVirtualServer.org users mailing list. Subject: Re: LVS and fault-tolerant Firewall. Quoting Kjetil Torgrim Homme <kjetilho@xxxxxxxxxx>: > do you really need LVS? you only need failover, not load balancing, > right? Correct. > > keepalived does the failover bit nicely. > Excellent! - Exactly what I was looking for. Regards, MB > (Julian Anastasov is working on making LVS integrate with Netfilter. > LVS passes on the packets before firewall rules are applied. if the > code is completed, Netfilter integration will be an option since the > performance penalty is quite noticable.) > -- > Kjetil T. | read and make up your own mind > | http://www.cactus48.com/truth.html > _______________________________________________ > LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx > or go to http://www.in-addr.de/mailman/listinfo/lvs-users > ------------------------------------------------------------------------- This e-mail was sent via Data FX Online WebMail http://www.datafx.com.au/ _______________________________________________ LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx or go to http://www.in-addr.de/mailman/listinfo/lvs-users
