Hi, This issue has already been discussed here, but we have not reached a conclusion. I'm reviewing my firewall script (iptables yet) and I would like to review the configuration of link load balancing. The problem is that setting too complicated without the routing cache. With cache I could set a per-flow balancing. To do this, i configured "gc_interval" as 1 and defined a higher value for "gc_timeout". Thus I forced distribution by origin and destination every second (1s), but the routing path was maintained by "gc_timeout". This was the best way I found to balancing Internet links. IMHO, this worked well because it was a flow load balance. So, my connection could be distributed by different links, but not in a short time to the same destination. This avoided problems with HTTS sessions or webmail, for example. >From what I understand... without routing cache, i need to do a firewall configuration via CONNMARK. To do this its simple. However this creates a balancing per connection, not per flow. I didn't like to see a routing path changed in a https session - In many cases, local socket is changed constantly. I know that I can set the path for certain cases by the firewall rule, but that would be too much unproductive. I don't understand why such a radical step in the kernel code. Would have been much better to have the possibility to enable or disable the routing cache instead of removing the code completely. Recently I needed to return the kernel version of one firewall (I need to review my scripts first). How do the load balancing per flow without routing cache? Any ideas? Thanks -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
