Hi,
I have to check it out, but in the mean time I already wrote my small
iptables plugin to rewrite the dst-addr.
let's call it pre-alpha:
https://github.com/creamfinance/dstwrite
BR
Thomas
On 13 Sep 2017, at 11:34, Arturo Borrero Gonzalez wrote:
On 12 September 2017 at 08:00, Thomas Rosenstein
<thomas.rosenstein@xxxxxxxxxxxxxxxx> wrote:
Hello,
I'm trying to setup L3 load balancing (with direct server return)
which
requires me to send back or receive packets with a certain src/dst
address,
but for these packets the dst address is replaced on the load
balancer, then
routed and are arriving on my linux container.
I guess you could do this with nftables. You can perform this kind of
load balancing with nftables out of the box [0].
Note that nftables should be able to work with DSCP, so you can
combine both things (matching, load-balancing) with the same
technology.
Please, read the docs in our wiki and do some tests. After that, it
would be great if you come back here and report your experience :-)
Perhaps we can generate a concrete example and put it in the wiki for
future references.
[0] https://wiki.nftables.org/wiki-nftables/index.php/Load_balancing
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
