From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?iso-8859-1?Q?Patrick_Brand=E3o?= Date: Tue, 26 Jun 2007 15:04:56 +0000 Subject: Re: [LARTC] Load Balance and SNAT problem. Message-Id: <00dd01c7b803$5d7acc90$c70010ac@notebook> List-Id: References: <7e47206b0706242007q487365d3gb7c12658b9669edd@mail.gmail.com> In-Reply-To: <7e47206b0706242007q487365d3gb7c12658b9669edd@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To: lartc@vger.kernel.org Try this algol: MANGLE: 1 - restore mark 2 - accept mark 1 accept mark 2 3 - random mark 1 ou 2 4 - save mark NAT 5 - SNAT per interface. Att, Patrick Brand=E3o ----- Original Message -----=20 From: "Grant Taylor" To: "Mail List - Linux Advanced Routing and Traffic Control"=20 Sent: Tuesday, June 26, 2007 11:37 AM Subject: Re: [LARTC] Load Balance and SNAT problem. > On 06/26/07 01:46, Peter Rabbitson wrote: >> This is a bad bad advice in this day and age. > > I think that is a bit of a bold statement. You are free to have your=20 > opinion on what is better for you, as am I. > >> If there are not enough users route caching will kill him. Here is a=20 >> recent discussion of this: >> http://marc.info/?l=3Dlartc&m=117912699505681&w=3D2 > > Um, I just read this discussion and I have a few issues with it. > > First and foremost: It did not cover the reason "... route caching will = > kill ..." to my satisfaction like you indicated. > > Second: It relies on user space processes to alter and maintain things. = > Thus if for some reason these processes do not run or do not do so in a=20 > timely manner, they may not function correctly. > > Third: You are altering the way a running kernel is operating from user = > space, not letting the kernel maintain its self. > > Fourth: Occam's Razor dictates the use of the simpler and equally=20 > effective (equality is debatable) method to achieve the same result. > > Though the method you site has potential, I think there is just as much=20 > room for improvement as there is in the method that I suggested. Each=20 > method has its pros and cons. > >> P.S. I am not insisting that netfilter is superior in this regard, I am = >> simply expressing common requirements and looking into ways of achieving= =20 >> them. If someone can point me to how to do this with kernel routes - I = >> am all ears, since I recognize that the netfilter solution is not very=20 >> elegant, although it works. > > By your own statement, you are indicating that both methods leave=20 > something to be desired. > > > > Grant. . . . > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >=20 _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc