Re: [PATCH] [IPVS] transparent proxying

All of lore.kernel.org
 help / color / mirror / Atom feed

From: home_king <home_king@163.com>
To: "Wensong Zhang" <wensong@linux-vs.org>
Cc: "Horms" <horms@verge.net.au>,
	netdev@vger.kernel.org, "David Miller" <davem@davemloft.net>,
	"Julian Anastasov" <ja@ssi.bg>,
	"Joseph Mack NA3T" <jmack@wm7d.net>
Subject: Re: [PATCH] [IPVS] transparent proxying
Date: Thu, 30 Nov 2006 09:49:18 +0800	[thread overview]
Message-ID: <456E389E.7090809@163.com> (raw)

hi, Wensong. Thanks for your appraise.

 > I see that this patch probably makes IPVS code a bit complicated and
 > packet traversing less efficiently.

In my opinion, worry about the side-effect to the packet throughput is not
necessary. First, normal packets with mark rarely appear in the 
NF_IP_FORWARD
chain, while people mark packets aiming at the network administration job
usually on the NF_IP_LOCAL_IN or NF_IP_OUTPUT chain. Second, the new hook fn
is called after ipvs SNAT hook fn, and pass the packets handled by the 
latter
hook fn by simply checking the ipvs_property flag, so it would not 
disturb the
SNAT job. Third, the new hook fn is just a thin wrapper of ip_vs_in(), 
so now
that all packets which go through NF_IP_LOCAL_IN will be entirely checked up
by ip_vs_in(), no matter they are virtual-server relative or not, why we 
mind
that a comparatively small quantity of packets which go through 
NF_IP_FORWARD
will be checked too?

 > If I remember correctly, policy-based routing can work with IPVS in
 > kernel 2.2 and 2.4 for transparent cache cluster for a long time. It
 > should work in kernel 2.6 too.

Indeed, policy route can help too, but the patch provides a native manner to
deploy transparent proxy, and meanwhile, this manner will not break the
backbone networking context, such as policy routing setting, iptables 
rules,
etc.

next             reply	other threads:[~2006-11-30  1:51 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-11-30  1:49 home_king [this message]
2006-12-01 15:41 ` [PATCH] [IPVS] transparent proxying Wensong Zhang
  -- strict thread matches above, loose matches on Subject: below --
2006-12-04  5:53 home_king
2006-12-04 17:20 ` Wensong Zhang
2006-11-29  6:21 Horms
2006-11-29 14:15 ` Thomas Graf
2006-11-29 14:46   ` Horms
2006-12-18  3:19     ` Horms
2006-12-18 14:17       ` Thomas Graf
2006-11-29 15:26 ` Wensong Zhang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=456E389E.7090809@163.com \
    --to=home_king@163.com \
    --cc=davem@davemloft.net \
    --cc=horms@verge.net.au \
    --cc=ja@ssi.bg \
    --cc=jmack@wm7d.net \
    --cc=netdev@vger.kernel.org \
    --cc=wensong@linux-vs.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.