All of lore.kernel.org
 help / color / mirror / Atom feed
From: Peter Rabbitson <rabbit@rabbit.us>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Load balancing using connmark
Date: Wed, 09 May 2007 16:33:15 +0000	[thread overview]
Message-ID: <4641F7CB.3000209@rabbit.us> (raw)
In-Reply-To: <1178722806.7492.55.camel@vulcan.aspl>

Francis Brosnan Blazquez wrote:
> Hi,
> 
> I've been implementing a load balancing solution using CONNMARK, based
> on solution described by Luciano Ruete at [1]. Gracias por el post y por
> apuntar en la dirección correcta Luciano!
> 
> Once implemented, I've found that due to some reason packets aren't
> properly marked (or improperly remarked) and sent out using the wrong
> interface. 
> 
> <snip>
> 
> iptables -t mangle -A POSTROUTING -m mark  --mark ! 0 -j ACCEPT 
> iptables -t mangle -A POSTROUTING -o eth1 -j MARK --set-mark 0x1
> iptables -t mangle -A POSTROUTING -o eth2 -j MARK --set-mark 0x2
> iptables -t mangle -A POSTROUTING -j CONNMARK --save-mark

This is wrong. POSTROUTING is exactly what is is _POST_ routing. By the
time you do your marks and stuff the kernel has _already_ assigned a
packet to an interface, and you can not alter this anymore.

> After a bit of testing with the second solution, it seems to behave
> better, doing all marking job at the PREROUTING and OUTPUT.

This is flawed too. OUTPUT suffers from the very same problem as
POSTROUTING - by the time the packets hit the NF stack the process has
already bound itself to an interface, which you can not change anymore.

Peter




_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

  reply	other threads:[~2007-05-09 16:33 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-05-09 15:00 [LARTC] Load balancing using connmark Francis Brosnan Blazquez
2007-05-09 16:33 ` Peter Rabbitson [this message]
2007-05-10  6:15 ` Salim S I
2007-05-10  8:01 ` Salim S I
2007-05-10  9:06 ` Francis Brosnan Blazquez
2007-05-10  9:22 ` FW: " Salim S I
2007-05-10 10:25 ` Peter Warasin
2007-05-10 10:51 ` Peter Rabbitson
2007-05-10 10:59 ` Peter Rabbitson
2007-05-10 11:25 ` Salim S I
2007-05-10 12:04 ` David Ford
2007-05-10 12:06 ` Peter Rabbitson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4641F7CB.3000209@rabbit.us \
    --to=rabbit@rabbit.us \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.