* [PATCH 0/3] netfilter: multi-primary clustering support
@ 2009-01-28 14:57 Pablo Neira Ayuso
0 siblings, 0 replies; only message in thread
From: Pablo Neira Ayuso @ 2009-01-28 14:57 UTC (permalink / raw)
To: Netfilter Development Mailinglist; +Cc: Patrick McHardy
Hi Patrick,
The following patches add one target for arptables, one target and one
match for iptables. They are useful to setup active/active setups both
for gateways with connection tracking support and back-end servers.
[PATCH 1/3] netfilter: arptables: add mcmangle target
[PATCH 2/3] netfilter: xtables: add PKTTYPE target
[PATCH 3/3] netfilter: xtables: add cluster match
One node of my testbed in an primary/backup setup performs very simple
stateful filtering and NAT of ~21000 TCP connections per second. By
using these target/matches appropriately, my two firewall nodes
(multi-primary setup) can filter traffic reaching up to ~30000
connection per second, which means a gain of ~40% more. I don't know yet
the limit of this solution in terms of scalability as I also have two
firewall nodes.
Please, let me know if this approach is ready for merge to the 2.6.30
tree ;).
--
"Los honestos son inadaptados sociales" -- Les Luthiers
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2009-01-28 14:57 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-01-28 14:57 [PATCH 0/3] netfilter: multi-primary clustering support Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.