From: Tobias DiPasquale <codeslinger@gmail.com>
To: Henrik Nordstrom <hno@marasystems.com>
Cc: Harald Welte <laforge@netfilter.org>,
netfilter-devel <netfilter-devel@lists.netfilter.org>,
hadi@cyberus.ca,
Netfilter-failover list <netfilter-failover@lists.netfilter.org>,
KOVACS Krisztian <hidden@balabit.hu>
Subject: Re: [nf-failover] Re: [RFC] ct_sync 0.15 (corrected)
Date: Tue, 28 Sep 2004 10:24:38 -0400 [thread overview]
Message-ID: <876ef97a040928072462b9f44@mail.gmail.com> (raw)
In-Reply-To: <Pine.LNX.4.61.0409281554150.32381@filer.marasystems.com>
On Tue, 28 Sep 2004 15:58:52 +0200 (CEST), Henrik Nordstrom
<hno@marasystems.com> wrote:
> On Tue, 28 Sep 2004, KOVACS Krisztian wrote:
>
> > There are other solutions for that problem, for example Harald's
> > ClusterIP code. If we could integrate that with ct_sync we would be able
> > to do multi-master packet filter clusters without any load balancers
> > before the cluster. If the NAT core would be integrated with ClusterIP's
> > hash to avoid conntrack clashes we could do this without statically
> > assigning different NAT addresses to each node.
>
> Any ideas on how would this work?
>
> Lets reason around the common MASQUERADE case where an internal network
> needs to be SNAT:ed when going out to the Internet.
Forgive me for bringing this back up, but...
I believe that Saru handles this problem by assigning "blocks" (a
block being a fixed-sized range of units, e.g. 512 source ports in
sequence) of IPs and ports to various nodes in the cluster and each
node only handles the IP/ports in its assigned blocks. The lookup is
just a bitop so its fast and this would handle the MASQUERADE case
mentioned above nicely. The blocks are handed out by a userspace
daemon as nodes enter and leave the cluster.
Would this not work?
--
[ Tobias DiPasquale ]
0x636f6465736c696e67657240676d61696c2e636f6d
next prev parent reply other threads:[~2004-09-28 14:24 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-08-13 14:26 [RFC] ct_sync 0.15 (corrected) KOVACS Krisztian
2004-08-19 11:06 ` Harald Welte
2004-08-19 12:13 ` KOVACS Krisztian
2004-08-26 10:00 ` Jozsef Kadlecsik
2004-08-26 11:12 ` KOVACS Krisztian
2004-08-26 11:39 ` Jozsef Kadlecsik
2004-08-26 16:14 ` [nf-failover] " KOVACS Krisztian
2004-08-19 12:13 ` KOVACS Krisztian
2004-08-19 16:13 ` Henrik Nordstrom
2004-08-22 20:43 ` KOVACS Krisztian
2004-08-24 18:37 ` Harald Welte
2004-08-25 11:41 ` jamal
2004-08-22 0:40 ` Patrick McHardy
2004-08-22 7:49 ` [nf-failover] " KOVACS Krisztian
2004-08-22 20:42 ` Sven Schuster
2004-08-23 9:51 ` Patrick McHardy
2004-09-02 5:10 ` Willy Tarreau
2004-09-02 12:39 ` KOVACS Krisztian
2004-09-24 2:42 ` jamal
2004-09-25 7:52 ` [nf-failover] " Harald Welte
2004-09-27 13:07 ` jamal
2004-09-27 13:30 ` KOVACS Krisztian
2004-09-27 13:39 ` Harald Welte
2004-09-28 2:41 ` jamal
2004-09-28 6:46 ` Henrik Nordstrom
2004-09-28 10:56 ` jamal
2004-09-28 12:24 ` KOVACS Krisztian
2004-09-28 12:35 ` Henrik Nordstrom
2004-09-28 12:57 ` KOVACS Krisztian
2004-09-28 13:14 ` jamal
[not found] ` <1096379957.1026.5.camel@jzny.localdomain>
2004-09-28 14:46 ` Henrik Nordstrom
2004-09-28 14:56 ` KOVACS Krisztian
2004-09-28 15:07 ` Henrik Nordstrom
2004-09-28 18:04 ` Sven Schuster
2004-09-28 18:47 ` Henrik Nordstrom
2004-09-28 20:57 ` Sven Schuster
2004-09-28 22:30 ` Tobias DiPasquale
2004-09-28 23:36 ` Henrik Nordstrom
2004-09-29 3:00 ` Tobias DiPasquale
2004-09-29 8:34 ` Henrik Nordstrom
2004-09-29 2:14 ` Jamal Hadi Salim
2004-09-29 8:12 ` Henrik Nordstrom
2004-09-29 11:13 ` Jamal Hadi Salim
2004-09-29 11:29 ` KOVACS Krisztian
2004-09-29 11:44 ` Henrik Nordstrom
2004-09-29 13:03 ` Jamal Hadi Salim
2004-09-29 13:41 ` Henrik Nordstrom
2004-09-29 14:23 ` jamal
2004-09-29 15:02 ` Henrik Nordstrom
2004-09-30 12:24 ` jamal
2004-09-28 13:58 ` Henrik Nordstrom
2004-09-28 14:24 ` Tobias DiPasquale [this message]
2004-09-28 11:58 ` Tobias DiPasquale
2004-09-28 12:11 ` KOVACS Krisztian
2004-09-28 12:31 ` Henrik Nordstrom
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=876ef97a040928072462b9f44@mail.gmail.com \
--to=codeslinger@gmail.com \
--cc=hadi@cyberus.ca \
--cc=hidden@balabit.hu \
--cc=hno@marasystems.com \
--cc=laforge@netfilter.org \
--cc=netfilter-devel@lists.netfilter.org \
--cc=netfilter-failover@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.