From: Simon Horman <horms@verge.net.au>
To: Hannes Eder <heder@google.com>
Cc: lvs-devel@vger.kernel.org, "Wensong Zhang" <wensong@linux-vs.org>,
"Julius Volz" <julius.volz@gmail.com>,
lvs-users@linuxvirtualserver.org,
"Laurent Grawet" <laurent.grawet@uclouvain.be>,
"Jean-Luc Fortemaison" <jl.fortemaison@uclouvain.be>,
linux-kernel@vger.kernel.org,
"Jan Engelhardt" <jengelh@medozas.de>,
"Julian Anastasov" <ja@ssi.bg>,
netfilter-devel@vger.kernel.org, netdev@vger.kernel.org,
"Fabien Duchêne" <mad_fab@skynet.be>,
"Joseph Mack NA3T" <jmack@wm7d.net>,
"Patrick McHardy" <kaber@trash.net>
Subject: Re: [PATCH v2 0/4] IPVS full NAT support + netfilter 'ipvs' match support
Date: Wed, 30 Sep 2009 09:18:48 +1000 [thread overview]
Message-ID: <20090929231845.GA7255@verge.net.au> (raw)
In-Reply-To: <b5ddba180909290807j4d1d1d2dl48af9453542612ff@mail.gmail.com>
On Tue, Sep 29, 2009 at 05:07:24PM +0200, Hannes Eder wrote:
> On Tue, Sep 29, 2009 at 16:51, Simon Horman <horms@verge.net.au> wrote:
> > On Tue, Sep 29, 2009 at 02:35:15PM +0200, Hannes Eder wrote:
> >> The following series implements full NAT support for IPVS. The
> >> approach is via a minimal change to IPVS (make friends with
> >> nf_conntrack) and adding a netfilter matcher, kernel- and user-space
> >> part, i.e. xt_ipvs and libxt_ipvs.
> >
> > Its a bit late in the day for me to review the code, but I have a few
> > quick comments.
> >
> >>
> >> Example usage:
> >>
> >> % ipvsadm -A -t 192.168.100.30:80 -s rr
> >> % ipvsadm -a -t 192.168.100.30:80 -r 192.168.10.20:80 -m
> >> # ...
> >>
> >> # Source NAT for VIP 192.168.100.30:80
> >> % iptables -t nat -A POSTROUTING -m ipvs --vaddr 192.168.100.30/32 \
> >> > --vport 80 -j SNAT --to-source 192.168.10.10
> >>
> >> or SNAT-ing only a specific real server:
> >>
> >> % iptables -t nat -A POSTROUTING --dst 192.168.11.20 \
> >> > -m ipvs --vaddr 192.168.100.30/32 -j SNAT --to-source 192.168.10.10
> >
> > If the iptables rule is not in place does LVS just use
> > its old NAT behaviour?
>
> Yes, without iptables rules LVS NAT does DNAT.
Great.
> >> First of all, thanks for all the feedback. This is the changelog for v2:
> >>
> >> - Make ip_vs_ftp work again. Setup nf_conntrack expectations for
> >> related data connections (based on Julian's patch see
> >> http://www.ssi.bg/~ja/nfct/) and let nf_conntrack/nf_nat do the
> >> packet mangling and the TCP sequence adjusting.
> >>
> >> This change rises the question how to deal with ip_vs_sync? Does it
> >> work together with conntrackd? Wild idea: what about getting rid of
> >> ip_vs_sync and piggy packing all on nf_conntrack and use conntrackd?
> >>
> >> Any comments on this?
> >
> > That sounds like a reasonable suggestion.
> >
> > I think that ip_vs_sync came along before conntrackd
> > and no one has given much thought to merging the functionality.
>
> Okay, I'll dig further in this direction.
Assuming the technical side is clean, I suspect the major problem will be
how to migrate users away from ip_vs_sync.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
prev parent reply other threads:[~2009-09-29 23:18 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-29 12:35 [PATCH v2 0/4] IPVS full NAT support + netfilter 'ipvs' match support Hannes Eder
2009-09-29 12:35 ` [PATCH v2 1/4] netfilter: xt_ipvs (netfilter matcher for IPVS) Hannes Eder
2009-09-29 12:35 ` [PATCH v2 2/4] IPVS: make friends with nf_conntrack Hannes Eder
2009-09-29 12:35 ` [PATCH v2 3/4] IPVS: make FTP work with full NAT support Hannes Eder
2009-09-29 12:36 ` [PATCH v2 4/4] libxt_ipvs: user-space lib for netfilter matcher xt_ipvs Hannes Eder
2009-09-29 14:51 ` [PATCH v2 0/4] IPVS full NAT support + netfilter 'ipvs' match support Simon Horman
2009-09-29 15:07 ` Hannes Eder
[not found] ` <b5ddba180909290807j4d1d1d2dl48af9453542612ff@mail.gmail.com>
2009-09-29 23:18 ` Simon Horman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090929231845.GA7255@verge.net.au \
--to=horms@verge.net.au \
--cc=heder@google.com \
--cc=ja@ssi.bg \
--cc=jengelh@medozas.de \
--cc=jl.fortemaison@uclouvain.be \
--cc=jmack@wm7d.net \
--cc=julius.volz@gmail.com \
--cc=kaber@trash.net \
--cc=laurent.grawet@uclouvain.be \
--cc=linux-kernel@vger.kernel.org \
--cc=lvs-devel@vger.kernel.org \
--cc=lvs-users@linuxvirtualserver.org \
--cc=mad_fab@skynet.be \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=wensong@linux-vs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).