copying conntrack state tables between two machines

copying conntrack state tables between two machines

[srg]

Hello:

I am thinking about writing a small program in order to "copy" the 
connections table from one machine to another machine.
The final purpose is configure the second machine as a "backup" machine 
with linux-ha and if the primary fails then the backup will assume the 
traffic WITHOUT LOOSING CONNECTIONS (the purpose is that from the point 
of view of the clients and servers before/after the linux machines do 
NOT need to reestablish the connections they have established before the 
failure).

What do you think that is the best way to do this?

In the other hand... It is possible to do the same with IKE SA & IPSEC 
SA (using pluto + kernel 2.6 built in ipsec) ?

Thanks and best regards

Re: copying conntrack state tables between two machines

[Samuel Jean]

On Mon, February 7, 2005 3:32 pm, srg said:
> Hello:
>
> I am thinking about writing a small program in order to "copy" the
> connections table from one machine to another machine.
> The final purpose is configure the second machine as a "backup" machine
> with linux-ha and if the primary fails then the backup will assume the
> traffic WITHOUT LOOSING CONNECTIONS (the purpose is that from the point
> of view of the clients and servers before/after the linux machines do
> NOT need to reestablish the connections they have established before the
> failure).
>
> What do you think that is the best way to do this?

Well, my first guess is you are looking for ct_sync, that's _the_
netfilter-ha currently developped by Kristzian KOVACS and Harald Welte.

Take a look at :
http://svn.netfilter.org/cgi-bin/viewcvs.cgi/trunk/netfilter-ha/

Perhaps you'll get interested in giving some help on there.
(Instead of reinventing the wheel)

>
> In the other hand... It is possible to do the same with IKE SA & IPSEC
> SA (using pluto + kernel 2.6 built in ipsec) ?

I don't know anything about it.

>
> Thanks and best regards
>
>
Have a good day!

Samuel