Persistance and LVS

Julian Anastasov ja at
Fri Apr 30 21:21:43 BST 2004


On Fri, 30 Apr 2004, Joseph Mack wrote:

> >         These ranges are only for the connections created from
> > the 2.2 masquerading code, not for the LVS connections:
> I'm not thinking at all clearly.
> With LVS-NAT running a persistent connection virtual service
> (eg VIP:https) all connections will be coming out of the director
> from VIP:https. I was thinking about connections originating
> from boxes NAT'ed behind a NAT router, where the client
> connections come from high ports.
> In regular (non-lvs) NAT for 2.4, the client (high) ports are no longer
> restricted to 61k-64k?

	Yes, this is an improvement in netfilter

> Do the NAT'ed ports collide with ports from connections made by clients
> on the NAT-router like they could with 2.2?

	LVS makes sure such connections are not confirmed to
netfilter by using hook with more priority compared to the
confirmation function in LOCAL_IN. In such case the netfilter
connections are created and dropped on each packet. May be the
NFCT support has more chance in avoiding such collisions by
keeping the netfilter connection registered.

> Joe


Julian Anastasov <ja at>

More information about the lvs-users mailing list