Persistance and LVS
ja at ssi.bg
Fri Apr 30 21:21:43 BST 2004
On Fri, 30 Apr 2004, Joseph Mack wrote:
> > These ranges are only for the connections created from
> > the 2.2 masquerading code, not for the LVS connections:
> I'm not thinking at all clearly.
> With LVS-NAT running a persistent connection virtual service
> (eg VIP:https) all connections will be coming out of the director
> from VIP:https. I was thinking about connections originating
> from boxes NAT'ed behind a NAT router, where the client
> connections come from high ports.
> In regular (non-lvs) NAT for 2.4, the client (high) ports are no longer
> restricted to 61k-64k?
Yes, this is an improvement in netfilter
> Do the NAT'ed ports collide with ports from connections made by clients
> on the NAT-router like they could with 2.2?
LVS makes sure such connections are not confirmed to
netfilter by using hook with more priority compared to the
confirmation function in LOCAL_IN. In such case the netfilter
connections are created and dropped on each packet. May be the
NFCT support has more chance in avoiding such collisions by
keeping the netfilter connection registered.
Julian Anastasov <ja at ssi.bg>
More information about the lvs-users