lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <493EB950.8020203@thusa.co.za>
Date:	Tue, 09 Dec 2008 20:30:40 +0200
From:	Colin Alston <colin.alston@...sa.co.za>
To:	shorewall-devel@...ts.sourceforge.net
CC:	netdev@...r.kernel.org
Subject: Re: [Shorewall-devel] Fwd: iproute weight balancing problem with
 youtube

On 2008/12/09 07:03 PM Markus Frahm wrote:
> Dear Stephen Hemminger,
> we have found a problem with ip route and multiple internet connections using 
> the ip route 'weight' option to balance the traffic of a NAT firewall between 
> several lines. Internet sites like 'youtube' show videos only with 50% 
> probability because youtube and similar sites demand several connections (for 
> the web site and the flash stream) to come from the same source IP. Is there a 
> simple solution for this problem for example to increase the time in the 
> balancing algorithm or a cache for source IPs? 
> Regards
>   

Should not be a problem. YouTube uses a single stream for buffering and 
there should not be any conflict between a change in source address with 
the request for the flash applet and the stream. HTTP does not work that 
way... There are some protocols that do, in which case there is contrac 
to solve that problem, if there were a bug it would be in contrac so you 
should raise the issue on the Netfilter lists.

I have personally used Shorewall in such a configuration (we are 
designing a product at the moment for that exact purpose) and have not 
seen any issues. Are you sure this is not a packet loss issue on one of 
the upstreams?
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ