| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTimneLE2xKg6fie5u3Cvjzcrq4VnK6wMT3pno0JK@mail.gmail.com> Date: Thu, 22 Jul 2010 17:10:22 +0800 From: Changli Gao <xiaosuo@...il.com> To: Eric Dumazet <eric.dumazet@...il.com> Cc: Franchoze Eric <franchoze@...dex.ru>, wensong@...ux-vs.org, lvs-devel@...r.kernel.org, netdev@...r.kernel.org, netfilter-devel@...r.kernel.org Subject: Re: Fwd: LVS on local node On Thu, Jul 22, 2010 at 2:56 PM, Eric Dumazet <eric.dumazet@...il.com> wrote: > > lvs seems not very SMP friendly and a bit complex. > > I would use an iptables setup and a slighly modified REDIRECT target > (and/or a nf_nat_setup_info() change) > > Say you have 8 daemons listening on different ports (1000 to 1007) > > iptables -t nat -A PREROUTING -p tcp --dport 1234 -j REDIRECT --rxhash-dist --to-port 1000-1007 > > rxhash would be provided by RPS on recent kernels or locally computed if > not already provided by core network (or old kernel) > > This rule would be triggered only at connection establishment. > conntracking take care of following packets and is SMP friendly. > > I think maybe REDIRECT is enough. If the public port is one of the real ports, you need to append "random" option to iptables target REDIRECT. If not, "REDIRECT --to-ports 1000-1007" is good enough, and the destination port will be selected in the round-robin manner. -- Regards, Changli Gao(xiaosuo@...il.com) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists