* conntrackd and TCP flow recovery
@ 2012-07-18 7:22 kay
[not found] ` <CAJygYd2LoqUKa_r+DomrvrgCDJ1bDXgu=wgvXUpkjnURAE5eJw@mail.gmail.com>
2012-07-18 8:09 ` AW: " Thomas Bätzler
0 siblings, 2 replies; 7+ messages in thread
From: kay @ 2012-07-18 7:22 UTC (permalink / raw)
To: netfilter
Hello guys,
I have very strange requirement. I need to DNAT (using RAWDNAT) the
already established connection (simple HTTP keepalive) to another
server without TCP session reestablishment.
For example I have web0 (input gateway), web1 (primary server), web2
(slave server). SYN/ACK should be processed by web1, but "GET
HTTP/1.1" request should be passed to web2. For this purposes, I
guess, I need to establish fake connections on web2 which should be
the same as on web1. I've already implemented RAWDNAT + RAWSNAT and
SYN/ACK packet goes to web1 and all subsequent packets goes to web2,
but web2 ignores them as it doesn't know about them. Is it possible to
implement my requirement using conntrackd?
Thanks in advance.
^ permalink raw reply [flat|nested] 7+ messages in thread[parent not found: <CAJygYd2LoqUKa_r+DomrvrgCDJ1bDXgu=wgvXUpkjnURAE5eJw@mail.gmail.com>]
* Re: conntrackd and TCP flow recovery
[not found] ` <CAJygYd2LoqUKa_r+DomrvrgCDJ1bDXgu=wgvXUpkjnURAE5eJw@mail.gmail.com>
@ 2012-07-18 7:45 ` kay
2012-07-18 16:19 ` Ed W
0 siblings, 1 reply; 7+ messages in thread
From: kay @ 2012-07-18 7:45 UTC (permalink / raw)
To: netfilter
ipvs works in couple with keepalived. I don't need to balance traffic
between web1 and web2, I need to pass matched some rule packets (and
subsequents) to web2 transparently. Established connection should not
be reset and client should not know about that.
2012/7/18 Yucong Sun (叶雨飞) <sunyucong@gmail.com>:
> I have read something about IPvs support such use case, with kernel tcp
> hand-off
>
> On Wed, Jul 18, 2012 at 12:22 AM, kay <kay.diam@gmail.com> wrote:
>>
>> Hello guys,
>>
>> I have very strange requirement. I need to DNAT (using RAWDNAT) the
>> already established connection (simple HTTP keepalive) to another
>> server without TCP session reestablishment.
>>
>> For example I have web0 (input gateway), web1 (primary server), web2
>> (slave server). SYN/ACK should be processed by web1, but "GET
>> HTTP/1.1" request should be passed to web2. For this purposes, I
>> guess, I need to establish fake connections on web2 which should be
>> the same as on web1. I've already implemented RAWDNAT + RAWSNAT and
>> SYN/ACK packet goes to web1 and all subsequent packets goes to web2,
>> but web2 ignores them as it doesn't know about them. Is it possible to
>> implement my requirement using conntrackd?
>>
>> Thanks in advance.
>> --
>> To unsubscribe from this list: send the line "unsubscribe netfilter" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: conntrackd and TCP flow recovery
2012-07-18 7:45 ` kay
@ 2012-07-18 16:19 ` Ed W
0 siblings, 0 replies; 7+ messages in thread
From: Ed W @ 2012-07-18 16:19 UTC (permalink / raw)
To: kay; +Cc: netfilter
On 18/07/2012 08:45, kay wrote:
> ipvs works in couple with keepalived. I don't need to balance traffic
> between web1 and web2, I need to pass matched some rule packets (and
> subsequents) to web2 transparently. Established connection should not
> be reset and client should not know about that.
>
For many situations a frontend load balancer is very lightly loaded when
proxying through to a backend http server. Perhaps you don't need to do
this transparently and simply adding a high performance non transparent
proxy would be a solution?
Good luck
Ed W
^ permalink raw reply [flat|nested] 7+ messages in thread
* AW: conntrackd and TCP flow recovery
2012-07-18 7:22 conntrackd and TCP flow recovery kay
[not found] ` <CAJygYd2LoqUKa_r+DomrvrgCDJ1bDXgu=wgvXUpkjnURAE5eJw@mail.gmail.com>
@ 2012-07-18 8:09 ` Thomas Bätzler
2012-07-18 8:13 ` kay
1 sibling, 1 reply; 7+ messages in thread
From: Thomas Bätzler @ 2012-07-18 8:09 UTC (permalink / raw)
To: netfilter; +Cc: kay
Hi,
kay <kay.diam@gmail.com> asked:
> I have very strange requirement. I need to DNAT (using RAWDNAT) the
> already established connection (simple HTTP keepalive) to another
> server without TCP session reestablishment.
>
> For example I have web0 (input gateway), web1 (primary server), web2
> (slave server). SYN/ACK should be processed by web1, but "GET
> HTTP/1.1" request should be passed to web2. For this purposes, I
> guess, I need to establish fake connections on web2 which should be
> the same as on web1. I've already implemented RAWDNAT + RAWSNAT and
> SYN/ACK packet goes to web1 and all subsequent packets goes to web2,
> but web2 ignores them as it doesn't know about them. Is it possible to
> implement my requirement using conntrackd?
conntrackd is for synchronizing the connection tracking tables on a redundant pair of NAT gateways, so it's no use to you.
I imagine the problem is that the webserver on web2 doesn't know that there's an established connection that it should handle - how could it, without the tcp handshake?
Care to elaborate on what you're trying to achieve (vs. what you're tyring to do ;-))?
Cheers,
Thomas
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2012-07-18 16:19 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-07-18 7:22 conntrackd and TCP flow recovery kay
[not found] ` <CAJygYd2LoqUKa_r+DomrvrgCDJ1bDXgu=wgvXUpkjnURAE5eJw@mail.gmail.com>
2012-07-18 7:45 ` kay
2012-07-18 16:19 ` Ed W
2012-07-18 8:09 ` AW: " Thomas Bätzler
2012-07-18 8:13 ` kay
2012-07-18 8:17 ` Yucong Sun (叶雨飞)
2012-07-18 14:13 ` kay
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.