All of lore.kernel.org
 help / color / mirror / Atom feed
* conntrackd and TCP flow recovery
@ 2012-07-18  7:22 kay
       [not found] ` <CAJygYd2LoqUKa_r+DomrvrgCDJ1bDXgu=wgvXUpkjnURAE5eJw@mail.gmail.com>
  2012-07-18  8:09 ` AW: " Thomas Bätzler
  0 siblings, 2 replies; 7+ messages in thread
From: kay @ 2012-07-18  7:22 UTC (permalink / raw)
  To: netfilter

Hello guys,

I have very strange requirement. I need to DNAT (using RAWDNAT) the
already established connection (simple HTTP keepalive) to another
server without TCP session reestablishment.

For example I have web0 (input gateway), web1 (primary server), web2
(slave server). SYN/ACK should be processed by web1, but "GET
HTTP/1.1" request should be passed to web2. For this purposes, I
guess, I need to establish fake connections on web2 which should be
the same as on web1. I've already implemented RAWDNAT + RAWSNAT and
SYN/ACK packet goes to web1 and all subsequent packets goes to web2,
but web2 ignores them as it doesn't know about them. Is it possible to
implement my requirement using conntrackd?

Thanks in advance.

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: conntrackd and TCP flow recovery
       [not found] ` <CAJygYd2LoqUKa_r+DomrvrgCDJ1bDXgu=wgvXUpkjnURAE5eJw@mail.gmail.com>
@ 2012-07-18  7:45   ` kay
  2012-07-18 16:19     ` Ed W
  0 siblings, 1 reply; 7+ messages in thread
From: kay @ 2012-07-18  7:45 UTC (permalink / raw)
  To: netfilter

ipvs works in couple with keepalived. I don't need to balance traffic
between web1 and web2, I need to pass matched some rule packets (and
subsequents) to web2 transparently. Established connection should not
be reset and client should not know about that.

2012/7/18 Yucong Sun (叶雨飞) <sunyucong@gmail.com>:
>  I have read something about IPvs support such use case, with kernel tcp
> hand-off
>
> On Wed, Jul 18, 2012 at 12:22 AM, kay <kay.diam@gmail.com> wrote:
>>
>> Hello guys,
>>
>> I have very strange requirement. I need to DNAT (using RAWDNAT) the
>> already established connection (simple HTTP keepalive) to another
>> server without TCP session reestablishment.
>>
>> For example I have web0 (input gateway), web1 (primary server), web2
>> (slave server). SYN/ACK should be processed by web1, but "GET
>> HTTP/1.1" request should be passed to web2. For this purposes, I
>> guess, I need to establish fake connections on web2 which should be
>> the same as on web1. I've already implemented RAWDNAT + RAWSNAT and
>> SYN/ACK packet goes to web1 and all subsequent packets goes to web2,
>> but web2 ignores them as it doesn't know about them. Is it possible to
>> implement my requirement using conntrackd?
>>
>> Thanks in advance.
>> --
>> To unsubscribe from this list: send the line "unsubscribe netfilter" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
>

^ permalink raw reply	[flat|nested] 7+ messages in thread
* AW: conntrackd and TCP flow recovery
  2012-07-18  7:22 conntrackd and TCP flow recovery kay
       [not found] ` <CAJygYd2LoqUKa_r+DomrvrgCDJ1bDXgu=wgvXUpkjnURAE5eJw@mail.gmail.com>
@ 2012-07-18  8:09 ` Thomas Bätzler
  2012-07-18  8:13   ` kay
  1 sibling, 1 reply; 7+ messages in thread
From: Thomas Bätzler @ 2012-07-18  8:09 UTC (permalink / raw)
  To: netfilter; +Cc: kay

Hi,

kay <kay.diam@gmail.com> asked:
> I have very strange requirement. I need to DNAT (using RAWDNAT) the
> already established connection (simple HTTP keepalive) to another
> server without TCP session reestablishment.
> 
> For example I have web0 (input gateway), web1 (primary server), web2
> (slave server). SYN/ACK should be processed by web1, but "GET
> HTTP/1.1" request should be passed to web2. For this purposes, I
> guess, I need to establish fake connections on web2 which should be
> the same as on web1. I've already implemented RAWDNAT + RAWSNAT and
> SYN/ACK packet goes to web1 and all subsequent packets goes to web2,
> but web2 ignores them as it doesn't know about them. Is it possible to
> implement my requirement using conntrackd?

conntrackd is for synchronizing the connection tracking tables on a redundant pair of NAT gateways, so it's no use to you.

I imagine the problem is that the webserver on web2 doesn't know that there's an established connection that it should handle - how could it, without the tcp handshake?

Care to elaborate on what you're trying to achieve (vs. what you're tyring to do ;-))?

Cheers,
Thomas

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: conntrackd and TCP flow recovery
  2012-07-18  8:09 ` AW: " Thomas Bätzler
@ 2012-07-18  8:13   ` kay
  2012-07-18  8:17     ` Yucong Sun (叶雨飞)
  0 siblings, 1 reply; 7+ messages in thread
From: kay @ 2012-07-18  8:13 UTC (permalink / raw)
  To: netfilter

That is what I am trying to achieve. Fake TCP handshake with automatic
TCP session recovery once traffic goes to web2.

>  how could it, without the tcp handshake?

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: conntrackd and TCP flow recovery
  2012-07-18  8:13   ` kay
@ 2012-07-18  8:17     ` Yucong Sun (叶雨飞)
  2012-07-18 14:13       ` kay
  0 siblings, 1 reply; 7+ messages in thread
From: Yucong Sun (叶雨飞) @ 2012-07-18  8:17 UTC (permalink / raw)
  To: kay; +Cc: netfilter

I know what you mean, and I said in my email , this is what I see most
close to it.

http://dragon.linux-vs.org/~dragonfly/htm/tcpha.htm

On Wed, Jul 18, 2012 at 1:13 AM, kay <kay.diam@gmail.com> wrote:
>
> That is what I am trying to achieve. Fake TCP handshake with automatic
> TCP session recovery once traffic goes to web2.
>
> >  how could it, without the tcp handshake?
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: conntrackd and TCP flow recovery
  2012-07-18  8:17     ` Yucong Sun (叶雨飞)
@ 2012-07-18 14:13       ` kay
  0 siblings, 0 replies; 7+ messages in thread
From: kay @ 2012-07-18 14:13 UTC (permalink / raw)
  To: netfilter

IPVS and etc can't send handshake packet to one server and rest
packets to second one. At least I was not able even change server in
keep-alive HTTP connections, I had to Ctrl+R in Firefox to change
server.

2012/7/18 Yucong Sun (叶雨飞) <sunyucong@gmail.com>:
> I know what you mean, and I said in my email , this is what I see most
> close to it.
>
> http://dragon.linux-vs.org/~dragonfly/htm/tcpha.htm

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: conntrackd and TCP flow recovery
  2012-07-18  7:45   ` kay
@ 2012-07-18 16:19     ` Ed W
  0 siblings, 0 replies; 7+ messages in thread
From: Ed W @ 2012-07-18 16:19 UTC (permalink / raw)
  To: kay; +Cc: netfilter

On 18/07/2012 08:45, kay wrote:
> ipvs works in couple with keepalived. I don't need to balance traffic
> between web1 and web2, I need to pass matched some rule packets (and
> subsequents) to web2 transparently. Established connection should not
> be reset and client should not know about that.
>

For many situations a frontend load balancer is very lightly loaded when 
proxying through to a backend http server.  Perhaps you don't need to do 
this transparently and simply adding a high performance non transparent 
proxy would be a solution?

Good luck

Ed W

^ permalink raw reply	[flat|nested] 7+ messages in thread
end of thread, other threads:[~2012-07-18 16:19 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-07-18  7:22 conntrackd and TCP flow recovery kay
     [not found] ` <CAJygYd2LoqUKa_r+DomrvrgCDJ1bDXgu=wgvXUpkjnURAE5eJw@mail.gmail.com>
2012-07-18  7:45   ` kay
2012-07-18 16:19     ` Ed W
2012-07-18  8:09 ` AW: " Thomas Bätzler
2012-07-18  8:13   ` kay
2012-07-18  8:17     ` Yucong Sun (叶雨飞)
2012-07-18 14:13       ` kay

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.