[netfilter-cvslog] r6842 - in trunk/conntrack-tools: .
examples/sync/nack
pablo at netfilter.org
pablo at netfilter.org
Wed May 23 22:01:18 CEST 2007
Author: pablo at netfilter.org
Date: 2007-05-23 22:01:18 +0200 (Wed, 23 May 2007)
New Revision: 6842
Modified:
trunk/conntrack-tools/INSTALL
trunk/conntrack-tools/TODO
trunk/conntrack-tools/examples/sync/nack/script_fault.sh
Log:
- update TODO list
- update INSTALL
- use conntrack instead of conntrackd to flush the conntrack table
Modified: trunk/conntrack-tools/INSTALL
===================================================================
--- trunk/conntrack-tools/INSTALL 2007-05-23 10:11:09 UTC (rev 6841)
+++ trunk/conntrack-tools/INSTALL 2007-05-23 20:01:18 UTC (rev 6842)
@@ -41,9 +41,9 @@
$ make
# make install
- Up to this point, the command line interface `conntrack' is ready for use.
- However, the userspace daemon so-called `conntrackd' requires some magic
- speells to get it working.
+ Up to this point, the command line interface `conntrack' is ready for use,
+ see man conntrack(8). However, the userspace daemon so-called `conntrackd'
+ requires some magic spells to get it working.
3.Setting up conntrackd
=======================
@@ -68,8 +68,8 @@
There is an example file available inside the conntrackd tarball:
- For node 1: conntrackd-x.x.x/examples/sync/node1/keepalived.conf
- For node 2: conntrackd-x.x.x/examples/sync/node2/keepalived.conf
+ For node 1: conntrackd-x.x.x/examples/sync/_type_/node1/keepalived.conf
+ For node 2: conntrackd-x.x.x/examples/sync/_type_/node2/keepalived.conf
These files can be used to set up a simple VRRP cluster composed of
two machines that hold the virtual IPs 192.168.0.100 on eth0 and
@@ -94,8 +94,9 @@
Where _type_ is the synchronization type selected, currently there are
two: the persistent mode and the NACK mode. The persistent mode consumes
- more resources than the NACK mode, however the NACK mode is still
- experimental
+ more resources than the NACK mode but resolves synchronization issues
+ better. On the other the NACK mode reduces resource consumption. I'll
+ provide more information on both approaches soon.
Do not forget to edit the files in order to adapt them to the
setting that you are deploying.
Modified: trunk/conntrack-tools/TODO
===================================================================
--- trunk/conntrack-tools/TODO 2007-05-23 10:11:09 UTC (rev 6841)
+++ trunk/conntrack-tools/TODO 2007-05-23 20:01:18 UTC (rev 6842)
@@ -1,18 +1,29 @@
There are several tasks that are pending to be done, I have classified them
by dificulty levels:
-Relatively easy
-===============
+= Relatively easy =
+ * add syslog support (based on Simon Lodal's patch)
+ * improve shell scripts for keepalived/heartbeat: *really* important
+ * use NACK based protocol, feedback: call pablo :-)
+ * manpage for conntrackd(8)
+ * use the floating priority feature in keepalived to avoid premature
+ take over.
-- test ipv6 support
-- improve shell scripts
-- test NACK based protocol
-- manpage for conntrackd
+= Requires some work =
+ * study better keepalived transitions
+ * test/fix ipv6 support
+ * have a look at open issues
+ * implement support for TCP window tracking (patches are on the table) at
+ the moment you have to disable it:
-Requires some work
-==================
+ echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal
-- study better keepalived transitions
-- implement support for TCP window tracking (patches are on the table)
- - at the moment you have to disable it:
- echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal
+= Requires kernel patches =
+ * setup master conntrack to match IPCT_RELATED
+
+= Open issues =
+ * unsupported iptables matches:
+ * connbytes: probably the persistent may support it
+ * recent: requires further study
+ * quota: private data counters
+ * connection tracking NAT helpers: sequence adjustment issues (?)
Modified: trunk/conntrack-tools/examples/sync/nack/script_fault.sh
===================================================================
--- trunk/conntrack-tools/examples/sync/nack/script_fault.sh 2007-05-23 10:11:09 UTC (rev 6841)
+++ trunk/conntrack-tools/examples/sync/nack/script_fault.sh 2007-05-23 20:01:18 UTC (rev 6842)
@@ -1,4 +1,4 @@
#!/bin/sh
/usr/sbin/conntrackd -f
-/usr/sbin/conntrackd -F
+/usr/sbin/conntrack -F
More information about the netfilter-cvslog
mailing list