[nf-failover] Re: [RFC] ct_sync 0.15 (corrected)

Harald Welte laforge at netfilter.org
Sat Sep 25 09:52:53 CEST 2004

On Thu, Sep 23, 2004 at 10:42:19PM -0400, jamal wrote:
> Hi Krisztian,
> I just glanced over your code (30 sec scan) and your state machine
> doesnt allow for active/active (i.e two masters).

yes, this is not a supported mode of operation in this first

> I havent actually run it - can you confirm this is impossible? 
> if ct_sync was blind i.e it just did what it was told "become master" or
> "become slave" regardless of who else is master, then it would be more
> usable - leave policy to whatever tells it to switch.

well it exactly does this, with an additional security:  A master will
be downgraded to slave as soon as another master announces itself.  This
is a security guard against invalid mode of operation.

> cheers,
> jamal

- Harald Welte <laforge at netfilter.org>             http://www.netfilter.org/
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/netfilter-devel/attachments/20040925/47499172/attachment.bin

More information about the netfilter-devel mailing list