[nf-failover] Re: [RFC] ct_sync 0.15 (corrected)

Tobias DiPasquale codeslinger at gmail.com
Tue Sep 28 13:58:55 CEST 2004


On Tue, 28 Sep 2004 08:46:25 +0200 (CEST), Henrik Nordstrom
<hno at marasystems.com> wrote:
> No, this is about a different issue entirely.
> 
> Lets assume you have two Active-Active gateways G and H, two clients A and
> B and one server S. On the gateway NAT is used to masquerade all traffic
> to a single external IP address.
> 
> Due to the Active-Active setup traffic from A goes via the gateway G and
> traffic from B goes via H.
> 
> Now you have a SYN from A,31285 to S,80 and also a SYN sent by B,31285 to
> S,80. You then end up with two identical NAT assignments and the two
> connections will conflict with each other.

Why use NAT at all for active-active? Its pretty slow in comparison to
the shared MAC/IP schema delineated at UltraMonkey.org:

http://www.ultramonkey.org/papers/active_active/active_active.shtml

Am I missing something? Is NAT required for some reason?

-- 
[ Tobias DiPasquale ]
0x636f6465736c696e67657240676d61696c2e636f6d



More information about the netfilter-devel mailing list