[nf-failover] Re: [RFC] ct_sync 0.15 (corrected)

Tobias DiPasquale codeslinger at gmail.com
Tue Sep 28 13:58:55 CEST 2004

On Tue, 28 Sep 2004 08:46:25 +0200 (CEST), Henrik Nordstrom
<hno at marasystems.com> wrote:
> No, this is about a different issue entirely.
> Lets assume you have two Active-Active gateways G and H, two clients A and
> B and one server S. On the gateway NAT is used to masquerade all traffic
> to a single external IP address.
> Due to the Active-Active setup traffic from A goes via the gateway G and
> traffic from B goes via H.
> Now you have a SYN from A,31285 to S,80 and also a SYN sent by B,31285 to
> S,80. You then end up with two identical NAT assignments and the two
> connections will conflict with each other.

Why use NAT at all for active-active? Its pretty slow in comparison to
the shared MAC/IP schema delineated at UltraMonkey.org:


Am I missing something? Is NAT required for some reason?

[ Tobias DiPasquale ]

More information about the netfilter-devel mailing list