[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: l4ip and ipfilter
From:       Jorgen Lundman <lundman () lundman ! net>
Date:       2005-10-11 3:44:50
Message-ID: 434B3532.4050605 () lundman ! net
[Download RAW message or body]


Hi David,

"l4ip" will just pass "sticky" keyword to "ipnat" command (or, set it for 
ioctls) and has nothing to do with the functionality of ipfilter once it is in 
place. I have forwarded your message to the IPFilter mailing list so that 
perhaps someone out there with sticky-ness experience can help.

Is there a known issue with sticky flag in V4.2.x ?  I have not tried sticky 
myself, but I could certainly do so given some time.

Sincerely,

Lund


David Chuang wrote:
> Hi Lund,
>  
>    I read the source code of l4ip and (rather than recompile the code) 
> try the ipnat commands directly from the Solaris console. Somehow, the 
> commands do the round robin but does not do the stickness.
>  
> The following two rules should redirect VIP(1.1.1.1) traffic to servers 
> 2.2.2.2 and 3.3.3.3 in round-robin and also have stickness feature.
>  
>    rdr fxp0 1.1.1.1/32 port 80 -> 2.2.2.2 port 80 tcp round-robin sticky
>    rdr fxp0 1.1.1.1/32 port 80 -> 3.3.3.3 port 80 tcp round-robin sticky
>  
>   These rules will redirect traffic, say 5.5.5.5 to 2.2.2.2 and 6.6.6.6 
> to 3.3.3.3 (port 80). Then,
>  
>    all future 5.5.5.5 traffic to 1.1.1.1 will always redirected to 
> 2.2.2.2 (stickness)
>    all future 6.6.6.6 traffic to 1.1.1.1 will always redirected 
> to 3.3.3.3 (stickness)
>  
>    Somehow, during our testing of the Ipfilter (4.2.X) version, the 
> stickness does not work. Different source port from 5.5.5.5(or 
> 6.6.6.6) are directed to different destinations.
>  
>    Thanks in advance for your help.
>  
> David
>  

-- 
Jorgen Lundman       | <lundman@lundman.net>
Unix Administrator   | +81 (0)3 -5456-2687 ext 1017 (work)
Shibuya-ku, Tokyo    | +81 (0)90-5578-8500          (cell)
Japan                | +81 (0)3 -3375-1767          (home)
[prev in list] [next in list] [prev in thread] [next in thread]