Erik Nordmark wrote:
> For the ILB NAT tabkles presumably we'd just need the normal NAT
> mechanisms (look for some TCP FIN/RST sequences, and also a timer).
This is what the current code does.
> We don't plan a non-NAT stateful for phase I, right?
> When we do that we'd need some timer unrelated to the NATting.
No, phase 1 does not keep state for DSR mode except in
the case of sticky setup.
> You might want a different timer value for UDP NAT than for TCP NAT.
The current code uses different time out values for UDP
and TCP. Currently the values are not configurable (except
via mdb or /etc/system). We may want to extend an ilbadm
sub-command to change them.
> When the TCP closes (seeing the FINs, or a RST) then there isn't any
> need to send additional packets. When TCP state is removed by the timer
> it might be useful to send a RST, but it would make sense to check what
> other LBs/NATs do here.
I guess this is what Sangeeta was asking. The current code
does not do anything special in the time out case. The back
end server app is supposed to do its own clean up since this
is what it needs to do normally. We don't do any "optimization"
to avoid unnecessary complication.
--
K. Poon.
kacheong.poon at sun.com
