On Mon, 3 Mar 2008, Nicol, David wrote: > > Jacek Artymiak's "Building Firewalls with OpenBSD and PF" > book discusses load balancing setups in terms of how to > configure pf to deliver pretty much everything LVS offers.
don't use *BSD but had heard that pf can do just about anything. However I hadn't realised that pf could do LVS-like loadbalancing. If so that's pretty neat. (am downloading the pf-faq.) When netfilter became available, LVS was rewritten with the idea of being a netfilter module. This wasn't possible at least because of speed and as a result LVS sort of hangs off the side of netfilter, not completely obeying the rules. The LVS that resulted also bypassed pieces of the netfilter packet routing diagram, and so iptables rules don't always work. For historical reasons LVS was in the LOCAL_IN chain. When netfilter arrived, there were better places to put it, but since everything was working fine, for what LVS was being used for, no-one thought to move it. Whether the problems with fitting LVS into netfilter indicate netfilter limitations or not I don't know. At OLS you'll hear people discussing other possible schemes to netfilter but I don't know enough about the alternate schemes to know if they're reasonable or not. Certainly no-one has coded any of them up (that I've heard of). thanks for the pointer Joe -- Joseph Mack NA3T EME(B,D), FM05lw North Carolina jmack (at) wm7d (dot) net - azimuthal equidistant map generator at http://www.wm7d.net/azproj.shtml Homepage http://www.austintek.com/ It's GNU/Linux! _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
