On Wednesday 28 March 2007 21:51, Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]> wrote: > On Wed, Mar 28, 2007 at 10:11:51AM +1100, Russell Coker wrote: > > Has this problem been solved for a protocol other than HTTP? In theory > > you could have a user-space TCP stack that sends data to the back-end > > server with a source address that is the same as that of the origin. Has > > anyone done this? > > If it has, I've not seen it in any RFCs nor in any of the most common > load-balancing solutions for Enterprises (all products I know of are > closed-sourced so I will not provide names) I've worked with. Most of them > avoid this issue by working inline and NATting the destination IP of > incoming requests transparently. That way they original IP address is > preserved.
An RFC would not be needed for such things. Van Jacobson has demonstrated TCP in user-space for performance reasons. dsniff is one of the packages in Debian that has user-space TCP code for sniffing data. There's nothing radically new about this idea, it's just a matter of whether it's been implemented for HA proxies. NATing connections avoids the issue of source addresses at the cost of being unable to modify data in-flight (apart from the minor modifications needed for NAT - eg the FTP module). If you want to do serious modifications to the data (EG taking a HTTPS stream from the net and then forwarding HTTP to the back-end server) then writing a kernel module isn't a good option - I don't think that Linus would accept GNUTLS in kernel-space. -- [EMAIL PROTECTED] http://etbe.blogspot.com/ My Blog http://www.coker.com.au/sponsorship.html Sponsoring Free Software development
