From owner-freebsd-cluster@FreeBSD.ORG Wed Jun 18 01:58:52 2003 Return-Path: Delivered-To: freebsd-cluster@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 76F4B37B401 for ; Wed, 18 Jun 2003 01:58:52 -0700 (PDT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.186]) by mx1.FreeBSD.org (Postfix) with ESMTP id B0F8D43FAF for ; Wed, 18 Jun 2003 01:58:51 -0700 (PDT) (envelope-from sporner@nentec.de) Received: from [212.227.126.162] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19SYmH-0001Ry-00; Wed, 18 Jun 2003 10:58:49 +0200 Received: from [80.131.138.80] (helo=gate.nentec.de) (TLSv1:EDH-RSA-DES-CBC3-SHA:168) (Exim 3.35 #1) id 19SYmH-00077i-00; Wed, 18 Jun 2003 10:58:49 +0200 Received: from nenny.nentec.de (nenny.nentec.de [153.92.64.1]) by gate.nentec.de (8.11.3/) with ESMTP id h5I8whi11842; Wed, 18 Jun 2003 10:58:43 +0200 Received: from nentec.de (andromeda.nentec.de [153.92.64.34]) by nenny.nentec.de (8.11.3/8.11.3) with ESMTP id h5I8wa028668; Wed, 18 Jun 2003 10:58:37 +0200 Message-ID: <3EF029BC.70707@nentec.de> Date: Wed, 18 Jun 2003 10:58:36 +0200 From: Andy Sporner User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2a) Gecko/20020910 X-Accept-Language: en-us, en MIME-Version: 1.0 To: gabriel_ambuehl@buz.ch References: <20030617184938.GA1078@grant.org> <3EF01187.7010709@nentec.de> <731849421.20030618104626@buz.ch> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS-perl11-milter (http://amavis.org/) cc: freebsd-cluster@freebsd.org Subject: Re: iSCSI and clustering with FreeBSD X-BeenThere: freebsd-cluster@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Clustering FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jun 2003 08:58:52 -0000 Gabriel Ambuehl wrote: >If can live with NAT, ipf/ipnat will can do this out of the box with >some >code that detects switches and changes rules accordingly. > >And with divert sockets of ipfw, you could even write you're own >userland daemon to do mangle the packets... > > I thought this too. but it only does ICMP redirects and that isn't sufficient for what I will need. Not only that some people might want to hide networks behind the load balancer. Also with the user space stuff there is a slow-down because of the context switch. I went to a presentation by Guido (??) at the BSDcon-2000 about this and he was even talking about loadable kernel modules to do this too. But the more I looked at the code the more I had the impression that what people thought about NAT was the other direction (hiding computers behind a firewall). There was some other limitation that I cannot recall at the moment. (I had originally written an interface to create files to the front end of IPFW but there was some kind of problem that basically was too deep to try to fix). Andy