Brian J. Murrell
2010-Sep-14 00:08 UTC
flush conntrack table after multi-isp link restore?
So, let''s say you have dual links to two ISPs providing you with two different IP addresses (i.e. rather than real multipoint routing to a single network) and further assume you have them configured so that one of the links is considered your "primary" link and takes the bulk of your traffic (i.e. no load balancing). Now, Let''s say your "primary" link fails and your "fallback" link takes over (either due to manual jiggering or something like LSM) successfully. Connections will be re-connected through the fallback link and work just fine. At some time, the "primary" link is restored. New connections will go through the newly restored primary link, however existing connections will continue to go through the fallback link. What''s the general consensus on this? Do you just let those connections continue to use the backup link until they terminate and are regenerated, at which time they will use the primary link? Or are some people removing entries from/flushing the conntrack table to get existing connections to reconnect through the primary link? b. ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev
On 9/13/10 5:08 PM, Brian J. Murrell wrote:> So, let''s say you have dual links to two ISPs providing you with two > different IP addresses (i.e. rather than real multipoint routing to a > single network) and further assume you have them configured so that one > of the links is considered your "primary" link and takes the bulk of > your traffic (i.e. no load balancing). > > Now, Let''s say your "primary" link fails and your "fallback" link takes > over (either due to manual jiggering or something like LSM) > successfully. Connections will be re-connected through the fallback > link and work just fine. > > At some time, the "primary" link is restored. New connections will go > through the newly restored primary link, however existing connections > will continue to go through the fallback link. > > What''s the general consensus on this? Do you just let those connections > continue to use the backup link until they terminate and are > regenerated, at which time they will use the primary link? Or are some > people removing entries from/flushing the conntrack table to get > existing connections to reconnect through the primary link?I didn''t worry about them. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev