SLUG Mailing List Archives
Re: [SLUG] iptables and session affinity
- To: David Peterson <david.peterson@xxxxxxxxxxxxxx>
- Subject: Re: [SLUG] iptables and session affinity
- From: James Morris <jmorris@xxxxxxxxxxxxxxxx>
- Date: Tue Feb 26 12:45:02 2002
- Cc: slug@xxxxxxxxxxx
On Tue, 26 Feb 2002, David Peterson wrote:
> Hi All,
> I have a question regarding iptables and session affinity, which some of
> you may know as "sticky sessions".
> I believe for example that the linux virtual server (LVS) project
> supports load-balancing via NAT with session affinity. What this
> basically means is that I can have a linux box running LVS sitting in
> front of (say) 3 web server boxes, and when a new connection comes in,
> LVS routes it to one box for the entirety of the session - so cookies,
> session beans under JSP (tomcat) etc are all preserved. With regular
> round-robin load balancing or similar this is not the case, and plays
> havoc with session-driven websites as I am sure you all can understand.
> In LVS, the sticky session load balancing is accessed via the "ipvsadm"
> command from what I am led to believe. (I think the "-i" option but I am
> not sure).
AFAIK, this is only layer-4 persistence (i.e. TCP connection, not
> What I want to know is whether session affinity (sticky session) support
> is available in iptables?
This would require reconstructing, parsing and tracking HTTP exchanges in
the kernel -- I'm not aware of anyone working on it at this stage.