From: Quentin A. <Quentin.Aebischer@USherbrooke.ca> - 2012-01-18 21:28:13
|
Hello everyone, I'm a research master degree student at the University of Sherbrooke, Canada and I'm currently trying to implement a TIPC module for the Conntrack-tools (http://conntrack-tools.netfilter.org/), which allows for users to implement high-available, cluster-based stateful firewalls. My goal would be to use TIPC as protocol for the state-replication part. So far, I've successfully implemented and tested unicast TIPC sockets that communicates in a connectionless yet reliable manner (using SOCK_RDM), using functionnal addressing (names that is), and the whole thing is running perfectly as far as the traffic that runs through the cluster is not too high (that is, the number of packets/messages sent by the primary firewall equals the number of packets/messages received by the backup one). Problems appears when I'm running load-heavy benchmarks on the primary firewall ; it generates much more traffic between the firewalls (in order to propagate state changes), and there is some packets/messages lost in the process. I don't know the exact cause of this, but the problem doesn't appear when using UDP or TCP sockets instead of TIPC. No problem is showing in the system log either. I thought maybe it could come from the either the sender or receiver buffer queue being congested, but then how can I verify this ? I've read from the docs that TIPC provides some debug functions, but then you have to recompile the module and I'm not sure of whether or not it would give me relevant informations ? Thanks for reading me ! Regards, Quentin Aebischer University of Sherbrooke. Canada |