On Mon, Jul 22, 2013 at 08:52:34PM +0700, Nguyen Anh Tu wrote: > > While working with L3 network services, I found a problem in the process of > applying iptables rules. It currently works not good in my opinion. When > you apply a new rule (eg. StaticNat or Egress rule), Virtual Router backups > old rules and re-apply all of non-revoked rules related to source IP on the > new rule, including this one. It causes a slow, especially when you have a > lot of running rules. When you delete a rule, the process happens in the > same. The deleting rule is marked as "revoked", so it doesn't appear in the > list. I think we should have a better approach. >
I'd like this: but know not how java can do this or what is involved: Do you propose a diff based solution where we incrementally apply the new set of rules? Also, do you think this can be done for any configuration within the VR not just iptable rules? -- Prasanna., ------------------------ Powered by BigRock.com
