top | item 39234968

(no title)

Author of fck-nat here. My big issue with Alternat is that it actively updates the route table which can still cause availability problems. It's a shorter outage than the current fck-nat replacement methodology, but it is still dropping connections.

The longer term vision for fck-nat is a two node approach using conntrackd and keepalived to actively failover existing connections to the secondary with no loss of availability. This has the added benefit of not requiring all of the auxiliary infrastructure that Alternat sets up.

discuss

sakopov|2 years ago

That's an awesome update! I currently run fck-nat in pre-prod environments (and love it so far) but still use NAT gateway in production. I was actively looking into switching over to AlterNat for prod because of the failover to NAT gateway during NAT instance updates and outages, but definitely not a fan of the complexity you're eluding to. The future plans you've outlined definitely make me want to wait it out and just use fck-nat across the board. Thanks for sharing these plans!

andrewguenther|2 years ago

I don't want to get anyone too hyped on it just yet because there's still a lot of testing to be done, but hopefully will start giving some more concrete updates on "fck-nat 2.0" soon-ish!

andrewguenther|2 years ago

Also if you're open to it, I'd love to reach out and get some feedback on your experience with fck-nat, how many environments you're running it in, etc. Is that something you'd be open to? If so, what's a good way to get in touch?