Changes

586 bytes added ,  06:41, 14 October 2014
Line 50: Line 50:  
in the host netfilter tables after the criu dump command finishes and it should be there when you issue the
 
in the host netfilter tables after the criu dump command finishes and it should be there when you issue the
 
criu restore one.
 
criu restore one.
 +
 +
Another thing to note is -- on restore there should be available the IP address, that was used by the connection.
 +
This is automatically so if restore happens on the same box as dump. In case of hand-made live migration the
 +
IP address should be copied too.
    
That said, the command line option <code>--tcp-established</code> should be used when calling criu to explicitly state, that the
 
That said, the command line option <code>--tcp-established</code> should be used when calling criu to explicitly state, that the
 
caller is aware of this "transitional" state of the netfilter.
 
caller is aware of this "transitional" state of the netfilter.
 +
 +
In case the target process lives in NET namespace the connection locking happens the other way. Instead of
 +
per-connection iptables rules the "network-lock"/"network-unlock" [[action scripts]] are called so that the user
 +
could isolate the whole netns from network. Typically this is done by downing the respective veth pair end.
    
== More info ==
 
== More info ==