potwierdzam, odkąd zrobiłem u nas dnetmap i ipset przeladowanie nie powoduje przerw u klientow,
mam pare tablic ipset, wszystkie przeladowujemy swapem, skryptami o podobnej budowie do tego:
echo "Starting ipset mac table generator"
echo -ne " - creating temporary table and generating data: "
for i in `cat ${0%$START_FILE}rc.fire_mac | grep ^[^#] | cut -d'#' -f1`
do
if [ ! `echo $i | grep eth` == "" ] || [ ! `echo $i | grep wlan` == "" ] || [ ! `echo $i | grep wifi` == "" ] || [ ! `echo $i | grep vlan` == "" ]; then
INTERFACE=`echo $i | cut -d'-' -f1`
NET=`echo $i | cut -d'-' -f2`
if [ `/usr/local/sbin/ipset -L -n |grep -c ^mactable-$INTERFACE-new$` == '1' ]; then
/usr/local/sbin/ipset -X mactable-$INTERFACE-new
/usr/local/sbin/ipset -N mactable-$INTERFACE-new macipmap --network $NET
else
/usr/local/sbin/ipset -N mactable-$INTERFACE-new macipmap --network $NET
fi
echo -ne "$INTERFACE"
else
IP=`echo $i | cut -d'-' -f1`
MAC=`echo $i | cut -d'-' -f2`
/usr/local/sbin/ipset -A mactable-$INTERFACE-new $IP,$MAC -exist
echo -ne "#"
fi
done
echo " done"
echo -ne " - switching table: "
for i in `cat ${0%$START_FILE}rc.fire_mac | grep ^[^#] | cut -d'#' -f1`
do
if [ ! `echo $i | grep eth` == "" ] || [ ! `echo $i | grep wlan` == "" ] || [ ! `echo $i | grep wifi` == "" ] || [ ! `echo $i | grep vlan` == "" ]; then
INTERFACE=`echo $i | cut -d'-' -f1`
NET=`echo $i | cut -d'-' -f2`
if [ `/usr/local/sbin/ipset -L -n |grep -c ^mactable-$INTERFACE$` == "0" ]; then
/usr/local/sbin/ipset -N mactable-$INTERFACE macipmap --network $NET
fi
/usr/local/sbin/ipset -W mactable-$INTERFACE mactable-$INTERFACE-new
/usr/local/sbin/ipset -X mactable-$INTERFACE-new
echo -ne "#"
fi
done
echo " done"