Re: using natd to load balance port 80 to multiple servers
From: Bill Fumerola (billf_at_FreeBSD.org)
Date: 10/25/04
- Previous message: Julian Elischer: "Re: using natd to load balance port 80 to multiple servers"
- In reply to: Julian Elischer: "Re: using natd to load balance port 80 to multiple servers"
- Next in thread: Julian Elischer: "Re: using natd to load balance port 80 to multiple servers"
- Reply: Julian Elischer: "Re: using natd to load balance port 80 to multiple servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sun, 24 Oct 2004 22:35:45 -0700 To: Julian Elischer <julian@elischer.org>
On Sun, Oct 24, 2004 at 09:50:02PM -0700, Julian Elischer wrote:
> Stephane Raimbault wrote:
> >I'm currently using a freebsd box running natd to forward port 80 to
> >several (5) web servers on private IP's.
> >
> >I have discovered that natd doesn't handle many requests/second all that
> >well (seem to choke at about 200 req/second (educated guess))
>
> use the "ipfw fwd" option to directly send the packets to the appropriate
> machine.
> Should be able to forwarrd at wire speed.
doesn't work for any configuration involving more than one backend
machine. through what magic does ipfw determine "the appropriate machine"?
it has to be consistent throughout each tcp connection..
the only way to do this entirely in ipfw (that i can think of) would be
to do something horrible like this:
frontend# ifconfig fxp0 VIRTUAL netmask 255.255.255.255 -alias
backends# ifconfig lo0 VIRTUAL netmask 255.255.255.255 -alias
frontend# ipfw add 100 fwd backend1 tcp from 0.0.0.0/2 to VIRTUAL 80
frontend# ipfw add 200 fwd backend2 tcp from 64.0.0.0/2 to VIRTUAL 80
frontend# ipfw add 300 fwd backend3 tcp from 128.0.0.0/2 to VIRTUAL 80
frontend# ipfw add 400 fwd backend4 tcp from 192.0.0.0/2 to VIRTUAL 80
which is essentially one of the world's worst load balancing algorithms.
i suppose basing it on src ports would be even worse. you could use
non-contigous masks too for "better" distribution than cutting the space
into 1/N chunks. anyways, it needs to be something that per-packet always
maps a tcp connection to the same backend server.
we could do something neat and marry ipfw dynamic rules with 'ipfw fwd'
by adding a nexthop field to the ipfw_dyn_rule, rule op codes to feed
and lookup from the table, add a least conns selection method, add a
round robin method, add the ability to point to a table of machines
(possibly allow marking a machine as 'no new connections') for picking
nexthops. that would bring us up to the basic hardware vendor
implementations available circa 1999.
-- - bill fumerola / billf@FreeBSD.org _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Julian Elischer: "Re: using natd to load balance port 80 to multiple servers"
- In reply to: Julian Elischer: "Re: using natd to load balance port 80 to multiple servers"
- Next in thread: Julian Elischer: "Re: using natd to load balance port 80 to multiple servers"
- Reply: Julian Elischer: "Re: using natd to load balance port 80 to multiple servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
