Re: using natd to load balance port 80 to multiple servers

From: Julian Elischer (julian_at_elischer.org)
Date: 10/25/04

  • Next message: FreeBSD bugmaster: "Current problem reports assigned to you" 
    Date: Sun, 24 Oct 2004 22:43:23 -0700
To: Bill Fumerola <billf@FreeBSD.org>

    Bill Fumerola wrote:
    > On Sun, Oct 24, 2004 at 09:50:02PM -0700, Julian Elischer wrote:
    >
    >>Stephane Raimbault wrote:
    >>
    >>>I'm currently using a freebsd box running natd to forward port 80 to
    >>>several (5) web servers on private IP's.
    >>>
    >>>I have discovered that natd doesn't handle many requests/second all that
    >>>well (seem to choke at about 200 req/second (educated guess))
    >>
    >>use the "ipfw fwd" option to directly send the packets to the appropriate
    >>machine.
    >>Should be able to forwarrd at wire speed.
    >
    >
    > doesn't work for any configuration involving more than one backend
    > machine. through what magic does ipfw determine "the appropriate machine"?
    > it has to be consistent throughout each tcp connection..
    >
    > the only way to do this entirely in ipfw (that i can think of) would be
    > to do something horrible like this:
    >
    > frontend# ifconfig fxp0 VIRTUAL netmask 255.255.255.255 -alias
    > backends# ifconfig lo0 VIRTUAL netmask 255.255.255.255 -alias
    > frontend# ipfw add 100 fwd backend1 tcp from 0.0.0.0/2 to VIRTUAL 80
    > frontend# ipfw add 200 fwd backend2 tcp from 64.0.0.0/2 to VIRTUAL 80
    > frontend# ipfw add 300 fwd backend3 tcp from 128.0.0.0/2 to VIRTUAL 80
    > frontend# ipfw add 400 fwd backend4 tcp from 192.0.0.0/2 to VIRTUAL 80

    I have used noncontiguous masks and based if on purely the lowest 2 bits
    of the 3rd octet.
    worked quite well as a "quick and nasty" load balancer. certainly equal
    to using natd for the same thing with less work.

    >
    > which is essentially one of the world's worst load balancing algorithms.
    > i suppose basing it on src ports would be even worse. you could use
    > non-contigous masks too for "better" distribution than cutting the space
    > into 1/N chunks. anyways, it needs to be something that per-packet always
    > maps a tcp connection to the same backend server.

    as I said above...

    >
    > we could do something neat and marry ipfw dynamic rules with 'ipfw fwd'
    > by adding a nexthop field to the ipfw_dyn_rule, rule op codes to feed
    > and lookup from the table, add a least conns selection method, add a
    > round robin method, add the ability to point to a table of machines
    > (possibly allow marking a machine as 'no new connections') for picking
    > nexthops. that would bring us up to the basic hardware vendor
    > implementations available circa 1999.

    yep..

    >

    _______________________________________________
    freebsd-net@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-net
    To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

  • Next message: FreeBSD bugmaster: "Current problem reports assigned to you"