Date: Sun, 24 Oct 2004 22:35:45 -0700 From: Bill Fumerola <billf@FreeBSD.org> To: Julian Elischer <julian@elischer.org> Cc: net@freebsd.org Subject: Re: using natd to load balance port 80 to multiple servers Message-ID: <20041025053545.GJ67216@elvis.mu.org> In-Reply-To: <417C85FA.5050708@elischer.org> References: <BAY24-F38qIfQdmEB4H0000f819@hotmail.com> <417C85FA.5050708@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Oct 24, 2004 at 09:50:02PM -0700, Julian Elischer wrote: > Stephane Raimbault wrote: > >I'm currently using a freebsd box running natd to forward port 80 to > >several (5) web servers on private IP's. > > > >I have discovered that natd doesn't handle many requests/second all that > >well (seem to choke at about 200 req/second (educated guess)) > > use the "ipfw fwd" option to directly send the packets to the appropriate > machine. > Should be able to forwarrd at wire speed. doesn't work for any configuration involving more than one backend machine. through what magic does ipfw determine "the appropriate machine"? it has to be consistent throughout each tcp connection.. the only way to do this entirely in ipfw (that i can think of) would be to do something horrible like this: frontend# ifconfig fxp0 VIRTUAL netmask 255.255.255.255 -alias backends# ifconfig lo0 VIRTUAL netmask 255.255.255.255 -alias frontend# ipfw add 100 fwd backend1 tcp from 0.0.0.0/2 to VIRTUAL 80 frontend# ipfw add 200 fwd backend2 tcp from 64.0.0.0/2 to VIRTUAL 80 frontend# ipfw add 300 fwd backend3 tcp from 128.0.0.0/2 to VIRTUAL 80 frontend# ipfw add 400 fwd backend4 tcp from 192.0.0.0/2 to VIRTUAL 80 which is essentially one of the world's worst load balancing algorithms. i suppose basing it on src ports would be even worse. you could use non-contigous masks too for "better" distribution than cutting the space into 1/N chunks. anyways, it needs to be something that per-packet always maps a tcp connection to the same backend server. we could do something neat and marry ipfw dynamic rules with 'ipfw fwd' by adding a nexthop field to the ipfw_dyn_rule, rule op codes to feed and lookup from the table, add a least conns selection method, add a round robin method, add the ability to point to a table of machines (possibly allow marking a machine as 'no new connections') for picking nexthops. that would bring us up to the basic hardware vendor implementations available circa 1999. -- - bill fumerola / billf@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041025053545.GJ67216>