Date: Sat, 23 Oct 2004 12:11:41 -0400 From: Chuck Swiger <cswiger@mac.com> To: Stephane Raimbault <segr@hotmail.com> Cc: net@freebsd.org Subject: Re: using natd to load balance port 80 to multiple servers Message-ID: <417A82BD.1090100@mac.com> In-Reply-To: <BAY24-F38qIfQdmEB4H0000f819@hotmail.com> References: <BAY24-F38qIfQdmEB4H0000f819@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Stephane Raimbault wrote: > I'm currently using a freebsd box running natd to forward port 80 to > several (5) web servers on private IP's. OK. > I have discovered that natd doesn't handle many requests/second all that > well (seem to choke at about 200 req/second (educated guess)) Let's take that number as being right, although the first consideration when doing performance tuning is that you need to measure things accurately enough that you can see whether a change makes a meaningful difference. There are plenty of tools available in the ports tree, although you could start with "ab" from apache. Next, you ought to read "man tuning" and look into adjusting HZ, NMBCLUSTERS in your kernel config, using any hardware support for your NICs (-link0 option) or try using device polling. You should probably investigate the net.inet sysctls, particularly those controlling retransmit time intervals net.inet.tcp.rexmit_min and the keepalive and net.inet.ip.fw.dyn*lifetime tunables. > There are other packet filtering options on FreeBSD and I wonder if I > can use them to do what I'm trying to do with natd. It's true that natd runs in userspace, which creates more overhead, so using PF instead might be worth doing, sure. > Would someone be able to point me to documentation or help me have > either ipf/ipfw/pf forward port 80 traffic to private space IP's? Consider http://www.openbsd.org/faq/pf/index.html > Is there a better way of split port 80 traffic across multiple > webservers that has elduded me? Other then a comercial content switch > that is :) Oh, sure. The most obvious solution to the problem is to give all of the servers real IPs and use some other form of balancing (DNS round-robin, or splitting the content somehow [static vs dynamicly generated?]), and avoid dealing with NAT altogether. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?417A82BD.1090100>