Date: Sun, 24 Oct 2004 22:43:23 -0700 From: Julian Elischer <julian@elischer.org> To: Bill Fumerola <billf@FreeBSD.org> Cc: net@FreeBSD.org Subject: Re: using natd to load balance port 80 to multiple servers Message-ID: <417C927B.8050304@elischer.org> In-Reply-To: <20041025053545.GJ67216@elvis.mu.org> References: <BAY24-F38qIfQdmEB4H0000f819@hotmail.com> <417C85FA.5050708@elischer.org> <20041025053545.GJ67216@elvis.mu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Bill Fumerola wrote: > On Sun, Oct 24, 2004 at 09:50:02PM -0700, Julian Elischer wrote: > >>Stephane Raimbault wrote: >> >>>I'm currently using a freebsd box running natd to forward port 80 to >>>several (5) web servers on private IP's. >>> >>>I have discovered that natd doesn't handle many requests/second all that >>>well (seem to choke at about 200 req/second (educated guess)) >> >>use the "ipfw fwd" option to directly send the packets to the appropriate >>machine. >>Should be able to forwarrd at wire speed. > > > doesn't work for any configuration involving more than one backend > machine. through what magic does ipfw determine "the appropriate machine"? > it has to be consistent throughout each tcp connection.. > > the only way to do this entirely in ipfw (that i can think of) would be > to do something horrible like this: > > frontend# ifconfig fxp0 VIRTUAL netmask 255.255.255.255 -alias > backends# ifconfig lo0 VIRTUAL netmask 255.255.255.255 -alias > frontend# ipfw add 100 fwd backend1 tcp from 0.0.0.0/2 to VIRTUAL 80 > frontend# ipfw add 200 fwd backend2 tcp from 64.0.0.0/2 to VIRTUAL 80 > frontend# ipfw add 300 fwd backend3 tcp from 128.0.0.0/2 to VIRTUAL 80 > frontend# ipfw add 400 fwd backend4 tcp from 192.0.0.0/2 to VIRTUAL 80 I have used noncontiguous masks and based if on purely the lowest 2 bits of the 3rd octet. worked quite well as a "quick and nasty" load balancer. certainly equal to using natd for the same thing with less work. > > which is essentially one of the world's worst load balancing algorithms. > i suppose basing it on src ports would be even worse. you could use > non-contigous masks too for "better" distribution than cutting the space > into 1/N chunks. anyways, it needs to be something that per-packet always > maps a tcp connection to the same backend server. as I said above... > > we could do something neat and marry ipfw dynamic rules with 'ipfw fwd' > by adding a nexthop field to the ipfw_dyn_rule, rule op codes to feed > and lookup from the table, add a least conns selection method, add a > round robin method, add the ability to point to a table of machines > (possibly allow marking a machine as 'no new connections') for picking > nexthops. that would bring us up to the basic hardware vendor > implementations available circa 1999. yep.. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?417C927B.8050304>