Date: Thu, 20 Jun 2002 03:41:01 -0500 From: Greg Panula <greg.panula@dolaninformation.com> To: Randy Smith <randys@amigo.net> Cc: "freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org> Subject: Re: IPFW as load balancer Message-ID: <3D11951D.6FF10C28@dolaninformation.com> References: <20020619075003.W6594-100000@stalker.amigo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Randy Smith wrote: > > Hi all, > > I want to try to use IPFW to do load balancing for a transparent proxy > cluster. My first idea was to do something like this: > > add prob .33 fwd <cacheA>,3128 tcp from <my-net> to any 80 > add prob .50 fwd <cacheB>,3128 tcp from <my-net> to any 80 > add fwd <cacheC>,3128 tcp from <my-net> to any 80 > > But this won't work because the packets for one session will end up at > different caches. > > Can keep-state and check-state be used to keep the packets flowing to the > same cache. Is the prob option copied to dynamic rules? > > >From sys/netinst/ip_fw.c: > > * There are some limitations with dynamic rules -- we do not > * obey the 'randomized match', > > Glancing through ip_fw.c (specifically ip_fw_chk() and lookup_dyn_rule()), > it appears that the probability is not checked/used for dynamic rules. > (Which is probably what the comment above means.) So, if I have these > rules > > add prob .33 fwd <cacheA>,3128 tcp from 192.168.0.0/24 to any 80 keep-state > add prob .50 fwd <cacheB>,3128 tcp from 192.168.0.0/24 to any 80 keep-state > add fwd <cacheC>,3128 tcp from 192.168.0.0/24 to any 80 keep-state > > and ipfw get a connection from e.g. 192.168.0.42 that hits the cacheA > rule, does that mean ipfw would create the dynamic rule below? > > fwd <cacheA>,3128 tcp from 192.168.0.42 to any 80 > > If so, it seems to me that it would create a rule that would forward all > of the packets from the client (192.168.0.42) to cacheA. Does this make > sense or am I out in left field? > > Thanks for the input. I think you're still going to run into session problem(s). The interaction between the cache and the client is still basically request a page, close the connection. The closing of the connection kills the stateful rule. If the client is visiting a website that uses session variables and the client's proxy server keeps changing there could be problems... depends on how the website is keeping track of session variables and/or if they are doing load-balancing based on the client's IP address. Just my two bits worth, Greg To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D11951D.6FF10C28>