Date: Tue, 18 Jun 2002 10:49:07 -0600 (MDT) From: Randy Smith <randys@amigo.net> To: Bill Moran <wmoran@potentialtech.com> Cc: Alexander V Zubchenko <stalker@hermes-comp.zp.ua>, "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: IPFW as load balancer Message-ID: <20020618092704.Q6594-100000@stalker.amigo.net> In-Reply-To: <3D0F4B58.4030009@potentialtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 18 Jun 2002, Bill Moran wrote: > Date: Tue, 18 Jun 2002 11:01:44 -0400 > From: Bill Moran <wmoran@potentialtech.com> > To: Randy Smith <randys@amigo.net> > Cc: Alexander V Zubchenko <stalker@hermes-comp.zp.ua>, > "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> > Subject: Re: IPFW as load balancer > > Randy Smith wrote: > > >>>Is it possible to use IPFW to do load balancing? I want to do create a > >> > >>Yes it is. > >> > >> > >>>trasparent proxy to a cluster of Squid caches. I was thinking of something > >>>along the lines of: > >>> > >>>add prob .33 fwd <cacheA>,3128 tcp from <my-net> to any 80 > >>>add prob .50 fwd <cacheB>,3128 tcp from <my-net> to any 80 > >>>add fwd <cacheC>,3128 tcp from <my-net> to any 80 > >>> > >>>Does this make sense or is there a better solution? > > I doubt this will work, since individual requests can take up more than > a single IP packet, the transmission could get broken up and rendered > incoherent. Argh. You're right, of course. > Something more plausable would bet to break up your internal traffic > by subnets. i.e.: > add fwd <cacheA>,3128 tcp from 192.168.0.0/24 to any 80 > add fwd <cacheB>,3128 tcp from 192.168.1.0/24 to any 80 > add fwd <cacheC>,3128 tcp from 192.168.2.0/24 to any 80 > > On the one hand, this isn't "dynamic" load-balancing, so a single > proxy could easily be overloaded, while another is idle. It is > better than simply configuring each client seperatly, though, since > you can manually adjust the balancing at the server. > I thought of that. I'm just looking for something a bit more dynamic. I suppose I could always write the code myself. :-) I wonder if keep-state and check-state could be used to keep the packets flowing to the same cache. Is the prob option copied to dynamic rules? From sys/netinst/ip_fw.c: * There are some limitations with dynamic rules -- we do not * obey the 'randomized match', Glancing through ip_fw.c (specifically ip_fw_chk() and lookup_dyn_rule()), it appears that the probability is not checked/used for dynamic rules. (Which is probably what the comment above means.) So, if I have these rules add prob .33 fwd <cacheA>,3128 tcp from 192.168.0.0/24 to any 80 keep-state add prob .50 fwd <cacheB>,3128 tcp from 192.168.0.0/24 to any 80 keep-state add fwd <cacheC>,3128 tcp from 192.168.0.0/24 to any 80 keep-state and ipfw get a connection from e.g. 192.168.0.42 that hits the cacheA rule, does that mean ipfw would create the dynamic rule below? fwd <cacheA>,3128 tcp from 192.168.0.42 to any 80 If so, it seems to me that it would create a rule that would the forward all of the packets from the client (192.168.0.42) to cacheA. Does this make sense or am I out in left field? Thanks for the input. -- Randy Smith Amigo.Net Systems Administrator 1-719-589-6100 x 4185 http://www.amigo.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020618092704.Q6594-100000>