Re: using natd to load balance port 80 to multiple servers

Sun, 24 Oct 2004 22:43:45 -0700

Bill Fumerola wrote: 
On Sun, Oct 24, 2004 at 09:50:02PM -0700, Julian Elischer wrote:

Stephane Raimbault wrote:

I'm currently using a freebsd box running natd to forward port 80 to several (5) web servers on private IP's.

I have discovered that natd doesn't handle many requests/second all that well (seem to choke at about 200 req/second (educated guess))

use the "ipfw fwd" option to directly send the packets to the appropriate machine.
Should be able to forwarrd at wire speed. 


doesn't work for any configuration involving more than one backend
machine. through what magic does ipfw determine "the appropriate machine"?
it has to be consistent throughout each tcp connection..

the only way to do this entirely in ipfw (that i can think of) would be
to do something horrible like this:

frontend# ifconfig fxp0 VIRTUAL netmask 255.255.255.255 -alias
backends# ifconfig lo0 VIRTUAL netmask 255.255.255.255 -alias
frontend# ipfw add 100 fwd backend1 tcp from 0.0.0.0/2 to VIRTUAL 80
frontend# ipfw add 200 fwd backend2 tcp from 64.0.0.0/2 to VIRTUAL 80
frontend# ipfw add 300 fwd backend3 tcp from 128.0.0.0/2 to VIRTUAL 80
frontend# ipfw add 400 fwd backend4 tcp from 192.0.0.0/2 to VIRTUAL 80



I have used noncontiguous masks and based if on purely the lowest 2 bits
of the  3rd octet.
worked quite well as a "quick and nasty" load balancer.  certainly equal
to using natd for the same thing with less work.


which is essentially one of the world's worst load balancing algorithms.
i suppose basing it on src ports would be even worse. you could use
non-contigous masks too for "better" distribution than cutting the space
into 1/N chunks. anyways, it needs to be something that per-packet always
maps a tcp connection to the same backend server.


as I said above...


we could do something neat and marry ipfw dynamic rules with 'ipfw fwd'
by adding a nexthop field to the ipfw_dyn_rule, rule op codes to feed
and lookup from the table, add a least conns selection method, add a
round robin method, add the ability to point to a table of machines
(possibly allow marking a machine as 'no new connections') for picking
nexthops. that would bring us up to the basic hardware vendor
implementations available circa 1999.


yep..




_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to