On Tue, Jan 30, 2007 at 09:09:46AM +0100, Marian Hettwer wrote:
| <quote>
| requests go like this:
| origin -> balancer -> destination
|
| replies like this:
| destination -> origin
This sounds a lot like what certain loadbalancers call "DSR" or
"Direct Server Return". Basically, this is layer 2 NAT'ing. Here's how
it works :
You configure outside interface of the loadbalancer with a VIP, which
you also configure on lo0 on your webservers. The loadbalancer
receives a request on VIP and selects one of the webservers as the
destination (based on variable levels of intelligent selection
methods). It now forwards the IP-packet as-is to this webserver,
changing the destination MAC address in the Ethernet frame. This frame
is picked up by the destination webserver (as it has the correct MAC
address) and is acted upon by the IP layer (as the system has the VIP
configured). The webserver processes the request and returns the
answer directly to the origin, without going through the loadbalancer.
This can be beneficial in certain circumstances where your webservers
do more outgoing b/w than incoming. Say you have a big document store
(where documents are your MP3-collection or a big library of (large)
PDF's or whatnot) that you wish to serve over HTTP. Many of these
requests will fit in a 100MB/s connection. Not quite as many answers
fit in that same 100MB/s going back to the original requestor.
Aggregating 10 webservers' 100MB/s you can fill a 1GB/s link with your
loadbalancer and your webservers all at 100MB/s. This also gets you
the IP address of the requestor in your weblogs.
It would be cool if pf could support DSR. Since I'm not a programmer,
I'll shut up now because I won't be producing patches anytime soon.
Cheers,
Paul 'WEiRD' de Weerd
--
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
http://www.weirdnet.nl/
[demime 1.01d removed an attachment of type application/pgp-signature]
