using natd to load balance port 80 to multiple servers

[Chuck Swiger]

Stephane Raimbault wrote:
> I'm currently using a freebsd box running natd to forward port 80 to 
> several (5) web servers on private IP's.

OK.

> I have discovered that natd doesn't handle many requests/second all that 
> well (seem to choke at about 200 req/second (educated guess))

Let's take that number as being right, although the first consideration when 
doing performance tuning is that you need to measure things accurately enough 
that you can see whether a change makes a meaningful difference.

There are plenty of tools available in the ports tree, although you could 
start with "ab" from apache.

Next, you ought to read "man tuning" and look into adjusting HZ, NMBCLUSTERS 
in your kernel config, using any hardware support for your NICs (-link0 
option) or try using device polling.

You should probably investigate the net.inet sysctls, particularly those 
controlling retransmit time intervals net.inet.tcp.rexmit_min and the 
keepalive and net.inet.ip.fw.dyn*lifetime tunables.

> There are other packet filtering options on FreeBSD and I wonder if I 
> can use them to do what I'm trying to do with natd.

It's true that natd runs in userspace, which creates more overhead, so using 
PF instead might be worth doing, sure.

> Would someone be able to point me to documentation or help me have 
> either ipf/ipfw/pf forward port 80 traffic to private space IP's?

Consider http://www.openbsd.org/faq/pf/index.html

> Is there a better way of split port 80 traffic across multiple 
> webservers that has elduded me?  Other then a comercial content switch 
> that is :)

Oh, sure.

The most obvious solution to the problem is to give all of the servers real 
IPs and use some other form of balancing (DNS round-robin, or splitting the 
content somehow [static vs dynamicly generated?]), and avoid dealing with NAT 
altogether.

-- 
-Chuck