using natd to load balance port 80 to multiple servers
Bill Fumerola
billf at FreeBSD.org
Sun Oct 24 22:35:45 PDT 2004
On Sun, Oct 24, 2004 at 09:50:02PM -0700, Julian Elischer wrote:
> Stephane Raimbault wrote:
> >I'm currently using a freebsd box running natd to forward port 80 to
> >several (5) web servers on private IP's.
> >
> >I have discovered that natd doesn't handle many requests/second all that
> >well (seem to choke at about 200 req/second (educated guess))
>
> use the "ipfw fwd" option to directly send the packets to the appropriate
> machine.
> Should be able to forwarrd at wire speed.
doesn't work for any configuration involving more than one backend
machine. through what magic does ipfw determine "the appropriate machine"?
it has to be consistent throughout each tcp connection..
the only way to do this entirely in ipfw (that i can think of) would be
to do something horrible like this:
frontend# ifconfig fxp0 VIRTUAL netmask 255.255.255.255 -alias
backends# ifconfig lo0 VIRTUAL netmask 255.255.255.255 -alias
frontend# ipfw add 100 fwd backend1 tcp from 0.0.0.0/2 to VIRTUAL 80
frontend# ipfw add 200 fwd backend2 tcp from 64.0.0.0/2 to VIRTUAL 80
frontend# ipfw add 300 fwd backend3 tcp from 128.0.0.0/2 to VIRTUAL 80
frontend# ipfw add 400 fwd backend4 tcp from 192.0.0.0/2 to VIRTUAL 80
which is essentially one of the world's worst load balancing algorithms.
i suppose basing it on src ports would be even worse. you could use
non-contigous masks too for "better" distribution than cutting the space
into 1/N chunks. anyways, it needs to be something that per-packet always
maps a tcp connection to the same backend server.
we could do something neat and marry ipfw dynamic rules with 'ipfw fwd'
by adding a nexthop field to the ipfw_dyn_rule, rule op codes to feed
and lookup from the table, add a least conns selection method, add a
round robin method, add the ability to point to a table of machines
(possibly allow marking a machine as 'no new connections') for picking
nexthops. that would bring us up to the basic hardware vendor
implementations available circa 1999.
--
- bill fumerola / billf at FreeBSD.org
More information about the freebsd-net
mailing list