pf (+ relayd?) as lvs replacement

[Mohacsi Janos]

On Fri, 25 Apr 2008, CZUCZY Gergely wrote:

> Adding IPv6 support to a project like this is usually a trivial thing
> to do, nothing special. IMHO the cause of the lack of this feature in
> many projects is the lack of requirement. Nobody tells the developers
> that IPv6 support is needed. So, not a big deal.

<offtopic>
I am not quite sure, that adding IPv6 is trivial:
- Few years ago I had a look at squid about IPv6 support -  difficult.
- Adding IPv6 support to LVS - extremely complex.
- Adding IPv6 support to snort - took almost 2 years!

If the networking code is unreadable, or using int as a storage for IP 
address, then you are out of luck - better to change other software...
</offtopic>

Best Regards,
 		Janos Mohacsi



>
> On Fri, 25 Apr 2008 17:06:21 +0200 (CEST)
> Mohacsi Janos <mohacsi at niif.hu> wrote:
>
>>
>>
>>
>> On Fri, 25 Apr 2008, CZUCZY Gergely wrote:
>>
>>> Hello,
>>>
>>> A somewhat similar can be achived using relayd, but this kind of
>>> load balancing shouldn't be done on L2/L3 level. This kind of load
>>> balancing should be done on Layer7 with some application level load
>>> balancers. That way you can also do more then this (like sanitizing
>>> the requests before they get to the actual servers).
>>>
>>> Some projects exists out there to do this, like pound[1], or also
>>> nginx has some features for this propose, and even apache2.2 is
>>> being extended into this direction.
>>
>> Most of these projects don't have IPv6 support, whil pf has IPv6
>> support builtin. We are using pf for load balancing HTTP for more
>> than a years now, successfully.
>>
>> Best Regards,
>>
>>
>> Janos Mohacsi
>> Network Engineer, Research Associate, Head of Network Planning and
>> Projects NIIF/HUNGARNET, HUNGARY
>> Key 70EF9882: DEC2 C685 1ED4 C95A 145F  4300 6F64 7B00 70EF 9882
>>
>
>
> -- 
>
> Sincerely,
>
> Gergely CZUCZY,
> Harmless Digital
> mailto: gergely.czuczy at harmless.hu
>
> Legacy software is software that works.
>