RE: [LARTC] Multihome load balancing - kernel vs netfilter

["Salim S I" <salim.si@cipherium.com.tw>]

None of the load balancing techniques I have come across seems to cover
'IP-Persistence'. For example, a session with several connections (for
which no conntrack-helper modules exist), will have problems, as its
connections will be routed through different WAN interfaces. Some
servers are very particular about the source IP of the packets they
receive. I suspect online gaming and instant messengers will have
problems with load balancing. How is the experience of other people in
here?

A rewrite of 'recent' match to include both source and destination may
turn out to be a solution, albeit with low performance. Any other ideas?

-----Original Message-----
From: lartc-bounces@mailman.ds9a.nl
[mailto:lartc-bounces@mailman.ds9a.nl] On Behalf Of Luciano Ruete
Sent: Tuesday, May 22, 2007 11:28 AM
To: lartc@mailman.ds9a.nl
Subject: Re: [LARTC] Multihome load balancing - kernel vs netfilter

On Monday 14 May 2007 02:57, Peter Rabbitson wrote:
> Hi,
> I have searched the archives on the topic, and it seems that the list
> gurus favor load balancing to be done in the kernel as opposed to
other
> means. 

AFAIKR there aren't conflicting opinions, there are just to different 
aproaches and i belive that routing solution is user cause it was the
first 
and because sounds logical to implement multipath with your routing
tool. 
But iptables has become in a routing tool so far (and much more).

Personaly im using multipath, but i do not dislike the iptables aproach.

> I have been using a home-grown approach, which splits traffic 
> based on `-m statistic --mode random --probability X`, then CONNMARKs
> the individual connections and the kernel happily routes them. I
> understand that for > 2 links it will become impractical to calculate
a
> correct X. 

well, is not impractical with a litle of scripting in your firewal...
#!/bin/bash
# your uplinks weight as in kernel multipath
# ie:   link1 link2 link3 link4 link5
weight="  1     2     1     3     5  "
weight_total=
for n in $weight ; do
        let weight_total=weight_total+n
done
for n in $weight ; do
        probability=$((n*100/weight_total))
        echo iptables.. -m statistic --mode random --probability
$probability
done


but the problem arraise when you have lets say 101 links, cause mode
random 
takes a 2 digit number right?, but this can be changed in the code (use
the 
source...)

> But if we only have 2 gateways to the internet - are there 
> any advantages in letting the kernel multipath scheduler do the
> balancing (with all the downsides of route caching), as opposed to the
> pure random approach described above?

Well, the disvantage i see is that you have to move all your routing
rules to 
iptables space, but in the end you always need the routing table, but it
is a 
mather of change old habits...

-- 
Luciano
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc


_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc