None of the load balancing techniques I have come across seems to cover 'IP-Persistence'. For example, a session with several connections (for which no conntrack-helper modules exist), will have problems, as its connections will be routed through different WAN interfaces. Some servers are very particular about the source IP of the packets they receive. I suspect online gaming and instant messengers will have problems with load balancing. How is the experience of other people in here? A rewrite of 'recent' match to include both source and destination may turn out to be a solution, albeit with low performance. Any other ideas? -----Original Message----- From: lartc-bounces@xxxxxxxxxxxxxxx [mailto:lartc-bounces@xxxxxxxxxxxxxxx] On Behalf Of Luciano Ruete Sent: Tuesday, May 22, 2007 11:28 AM To: lartc@xxxxxxxxxxxxxxx Subject: Re: Multihome load balancing - kernel vs netfilter On Monday 14 May 2007 02:57, Peter Rabbitson wrote: > Hi, > I have searched the archives on the topic, and it seems that the list > gurus favor load balancing to be done in the kernel as opposed to other > means. AFAIKR there aren't conflicting opinions, there are just to different aproaches and i belive that routing solution is user cause it was the first and because sounds logical to implement multipath with your routing tool. But iptables has become in a routing tool so far (and much more). Personaly im using multipath, but i do not dislike the iptables aproach. > I have been using a home-grown approach, which splits traffic > based on `-m statistic --mode random --probability X`, then CONNMARKs > the individual connections and the kernel happily routes them. I > understand that for > 2 links it will become impractical to calculate a > correct X. well, is not impractical with a litle of scripting in your firewal... #!/bin/bash # your uplinks weight as in kernel multipath # ie: link1 link2 link3 link4 link5 weight=" 1 2 1 3 5 " weight_total= for n in $weight ; do let weight_total=weight_total+n done for n in $weight ; do probability=$((n*100/weight_total)) echo iptables.. -m statistic --mode random --probability $probability done but the problem arraise when you have lets say 101 links, cause mode random takes a 2 digit number right?, but this can be changed in the code (use the source...) > But if we only have 2 gateways to the internet - are there > any advantages in letting the kernel multipath scheduler do the > balancing (with all the downsides of route caching), as opposed to the > pure random approach described above? Well, the disvantage i see is that you have to move all your routing rules to iptables space, but in the end you always need the routing table, but it is a mather of change old habits... -- Luciano _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
