Salim S I wrote:
-----Original Message-----
From: Luciano Ruete [mailto:luciano@xxxxxxxxxxxxx]
Sent: Wednesday, May 30, 2007 11:46 AM
To: Salim S I
Subject: Re: Multihome load balancing - kernel vs netfilter
On Tuesday 29 May 2007 03:16:47 you wrote:
None of the load balancing techniques I have come across seems to
cover
'IP-Persistence'. For example, a session with several connections (for
which no conntrack-helper modules exist), will have problems, as its
connections will be routed through different WAN interfaces. Some
servers are very particular about the source IP of the packets they
receive. I suspect online gaming and instant messengers will have
problems with load balancing. How is the experience of other people in
here?
A rewrite of 'recent' match to include both source and destination may
turn out to be a solution, albeit with low performance. Any other
ideas?
In this same thread a CONNMARK solution was exposed, and this same
CONNMARK
solution was openly discused several times in this list.
All the cases that you mention (online gamming, instant messenger) and
all
other that you do not mention are solved having a connection-aware
firewall,
which is capable to route over the same link packets that belongs to the
same
logical connection, this is achived perfectly using netfilter CONNMARK.
Regards!
Sorry, but it doesn't work that way.
CONNMARK needs helper modules like the ones for FTP or H.323 to really
know if connections belong to the same session. To cover all gaming and
IM apps with own helper modules is practically impossible. I remember
even MSN have had problems (timeout every 5 mins), but it seems to have
been fixed at the server level.
Could you please point out if I had missed any open discussion in the
list which covers these things?
Salim is correct, non-trackable protocols can be a major PITA. Actually
I discussed this earlier in the thread. Yes, kernel balancing due to
caching will alleviate this to a certain extent, but there will still be
surprises down the road, when a cache entry finaly expires. Besides
caching blows the entire balancing idea to bits if most users access
primarily the same resource over and over again (think of a popular
internet radio station). Furthermore neither route balancing nor the
netfilter approach will be effective for resources hosted over
_multiple_ distinct IPs (AIM is a very good example with separate
authentication and data servers). This is where the exception lists come
into play, which I also discussed. If one still wants to achieve pseudo
balancing on the exempted destinations, it is still possible with the
excellent SAME patch which makes a NAT decision based solely on an index
derived fom the size of the source pool to be NATted divided by the
number of NAT targets provided. Also note that as long as a service uses
a static range of ports, you do not even have to know all the
destination IP ranges in order to exempt it - simple port matching will do.
HTH
Peter
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
