Re: help on load balancing

[Paweł Staszewski <pstaszewski@xxxxxxxxx>]

Try do install 3 squid instances and on every squid.conf insert 
different tcp_outgoind_address of your dsl links


Next try to balance per tcp(80) session  to all  squid instances:

$ipt -t nat -A squid -p tcp --dport 80 -m nth --counter 7 --every 3 
--packet 0 -j DNAT --to 192.168.0.1:8080
$ipt -t nat -A squid -p tcp --dport 80 -m nth --counter 7 --every 3 
--packet 1 -j DNAT --to 192.168.0.1:8081
$ipt -t nat -A squid -p tcp --dport 80 -m nth --counter 7 --every 3 
--packet 2 -j DNAT --to 192.168.0.1:8082

$ipt -t nat -A PREROUTING -i eth4 -s 10.0.0.0/8 -p tcp --dport 80 -m 
state --state NEW -j squid

the: "-m state --state NEW" param is important ... because you must 
balance over "tcp session" not "per packet"

But with this configuration some sites will have problems to load like 
https ... because source of your ip will be change from dsl 1 to dsl 2 
and dsl 3





wlagmay@xxxxxxxxxxxxx wrote:

> I'm already using http://www.ssi.bg/~ja, this is from Julian Anatasov right, but
> my problem here, in most of the cases it needs to fully utilized the 1st lint
> prior to shifting to the second link.
>
> Regards,
>
> Wennie
>
> Quoting Paweł Staszewski <pstaszewski@xxxxxxxxx>:
>
>  
>
> > You can't do load balance across 4 dsl link "per packet" ....
> > Only per session.
> >
> > If your isp is doing reverse path filtering .
> >
> >
> > Try routes patch from : http://www.ssi.bg/~ja/
> >
> > And it will be working fine :)
> >
> >
> > Rob Sterenborg wrote:
> >
> >    
> >
> > > On Thu, December 15, 2005 14:21, wlagmay@xxxxxxxxxxxxx wrote:
> > >
> > >
> > >      
> > >
> > > > Hi Rob,
> > > >
> > > > Im sorry, I forgot to inform you that the clients are not using this
> > > > 3 lines to go directly to the internet, instead the on the same
> > > > machine I install Squid proxy server, hoping that with the load
> > > > balance technique, squid can take advantage of the connection
> > > > simultaneously, so my problem actualy is the squid
> > > > to use the 3 lines simutaneously.
> > > >
> > > >
> > > >        
> > > I haven't used it myself so I'm a bit guessing here ; you may be able
> > > to alter locally generated packets (from Squid) using the ROUTE target
> > > combined with the nth match in the OUTPUT chain of the mangle table so
> > > the packets are diverted over the 3 NIC's.
> > >
> > > Something like :
> > >
> > > iptables -t mangle -A OUTPUT -o eth0 -m nth --counter 7 \
> > > --every 3 --packet 0 -j ROUTE --oif eth0
> > >
> > > iptables -t mangle -A OUTPUT -o eth0 -m nth --counter 7 \
> > > --every 3 --packet 1 -j ROUTE --oif eth1
> > >
> > > iptables -t mangle -A OUTPUT -o eth0 -m nth --counter 7 \
> > > --every 3 --packet 2 -j ROUTE --oif eth2
> > >
> > > (Where eth3 is your LAN NIC.)
> > >
> > >
> > > Gr,
> > > Rob
> > >
> > >
> > >
> > >
> > >      
> > >
> > > > Quoting Rob Sterenborg <rob@xxxxxxxxxxxxxxx>:
> > > >
> > > >
> > > >
> > > >        
> > > >
> > > > > On Thu, December 15, 2005 12:32, wlagmay@xxxxxxxxxxxxx wrote:
> > > > > ...
> > > > >
> > > > >
> > > > >          
> > > > >
> > > > > > Squid proxy, Im monitoring the 4 ports via MRTG and I noticed that
> > > > > > before It goes to link 2, link 1 must be saturated first or link1
> > > > > > will stop and the request is only transfered to link 2. So it
> > > > > >
> > > > > >
> > > > > >            
> > > > > seems
> > > > >
> > > > >
> > > > >          
> > > > >
> > > > > > that it is not doing a load balance, my idea of load balance is
> > > > > > utilizing the 3 lines simultaneously.
> > > > > >
> > > > > >
> > > > > >            
> > > > > ...
> > > > >
> > > > > Perhaps you can use the nth patch.
> > > > > http://www.netfilter.org/projects/patch-o-matic/pom-base.html#pom-base-nth
> > > > >
> > > > >
> > > > > Gr,
> > > > > Rob
> > > > >
> > > > >
> > > > >          
> > >
> > >
> > >      
> >
> >    
>
>
>
>
>
>
>
>