Re: Load Balance

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 05/17/11 12:00, Usuário do Sistema wrote:

but I still wonder what is the metric used to do the load balance I
guess that the point is in line below
(I'd have to go back and re-read to know for sure what the "metric" is that you are referring to and how it effects things.) 


iptables -t mangle -A PREROUTING -p tcp -m state --state NEW -m
statistic --mode nth --every 2 --packet 0 -j CONNMARK1
iptables -t mangle -A PREROUTING -p tcp -m state --state NEW -m
statistic --mode nth --every 2 --packet 1 -j CONNMARK2

I understand that each  two new connections the third go out to next
link making the load balance.

right ??


In (basic) theory, yes.
If we limit the scope to be just new connections (that will match the above rules), yes, they will alternate between the connections (via marks) thus hypothetically equalizing the load on the connections.
The thing that this does not take in to account is what type of traffic a given connection is nor how long lived and active it is.
Let's say that I have the following (new) connections in the following sequence. 

  1)  Simple SMTP test email.
  2)  HTTP download of kernel source.
  3)  Simple DNS query.
  4)  VPN connection.
You will find that connections #1 and #3 are marked with CONNMARK1 and that connections #2 and #4 are marked with CONNMARK2. So what you end up with is two very ""light connections on CONNMARK1 and two much heavier connections on CONNMARK2.
The connections did end up "load balanced" (in a manner of speaking), or "distributed" (is probably a better way to describe it) across the multiple CONNMARKs. However, if you look at the utilization of the two CONNMARKs or the physical connections they represent, you will find that one is way under utilized and the other is probably saturated.
However, with out doing some relatively nasty things (i.e. spoofing which requires support upstream) there is little that you can do about this.
So, you do end up distributing the connections, but not necessarily load balancing. 


thank!


You are welcome.



Grant. . . .
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux