Thank for everyone!! until next issue 2011/5/17 Grant Taylor <gtaylor@xxxxxxxxxxxxxxxxx>: > On 05/17/11 12:00, Usuário do Sistema wrote: >> >> but I still wonder what is the metric used to do the load balance I >> guess that the point is in line below > > (I'd have to go back and re-read to know for sure what the "metric" is that > you are referring to and how it effects things.) > >> iptables -t mangle -A PREROUTING -p tcp -m state --state NEW -m >> statistic --mode nth --every 2 --packet 0 -j CONNMARK1 >> iptables -t mangle -A PREROUTING -p tcp -m state --state NEW -m >> statistic --mode nth --every 2 --packet 1 -j CONNMARK2 >> >> I understand that each two new connections the third go out to next >> link making the load balance. >> >> right ?? > > In (basic) theory, yes. > > If we limit the scope to be just new connections (that will match the above > rules), yes, they will alternate between the connections (via marks) thus > hypothetically equalizing the load on the connections. > > The thing that this does not take in to account is what type of traffic a > given connection is nor how long lived and active it is. > > Let's say that I have the following (new) connections in the following > sequence. > > 1) Simple SMTP test email. > 2) HTTP download of kernel source. > 3) Simple DNS query. > 4) VPN connection. > > You will find that connections #1 and #3 are marked with CONNMARK1 and that > connections #2 and #4 are marked with CONNMARK2. So what you end up with is > two very ""light connections on CONNMARK1 and two much heavier connections > on CONNMARK2. > > The connections did end up "load balanced" (in a manner of speaking), or > "distributed" (is probably a better way to describe it) across the multiple > CONNMARKs. However, if you look at the utilization of the two CONNMARKs or > the physical connections they represent, you will find that one is way under > utilized and the other is probably saturated. > > However, with out doing some relatively nasty things (i.e. spoofing which > requires support upstream) there is little that you can do about this. > > So, you do end up distributing the connections, but not necessarily load > balancing. > >> thank! > > You are welcome. > > > > Grant. . . . > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
