[ previous ] [ next ] [ threads ]
 
 From:  Andrew Lewis <andrew at coastal dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  LoadBalancing revisited
 Date:  Fri, 13 Feb 2004 08:51:48 -0500
I have two internet connections.  One is a 3Mb link and the other a 10Mb 
link.  It's not enough to get a decent BGP configuration going.  I use a 
single freebsd based router with ipfw handling source addresses based 
routing to determine the proper link to deliver the traffic.

I'm interested in getting outbound load balancing.  I have the Nexland 
box, I also have a newer Sonicwall product with their "Enhanced" OS that 
does load balancing based on stateful connections.  Their "balancing" 
system involves defining a percentage of traffic per WAN interface, 
which tends to behave well.  They both work with light load but under 
medium load things fall apart.

Apparently the Nexland unit uses an algorithm to pick which interface at 
stateful connection is sent out on.  There's a weight system but for the 
most part if the client opens multiple connections (say HTTP) it's 
possible some of the connections will be delivered over one link and 
some over the other.  That creates its own share of fun with websites 
that rely on source IP for session handling.  I'm interested in getting 
rid of this unit- the support pretty much dried up.

 From what I can see the Sonicwall uses a similar algorithm but instead 
of it being per connection it's per host.  Just a minor wrinkle that 
doesn't "load balance" quite as well, but it achieves a better user 
experience on those broken websites.

Both fail when it comes to statefulness.  I can't say this enough.  A 
UDP dns query eats a state entry.  In my case I only have two Squid 
boxes on the lan side and the WAN side connected to my internet network. 
  Each squid box has its own dnscache instance and during the day the 
state tables overflow roughly every 35 minutes.  I haven't yet found a 
way to get the units to do something more intelligent with DNS packets.

I would love to use my soekris boxes with m0n0wall instead of these 
"load balancers".  Is there any more work in that direction?