[ previous ] [ next ] [ threads ]
 From:  Fred Wright <fw at well dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Load Balancing ...... maybe this one
 Date:  Sat, 22 May 2004 19:07:11 -0700 (PDT)
On Sat, 22 May 2004, David Rodgers wrote:

> > You'd better have lots of CPU available if you want to interpose a TCP
> > proxy in series with every connection.
> not every connection ... just connections from the outside to the inside
> server pool in a round robin fashion

Oh, *that* kind of load balancing.  I thought you meant *outbound* load
balancing, which is a recurring request here.

> I tested one of these (pydirector not balance) last night with smtp 
> connection to 4 machines natted behind the pydirector machine. It was an
> amd k6-2 350 machine with 256mb of memory and it sustained several
> hundred connections per second withought a blush. pydirector doesn't act
> as a proxy just a connection redirector. 

If the data passes through the program, even unmodified, it's a proxy.  
The page you linked to calls it a proxy.  Even in concept, this requires
converting the data from packets to a stream and back to packets.  Doing
this entirely in the kernel wouldn't be cheap, and doing it in userland
adds context-switching overhead and additional copying.  Applying this to
most traffic on a modest-performing machine that's also the firewall and
NAT router could create a bottleneck.

A more efficient method would be with "smart NAT", but I don't think
that's possible without kernel support, even if the actual decisions are
made in userland.  An API for "userland-controlled NAT" would have a
number of uses, though.

> > Not to mention being pretty useless without multiple WAN interfaces. :-)
> Are you on crack ... why would load balancing be useless without
> multiple wan interfaces? If your sole purpose for doing this was high

Misunderstanding.  See above.

					Fred Wright