On Sat, 22 May 2004, David Rodgers wrote:
> > You'd better have lots of CPU available if you want to interpose a TCP
> > proxy in series with every connection.
> not every connection ... just connections from the outside to the inside
> server pool in a round robin fashion
Oh, *that* kind of load balancing. I thought you meant *outbound* load
balancing, which is a recurring request here.
> I tested one of these (pydirector not balance) last night with smtp
> connection to 4 machines natted behind the pydirector machine. It was an
> amd k6-2 350 machine with 256mb of memory and it sustained several
> hundred connections per second withought a blush. pydirector doesn't act
> as a proxy just a connection redirector.
If the data passes through the program, even unmodified, it's a proxy.
The page you linked to calls it a proxy. Even in concept, this requires
converting the data from packets to a stream and back to packets. Doing
this entirely in the kernel wouldn't be cheap, and doing it in userland
adds context-switching overhead and additional copying. Applying this to
most traffic on a modest-performing machine that's also the firewall and
NAT router could create a bottleneck.
A more efficient method would be with "smart NAT", but I don't think
that's possible without kernel support, even if the actual decisions are
made in userland. An API for "userland-controlled NAT" would have a
number of uses, though.
> > Not to mention being pretty useless without multiple WAN interfaces. :-)
> Are you on crack ... why would load balancing be useless without
> multiple wan interfaces? If your sole purpose for doing this was high
Misunderstanding. See above.